10 Essential Things Companies Should Teach Employees About Security

By Don Reisinger  |  Posted 2009-10-29 Print this article Print

News Analysis: As many security systems as an organization might have, the last line of defense rests with the employees. That's precisely why companies need to do a good job of educating employees about security. Employees have to be directly engaged in the IT security process.

When it comes to enterprise security, ensuring that sensitive data doesn't find its way out and beyond the control of the office is a major concern for most companies. That's why they enlist the help of security software, hardware systems and anything else that can possibly keep data secure. It's a smart plan. And for the most part, it does help companies keep much of their data secure.

But there is another major security hole at many companies: the employees. Too often, it's the average employee who allows malicious hackers to make their way into corporate files, steal sensitive data and wreak havoc on productivity.

That's why companies need to teach their employees about security. They need to remind them about the dangers of letting malicious hackers into the network. And they need to do it now.

Here are 10 things every company should teach its employees about security.

1. E-mail is a killer

One of the easiest ways malicious hackers can make their way into a corporate network is through e-mail attachments. Hackers spoof the sender's address, making recipients feel comfortable; when the employee opens the attachment and allows an executable file to run on the system, trouble erupts. Companies need to remind employees to only open attachments from trusted-even impeccable-sources that are about relevant and current business. There's no telling what might be hiding in attachments from random e-mails that make it through the corporate spam filters.

2. Social networks can't be absolutely trusted

Too often, employees believe that a social network like Facebook or Twitter can be trusted. Any link on the site can be safely opened, they reason. They're wrong. Facebook has been hit by security issues. Twitter users have gotten in trouble by clicking links in tweets that brought them to malicious sites. Social networks can be dangerous. Employees need to realize that.

3. Keep definitions up-to-date

It might be annoying when a security program wants to run virus definition updates once a day or sometimes several times a day. But it's a necessity. Employees that ignore those updates are putting themselves, their computers and their company at risk. Whenever a definition message pops up, employees should be taught to download those definitions immediately. There's no telling what's out there just waiting for that computer that hasn't been updated.

4. Deploy security patches to everyone

Although many companies patch Windows centrally, there are still some organizations that don't automatically update users' computers. When that happens, employees need to be aware that updating their Windows installations is just as important as keeping their virus definitions updated. An unpatched Windows is an unsafe Windows. 

Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel