Approximately two-thirds of employers do not monitor their employees’ access to social media sites, according to Media Bistro. As a result, it’s not uncommon for employees to indulge in a little Facebook or Instagram from their work computers. Although many employees use the Internet responsibly at work, a poorly articulated Internet use policy can leave your business vulnerable to hacking, phishing scams and other IT security issues.
Overhaul Your Internet Use Policy
When was the last time your business revised its Internet use policy and officially updated the employee handbook? If it’s been a few years, it’s worth investing the time and effort into crafting an update. Lay clear guidelines about:
- Checking personal email
- Appropriate use of work email
- Accessing social media accounts
- Visiting YouTube or other casual entertainment websites
Let your employee know what’s expected. This avoids finger-pointing and arguments after Internet security has been compromised.
Educate Employees About Phishing Risks
Many employees are reasonably savvy about Internet security. Most people nowadays know better than to click on an email link proclaiming they’ve won millions in a foreign lottery. However, today’s phishing attempts are often better disguised. One common version of a scam is a seemingly official email from your company’s IT department or a senior executive. The email contains a link asking employees to reset their passwords by entering their current password.
To keep employees up-to-date about the latest phishing scams, conduct Internet safety training at least once per year. Remind employees that personal information—Social Security numbers, sensitive client information, passwords, etc.—should never be transmitted via email.
According to the password management company SplashData, the passwords “password,” “123456,” and “12345678” remained the top options among Americans in 2012. Enhance employees’ password security by mandating more complex passwords. Set a character limit of at least 8, require capital letters or symbols and restrict use of names or birth dates. Even more important is ensuring that employees change their passwords frequently. Every six months, set your email client or other online system to prompt employees for a password change. This limits the potential for security breaches and keeps sensitive information safe.
Never Install Unauthorized Programs
Sure, it’s a hassle to ask an IT representative to install a new program on your machine, but this policy prevents employees from accidentally downloading malicious software. It’s easy to fall prey to hackers, malware and spyware these days—the AV-Test Institute, an Internet security company, registers more than 200,000 new malicious programs each day. To stop identity thieves, routinely scan for identity threats. Communicate these immediately to employees to prevent security breaches.
Police Personal Devices as Necessary
If your company has a bring your own device policy, security is paramount. Before allowing employees to use personal devices for business, reiterate the rules about password complexity, downloading potentially dangerous apps and software and keeping sensitive information secure. If business information resides on a personal mobile device, it must be kept safe.