used with permission from Tektonika (HP)
There are certain digital security principles—like creating strong passwords—universally applicable to everyone in the office, whether you’re an intern or an executive. But just as each department fulfills a distinct role in a business, they also require a distinct set of cybersecurity priorities and best practices.
To stay ahead of threats in an increasingly hostile cybersecurity landscape, IT needs to provide each unit with tailored training that reflects their needs. Here’s what you should keep in mind.
Sales teams are characterized by their mobility. Employees in sales tend to be out and about—networking, nurturing prospects, meeting with clients, and attending events. As a result, they rely heavily on mobile devices to be productive. Sending emails from the road, taking notes after meetings, and entering information into a CRM while on the go are all regular parts of their work lives—which means mobile device security must be a top priority for sales teams.
It’s no secret a mobile device can represent a security vulnerability. Part of the problem is the speed and convenience of these devices, which can seem antithetical to security best practices. Faced with strict security guidelines, employees may cut corners, but lax security leaves an organization exposed. It’s all about striking a balance.
Take passwords, for instance. The most secure passwords are long, random, and contain multiple character types. However, those types of passwords can be a pain to enter, especially on a mobile device. Most users don’t have the patience to manually enter arduous passwords every time they sign into a network. Instead, they may feel inclined to create an easy password, opening the network to risk. You’ll need to work with the sales team to explore more convenient—but secure—options, like two-factor authentication, one-time passwords, biometric authentication, and password managers. Each of these solutions can ease the log-in process without compromising digital security.
One particular cybersecurity risk faced by the finance department is the phishing scam. Finance teams work with highly sensitive and valuable information—the type of information hackers are most eager to get their hands on. Even the finance teams at companies, like Facebook and Google, which pride themselves on having strong security practices in place, can fall prey to these scams (to the tune of $100 million). According to the Anti-Phishing Working Group, over 100,000 unique phishing websites are detected each month. Phishers are getting craftier and more sophisticated every year—often leveraging the wealth of information on the internet and social media that makes impersonation even easier.
A security strategy for your finance team should emphasize how to identify and avoid phishing scams. Education is key, especially since employees can’t avoid phishing scams if they don’t know what to look for in the first place. The most effective scams are the most subtle ones. Of course, Phishing 101 is to avoid clicking on links or downloading attachments from unknown senders. But what about emails from known senders that seem a bit off? If a link or attachment doesn’t come with appropriate context, employees need to know they should scrutinize the text of URLs and seek confirmation from the sender. Organizations should also consider holding regular anti-phishing training sessions to improve an employee’s ability to avoid fraudulent links and identify weak points.
Employees in the HR department need to deal with a lot of documents—W2s, contracts, resumes, benefit administration forms, and so on—which means a lot of printing. Printers are an essential part of the HR team’s workflow, but printers often go overlooked in digital security strategies.
Print security must be a top priority for HR. These employees should know how to print sensitive documents without worrying they’ll be intercepted by hackers. In addition, unclaimed print jobs are one of the most common ways data gets exposed. Rather than leaving the print jobs in the tray, organizations need to utilize secure pull print capabilities, requiring the user to authenticate at the device before printing documents.
You should also make sure data stays encrypted in transit. The best way to maintain high standards of print security is to deploy devices that come with built-in security features, provide continuous monitoring to detect and stop attacks, and possess self-healing capabilities. In these cases, the devices themselves do most of the security heavy lifting—so you and your IT team are free to focus on more strategic work.
Human error is often the main source of a security breach. Up-to-date technology and strong policies only go so far if people continue to make mistakes that leave an organization vulnerable. Even interns and entry-level hires need to be equipped with security best practices. While an intern who’s only working with the organization for a few months may not need a dedicated corporate smartphone, remember that they can disrupt the entire company’s workflow by using their personal phone. Everyone who works for a company, from the bottom up, should receive a crash course in corporate security best practices—including BYOD policies.
In an ideal world, every department should receive a comprehensive and ongoing education in cybersecurity. Of course, there will always be overlap between each department’s security needs, which makes the task a little easier for your IT team. By setting priorities early on and creating a comprehensive security strategy addressing each type of employee, you can ensure every department has the relevant knowledge and tools they need to keep your organization safe.