skip to main content
Business IQ

How protecting your information security leads to staff empowerment

Mike Doman
Technology Journalist

Mike Doman is a technology, lifestyle, industrial and education writer

Mike Doman
Technology Journalist

Mike Doman is a technology, lifestyle, industrial and education writer

Your information security is only as strong as its weakest link and that weak link is often the human element. Cyber security is a human problem. That’s why it is critical to invest in staff awareness so they know what to do to prevent your organisation being breached.

In a modern business, cyber security is everyone's responsibility. It's important to develop a culture of cyber awareness in your team so they can play their part in minimising business risk.  The internet, email, cloud use and apps all work to keep business running.  However, it is this interconnectedness that means cyber-crime can now happen at a pace, scale and reach that is unprecedented.  To counter this potential threat, it is important to make sure your staff are aware of the potential cyber security threats and play their part in protecting your valuable information at all times.

A photo of a woman from behind working at an office desk

"Information is power" – it's an age-old saying more relevant than ever. Your data is one of your most valuable assets, not just the business' own sensitive data but also customers' data. This is even more the case today with the 2018 changes to the Privacy Act. Unfortunately, many businesses are rather lax when it comes to using cyber protection keeping this valuable asset safe, even though a serious data breach could bring the business to its knees.

How cyber secure is your business?

Take our cyber security quiz to find out.

Take quizHow cyber secure is your business?

Lock it down with an effective cyber security policy

Empowering employees to protect business data starts with establishing effective cyber awareness programs and having accessible, plain-English cyber security policies. These should start with a focus on password-protecting computers and handheld devices which contain, or can access, business data. In addition to this, a company cyber security policy on staff using their own devices at work is crucial.

At a minimum, a cyber security policy for small businesses should guide staff behaviour and cover effective password management, such as a minimum length and complexity as well as a ban on using the same password for different services. Password managers are worth considering. You should also enable two-factor authentication  where available, to offer an extra line of defence for business systems and online services. You may want to also consider having good processes around reviewing who has access to what information in your business (both staff and external suppliers) and making sure that staff who no longer need access no longer do. This is essential cyber security housekeeping often overlooked by many businesses. It would be like not collecting the keys from the previous 10 tenants that leased your rental property. 

It's important to tighten up cyber security procedures across the board, not just on a few key systems. Supply chains are critical when working out who has access to your valuable information and how they might be looking after it. Your suppliers should also protect your valuable information - several well-known breaches have been through supply chain vulnerabilities.

Enable your encrypt email settings

An email is like a postcard - it can be intercepted and read in transit.  Don’t assume all email is secure email. A growing number of websites enable HTTPS encryption to stop third parties eavesdropping on your online activities. However, staff should always look for the padlock symbol and the 'https://' in a browser's address bar when using services like online banking and webmail.

The encryption settings in your web browser or security software will often warn you if a website looks suspicious, checking for an invalid security certificate or malware embedded in the page. It's easy for your team to develop warning fatigue and simply click OK to every pop-up notification, so it's important to train them to remain vigilant and ask for assistance when in doubt.

Your business should also further enable encryption with the extra protection of a Virtual Private Network when your team members work away from the office. This will help to protect their online activities from prying eyes. It's an especially important security precaution when using public Wi-Fi and Ethernet networks in locations like cafes, airport lounges and hotel rooms.

Be aware of phishing and thinking twice before clicking

A healthy sense of paranoia is one of the best defences when it comes to cyber security. Most businesses rely on email as a key business tool so clicking on links is necessary. But some links come with more than business opportunities.

Cyber criminals looking to steal your valuable information will use a phishing attack as a way of gaining access to your company and your valuable data. Rather than promising something too good to be true, like winning the lottery, most phishing emails often pretend to be something too mundane to be alarming – such as an overdue utility bill or notification of a missed parcel delivery. But always look carefully at the email - - were you expecting a bill? Were you expecting a delivery? Why would the police be emailing an infringement notice to your work email? Could it in face be a scam email? 

All staff need to think twice before clicking on links in emails or opening attachments, as these can infect a computer with malicious software designed to steal passwords or perhaps encrypt the computer's hard drive and hold your data to ransom. 

Businesses are also vulnerable to targeted "socially engineered" scam emails, which are tailored to trick specific people in your organisation.  The "engineered" aspect is that they appear to come from other staff members or people you know. They all have the same intention of getting the recipient to click on the link or do something that will allow them to gain a foothold in your organisation. 

These socially engineered scam emails can be harder to detect but the same rules apply: - staff should always approach links and attachments with caution. They should not be afraid to query whether an unusual requests might be a phishing attack, or ring the person or organisation purporting to send the email on their published phone number and check with them.

Building cyber-aware staff is key.  Cyber security is as much a human issue as it is a technical issue, so having staff who are aware of the risks and how to manage them can make all the difference in this interconnected world.

*Originally published on March 30th 2016. Updated December 2021..

Get expert help and advice with your devices, systems and software.

Telstra Business Cyber Security Services

Find out moreGet expert help and advice with your devices, systems and software.
Trends
How to spot a gap in the market: The minds leading the non-alcoholic drink movement

Paying attention to evolving customer needs is essential for any small business. Australian drinking culture has been changing over time. The Australian Institute of Health and...

Productivity
Productivity
How to upskill on a budget: Our guide to the best online courses

Training and upskilling can be a great way to keep your employees inspired. It can also help to fill any knowledge gaps for small business owners – like you – who wear many hat...

Growth
Growth
Selling… on TikTok? The surprising success of these Aussie brands

Since launching in 2016, TikTok has become a social media giant. The platform is a destination for unparalleled viral reach potential, where unknown users with one popular vide...

Growth
Growth
How Freddy’s Pizza harnessed delivery platforms while keeping their in-store customers #1

Third party delivery platforms like Uber Eats play a big part in how customers find and interact with small hospitality businesses. But they have their pitfalls. Freddy’s Pizza...