Nov 12, 2019
How to Teach Staff Members About Data Security
All right. I've got a funny episode today. I've just been talking to a business and we put them up to the “let me hack you” challenge. Yes, it is exactly what it sounds like. We're the good guys and we jump in and try to hack your systems like the baddies could and see if we can get in. Now, okay, much to their dismay we got in, they were not impressed.
Get more tips on how to protect your data at dorksdelivered.com.au
Staff Need to Be Educated
Now this happens. People don't like thinking that they've got something that's secure that's not. People don't like thinking they've got an inferior product. But what it comes down to most all the time is your staff. We need to talk about how to get your staff involved in data security and how businesses can get staff to take data security seriously. I'm going to be cruising through some training tips to make sure they're doing the best by your business and hopefully the best by themselves personally.
Don’t Believe Everything You Hear
So, let's start off with tip number one. Don't believe everything you hear. Whatever someone's trying to sell you, there might be some other ulterior motive there that you're not seeing. A great example would be Facebook. You're getting this fantastic ability to connect with your friends, but they're also selling off your information and ultimately you are the product that they're selling. Nothing is what it seems. So you need to make sure that you're aware of that. When someone calls you up from Westpac or Commonwealth Bank or National or something like that and they say that there's been a data security issue, press one to continue if your name is XYZ, then that is potentially fraud. They might be tricking you. And that is something you need to be on your toes about.
So first step first, make sure that you're aware of exactly who you're talking to. There are so many programmes and applications out there such as Lyrebird and a bunch of others that allow for you to have your voice taken, your voice print taken and then used against you to log into bank accounts, change people's mortgages, do all sorts of crazy stuff we shouldn't have access to do. You need to be on your toes. How do you go about fixing that? How do you fix that problem? The best thing would be make sure that your answers aren't something that you'd ever answer. If someone said, "What are your favourite coloured socks?" You'd be like, "That's a weird question." Instead of what's your mother's maiden name? Come on guys.
Make Security Questions Hard
Be a bit more diligent with those security questions. That is tip number two. If you're going to be listening to someone on the other end of the phone, make sure they can tell you as many details about you as you can tell. That's tip number one. Make sure you know who you're talking to. Be diligent. Think about what their ulterior motives are. Tip number two is don't have stupid security questions. Make sure that you're able to be secure with the questions that you've got and that if anyone asked you, whatever that question is, you have your ears prick up and you think, "What is that? Why would they ask me that? Why would they ask what my favourite coloured socks are? Such a weird question." And you think the answer would be white because most of them are white or black or whatever. So you need to make sure that you're on top of that.
Watch Out for the Free Stuff
Free, free, free is tip number three. Free things are not always free. There's always some catch. That can be that your email address is being harvested and sent off to someone else. Don't BCC, CC or to a bunch of email addresses because any one of those gets hit and you're up shit creek and you need to then have your email go on to someone else's mailing list, which then means they're getting paid a pumpteenth of nothing to your email address spammed and sold off. So make sure that you're not sending lots and lots of people the same emails. Send them all separately or make sure to BCC them in blind carbon copy instead. That's a simple one that so many people don't do it. It surprises me how many emails get hacked because people are not doing that.
Spam Filter is a Must
Tip number four, that invoice that you received, remember that invoice from that company you'd never heard of that you opened up, you double clicked on and then you got a virus? Why did that ever happen? You should always make sure you have edge protection. Make sure that you have your emails going through a spam filter. Make sure that's something that you do. That is a hundred percent. After that, they might still get through. It's kind of like data security isn't like you are secure or you're not secure. It's very, very variable. You're more secure or you're less secure. If there's a new virus that's come out, no one's combated it. That goes for computers, that goes for people. It just goes for anything really. If there's a new virus that's come out, there's not going to be an antibiotics to get over that. So you need to make sure that you are combating as best as you can and make sure that your computers are vaccinated as best as they can be. That doesn't mean that nothing will get through, but at least if you get sent that random invoice from that company you've never heard of, you don't open it.
Don’t Open Unverified Invoices
That goes for companies you have heard of as well. If you have heard of the companies, still probably don't open it. If they don't normally send an email to you with an invoice attached, or if they've written something that doesn't sound like they would have normally written, such as, "Hello, invoice attached, urgency, emergency," which we had a customer yesterday that had that happen. So make sure that you're aware of what is meant to be sent to you. Don't click on things you're not meant to click on. Don't look at stuff at work that you shouldn't be seeing.
Test Your Staff
Now, you might be thinking, "Crap man, we've got so many staff. How's this ever going to happen? We're going to have to train everyone up and everyone might click on things they shouldn't." The great news is there's a few different products that you can use that will actually test your employees. So there's one that we use called KnowBe4. What it does is it allows for certain emails to be sent to your staff that look legitimate to see if they click on them so you can test hundreds of people at once and then change around your security policies within your business accordingly. The last thing you want is the meat sitting in the seat to cause a vulnerability in your business. Let's be honest, that is where the vulnerability sits 80% of the time. As much as we'd love to think that the code monkeys and code jockeys that are sitting there doing their thing and just making it really, really poorly, most of the time it comes down to the people in the seat that are giving away information they're not meant to be. That could be your customer's information, that could be your personal information, that could be any sort of IP, that could be whatever it is. So, KnowBe4 is a fantastic tool to be able to test them and their email etiquette. As I already said earlier, another tool that we find is absolutely invaluable is the ability to make sure that all of your inbound emails and outbound emails are filtered in a way that lets you know that there's no garbage attached to them, there's no viruses attached to them, or fewer viruses.
The Final Word
As I said, it's not bullying and it's not yes or no, it's not black and white security. It is you're more secure or less secure. Ultimately anyone that wants to get in somewhere will work out a way to get into it and that's what it comes down to. My beautiful partner Sarah, I can comfortably say there was no way that I was ever going to get with her, but persistence broke down her walls and security is exactly the same. And that's how you can all end up with really beautiful networks. So, make sure you're persistent with your staff, make sure you're on top of any of their hygiene around security, data privacy and generally the way they deal with breaches. You don't want them to be taking data security anything less than one hundred percent seriously. I hope you've enjoyed this, and if you have, jump across to iTunes and leave me some love, stay good.