Most Internet users have difficulty distinguishing or understanding whether their company is safe in the event of an eventual attack or security breach. Because generally they do not receive information on this subject, those who bear the losses linked to these attacks are not the employees, but the companies themselves, even though in many cases these problems were caused by the misuse of technology by employees.
Most companies do not pay due attention to information security and do not train employees on the correct use of the Internet. Get to know some myths and understand that everyone is responsible for internet security in companies, from employees to managers and partners.
Myth 1 – Security is an exclusive task for the IT manager and his team. It doesn't matter the resources or investment used by a company to keep it safe if security is not an integral part of the work of all employees. There are fundamental protection measures that must be incorporated into everyone's routine, from a recruiter checking a candidate's references, a financier scanning client documents on her smartphone, to the director meeting with analysts. All activities involving technology must be guided by preventive security measures.
Myth 2 – Excessive security controls irritate users. Effective security involves adjusting criteria according to the company's needs, and these vary, from a simple identity check for low-risk situations, to rigorous (and quick) checks for large-volume or high-risk transactions, in which users expect to find robust protection. Efficient security means increasing or decreasing caution as needed.
Myth 4 – The less security is discussed, the better. It is common to hear opinions like “Banks are supposed to be safe. So why attract the attention of cyber criminals?” Car manufacturers thought this way about car accidents until the situation reached an extremely critical level and solutions were created. Now, information security is a necessity, where most companies need to invest and advance. The more content and information about the occurrence of cybercrimes and security that your employees have access to, the more prepared they will be to see that security is something valued in your company.
Myth 5 – Solve security in isolation and you will be safe. It is common for many experts to evaluate or prioritize security at each level of system, device, application or data storage, in isolation. However, cybercriminals are very adept at exploiting the connections and gaps between different levels. Therefore, it is necessary for IT managers to seek comprehensive solutions that cover all levels of the company, from the physical structure of computers, servers and network infrastructure, to the daily behavior of users when accessing the Internet. If there are failures at any of these points, the company may be vulnerable to security breaches, attacks or data loss.
As we can see, implementing a security policy in companies is not a simple task. A good start is to guide employees on how to use the Internet correctly, see a step-by-step guide on how to create a manual on ethics and good use of the Internet at work.