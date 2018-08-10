Seemingly harmless acts by employees can lead to data breaches

Cyber threats are a very real problem for small businesses.

According to the Ponemon Institute, a research center focusing on data protection and security, a little more than one-third of data breaches are caused by people, such as a careless employee or a negligent contractor.

Those breaches can happen even from a simple click on a malicious link in an email — and that is why proper training is so important.

In most cases, the weakest link can be employees — from rogue email attachments to telecommuting, cybercriminals can creep into otherwise secure networks, the institute found.

IDTheftSecurity gives tips on their blog to train staff and make sure no weak links are in the workplace.

The first tip for employers of a small business is to quiz employees— randomly give multiple-choice quizzes a few times every year to keep information fresh in their minds.

Next, check workstations. This includes looking for post-it notes with sensitive information such as passwords and properly locked cabinets.

The company also recommends planting a spy. Hire someone in the security business that no one knows whose job is to trick employees into giving up sensitive data, they wrote.

Back to email links, the company suggested staging fake phishing attacks to see what employees click a “malicious” email link.

However, they also say not to embarrass your employees — don’t criticize those who fall for the traps; instead, help them understand why they need to be on guard.

It’s important if your business must adhere to government regulations to warn staff members about legal ramifications. Security breaches could result in possible criminal, financial or legal repercussions, according to the blog.

Measures should also be in place on how to ask unfamiliar people for credentials or asking a stranger what they’re doing in the building.

According to IDTheftSecurity, employees should be instructed to always contact a supervisor or security person at the first sign of something suspicious.

Repetitiveness is key to a successful security-awareness program, so employers should make learning ongoing and interactive, but should vary questions and formatting to forego employees memorizing answers.