A lot of practices need to come to terms with the fact that their employees are their greatest IT threat. As a practice manager, partner or director, you may be aware of cyberthreats to your practice, but your employees might not be. They might not know about the threat of cyber-attacks or malware. They might use unsecured WiFi on firm equipment. As a result, your employees may be putting your practice at serious risk.
What can you do to change that?
1. IT ALL STARTS WITH EDUCATION. One of the biggest reasons why employees put their employer at risk simply comes down to a lack of education. They don’t know about the threats targeting practices or that small practices are a major target of hackers and scammers.
You need to do everything you can to train your employees. Give them the education and resources to be a line of defence rather than a risk. Develop a consistent training regimen. If you need to bring in IT professionals to help, do it. Don’t make assumptions about critical IT security training if you aren’t sure. Professionals can answer your questions and make sure you and your employees have everything you need to know to keep your practice secure.
Another important thing is to hold this training regularly. Threats evolve, and you need to stay ahead of the curve. Keep IT security on the minds of your employees. When they forget about it, that’s when the risk is highest.
2. SAY NO TO UNSECURED, PUBLIC WIFI. This is a big problem for practices with remote employees, employees who work from home or employees who use firm technology outside of the practice walls. According to a Spiceworks study, 61% of employees said they have connected to unsecured WiFi while working remotely.
This is cause for concern. Connecting to public WiFi is like leaving the front door of your home wide-open while posting on social media that you’re going to be out of town for a week. You never know who is going to let themselves in and snoop around. Hackers use public hot spots to circulate malware and steal data. Sometimes they even set up fake hot spots with the same name as a legitimate hot spot to trick users into connecting to their WiFi, which makes data theft even easier.
Discouraging your employees from using unsecured, public WiFi is a good step to take, but don’t be afraid to take it further. Don’t let them connect firm equipment to unsecured WiFi at all. And place a bigger focus on endpoint security – make sure your equipment has up-to date software, malware protection, local firewalls, as well as a VPN (virtual private network). The more layers of security, the better.
3. PROTECT ALL OF YOUR DATA. Your employees should never save personal or practice data on portable/external hard drives, USB drives or even as printed material – and then take that data out of the office. The theft of these types of devices is a real threat. An external hard drive is a tempting target for thieves because they will search the drive for sensitive data, such as financial or customer information that they can use or sell.
If you have remote employees who need to access firm data, put a method in place to do just that (it should be discussed as part of your regular firm IT security training). They need to know how to properly access the data, save the data or delete it, if necessary. Many practices go with a secure cloud option, but you need to determine what makes the most sense for your practice and its security.
While these three tips are great, nothing beats helping your employees develop a positive IT security mindset. It’s all about understanding the threats and taking a proactive approach to security. Proactivity reduces risk. But you don’t have to go it alone. Working with experienced IT security professionals is the best way to cover all your bases – and to ensure your employees have everything they need to protect your practice.