There is no dispute that data breaches are becoming more common, and as a result, online safety and the protection of personally identifiable information (PII) are hot topics in the mainstream media. Therefore, the month of October presents an excellent opportunity for all businesses, especially midsize businesses, to remind employees about their responsibilities when it comes to protecting corporate data.
Here are my top ten tips to share with employees during Cyber Security Awareness Month:
 Complex Passwords
All passwords should be at least 10 characters and include lower and upper case letters, numbers, and symbols. If your employees need assistance in creating complex passwords, share this password strength evaluator from Microsoft’s Safety and Security Center:
 Browser Security
Make sure that employees use secure browsers when accessing company webmail from offsite and with mobile devices, which means that the browser is HTTPS and not HTTP. Also use a sandbox program that will keep viruses and malware from entering the computer through the browser. A few examples of sandboxing include Sandboxie, VirutalBox, and BitBox.
 Abbreviated Links
Before clicking on any abbreviated links, determine the entire URL. Here’s a site to assist your team: http://urlxray.com/
 Emails and Attachments
Make it a practice to NOT open emails and attachments (especially JPEGs) from unknown senders, and do not use Preview Pane, because it’s akin to opening emails.
 BYOD Policy
Implement a Bring Your Own Device (BYOD) policy and train employees on the why’s and why not’s. And, make sure that your leadership team also abides by the policy. In addition, the leadership team and IT Department should create the policy together.
 Social Media Policy
Implement a social media policy and train employees so that everyone understands who maintains the official voice of the company on all social media platforms. Make sure that departments understand who maintains the social platforms because you don’t want departments fighting it out in public. Also include a statement if employees are required to include “Views are my own” in their bios if they reference the company name in their profiles. Above all, remind employees that once they post something online, it takes on a life of its own and cannot be removed. Therefore, it’s critical that they abide by the mantra that they should not post anything that they would not want their boss or grandmother to see online.
 Disaster Recovery Plan
Implement a disaster recovery plan and train employees on a regular basis so that everyone knows how to access corporate data in the event of a disaster and the planned amount of time that data may not be accessible.
 Cloud Computing
In today’s era when everyone uses the cloud, develop a plan for what employees can store in the cloud. There should be a policy for storage and for access. For example, it may make sense for some documents to be stored in the cloud so that many employees can access the same document, but it may not make sense for entire departments to access the document or for some documents to even be stored in the cloud.
 Non-Approved Software
Seen any good games lately? I’m sure your IT Department has. Employees always try to circumnavigate sysadmin protocols and download unapproved software. Make sure that your company’s user permissions are not strong enough to allow any downloading of software before it is reviewed and approved by the IT Department. You certainly don’t want any mysterious software to cause havoc to your network.
 Back Up
Lastly, remember, it’s not if you lose your data, but when, so back up, back up, back up.
Here’s to a safe Cyber Security Awareness Month!
To learn about how your team can participate in activities throughout October, visit the website of the Department of Homeland Security:
The National Cybersecurity Alliance’s mission is to educate and empower a digital society to use the Internet safely and securely at home, work, and school – protecting the technology that individuals use, the networks they connect to, and our shared digital assets. Learn more at:
“A Penny for Your Privacy?” by Chris Taylor and Ron Webb via @HarvardBiz
Image Credit: ddpavumba via FreeDigitalPhotos.net
This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.