Take a moment to survey your office and the people sitting behind computers. Or, if you have a remote workforce, picture your employees in their home offices or on the road, all within arm's reach of a laptop or mobile device. These individuals, whether you realize it or not, play a vital role in protecting your company from a security breach.
You can install all of the latest and greatest security innovations, but if your employees aren't properly using these technologies and adhering to safe computing practices, you may be more at risk than you think. Many small businesses don't have an onsite IT staff, so it takes time to get employees to understand and then take proper action to maintain data security. But your business and its valuable data are worth it.
To ensure that your team is ready to defend your business to the best of its ability, begin by ensuring that your employees do the following:
1. Use email responsibly. Hackers and scammers have become very sophisticated in targeting individuals via their email accounts. Malicious intruders often try to persuade email recipients to take actions that can expose business and personal information without employees even knowing they've done anything wrong.
Related: 5 Easy-to-Use Tools to Make Business Email More Secure
To protect your valuable business information, advise employees to:
• Exercise judgment before opening email attachments. If they are suspicious of an email or email attachment, they should not open it.
• Be especially wary of any attachment with a ".exe" filename extension, which may begin executing a program as soon as the attachment is opened.
• Manually scan attachments with antivirus software before opening or downloading to your computer.
• Be sure the option to automatically download attachments is disabled. Some email programs offer automatic download as a convenience, but it can lead to trouble if a harmful attachment comes through.
• Use complex email passwords to make it difficult for hackers to access email accounts. Passwords should include upper and lower case letters, numbers and punctuation marks or other symbols.
The U.S. Computer Emergency Readiness Team has a number of other helpful tips on how email users can protect their systems by using caution with email attachments.
2. Be cautious about wireless internet connections. Wireless internet connections are a remote worker's best friend. Yet, public wireless hotspots can be notorious access points for cybercriminals because they are open networks that do not encrypt data, emails, passwords or any other information transmitted across them. If employees have the choice between a secure wireless connection, which will require a password, and a public hotspot, they always should choose the secure connection.
Related: 3 Scary Online Security Mistakes to Avoid
Because employees may sometimes need to use a public hotspot, they should know how to make sure their firewall is on, how to disable file and printer sharing, and how to make folders private. These tasks can be managed through every computer's System Preferences or Control Panel, where security, internet and user settings can be reviewed and adjusted. Advice on how to manage these tasks can be found in your computer's help and support index.
You also can safeguard data by protecting it on a corporate network or in the cloud. There are numerous cloud storage options for small businesses. Available through Microsoft's Office 365 offering, SharePoint Online allows users to create online sites to securely store, manage and share files with colleagues and customers. It's priced at $8 per user per month with an Office 365 subscription, or $4 per user per month for the standalone service. Another cloud storage solution is CloudBerry Labs' Cloud Drive offering, which allows businesses to store and backup to their cloud vendor of choice simply and seamlessly, starting at $29.99.
3. Use smartphones conscientiously. Smartphone use adds an entirely new layer of complexity to managing your data security. These days, employees commonly conduct work-related tasks from their personal mobile devices, opening new gateways for security breaches.
Develop a Bring Your Own Device (BYOD) policy that provides parameters on how and when employees can use their personal mobile devices for work purposes. The policy should include specific guidelines for smartphone security, such as a password policy, a list of supported devices and others that are not allowed to connect to the network, and protocol for installing applications, which can become easy entryways for malware.
Smartphones also can be easily misplaced or stolen, so take steps to prevent a data breach if this occurs. You can require employees to use mobile tracking services offered by carriers, such as AT&T's Mobile Locate or Verizon's My Mobile Recovery, to find the location of lost devices, remotely lock them or erase data. For more assistance in developing a BYOD policy that's right for your business, consider getting guidance from a local IT provider or expert.
Related: 3 Tips for Beefing Up Password Security
Based in Redmond, Wash., Cindy Bates is vice president of Microsoft’s U.S. SMB Organization.