How to Create a Security Culture at Your Company

Stylized padlock illustration

As more companies make the switch from working off of bulky desktop computers to laptops that travel to and from home networks, it’s important for business owners to create a security culture their teams can get behind no matter where they bring their work. Keep in mind, a breach of a work laptop at home can still compromise your business and customer data. 

There are easy ways to get your employees on board and prevent breaches from happening to your business. It all stems from building a security culture in your business.

Stay Up To Date

Keeping your machines and apps up to date is the most simple step you can impress on your team. When you receive a notification that you need an update, don’t ignore it—and don’t let your team ignore it. In fact, encourage your team to crave these updates and shift away from the mindset of worrying about the changes the update may bring. These updates are typically released when there are important fixes to a security bug and opting not to update may mean leaving yourself open to an attack. 

Staying up to date doesn’t stop with installing new systems updates. You should also remain vigilant about which employees have access to the many systems you use to run your business.  Does that employee really need access to all your files—or just a select few? 

As a business owner, you should have an access control policy and a process to grant and remove team members from each of your systems. An access control policy will also be helpful in the event a device is lost or stolen. This way, you can shut down the device or change the password in the event the device is hacked. 

Put your accounting on autopilot.

Scalefactor dashboard screenshot

[email protected]$$word$ Matter

Passwords are an important layer of your cybersecurity defense. Breaches happen all of the time and the best way to keep yourself safe is by keeping your passwords unique. If you use the same password for everything and one account becomes compromised you will have to quickly update them all. Compromised credentials can also find their way into “for sale” areas of the dark web. You can check to see if any of your passwords have been leaked through services like Have I Been Pwned or Avast Hack Check

You can improve your passwords by making them passphrases. Passphrases are based on a sentence and, because of this, they are pretty complex for computers to figure but easy for you to remember. For example, you could make your passphrase “SecurityGoalsFor2k20!” to show your commitment to strong cybersecurity in the new year. “SecurityGoalsFor2k20!” is a whopping 20 characters long and meets most password requirements for capital, numeric, and special characters. 

Adding another layer of security on top of your passwords—or passphrases—like multi-factor authentication (MFA) will keep you even more secure. MFA proves you are, in fact, you through three methods:

  • Asking for something you know, like your password or the first concert you attended.
  • Connecting to something you physically have, like your cell phone.
  • Identifying you based on appearance (who you are), using your fingerprint or face.

Even if someone figures out your password—something you know—they won’t be able to access your account without the additional authentication steps. These additional steps are typically a code either sent to or generated by your MFA authenticator app on your phone—something you have. 

Passphrases are pretty complex for computers to figure but easy for you to remember.

Of course, all this effort will be for naught if your entire team doesn’t adopt the same standards for their passwords. Regularly prompting your team to update major passwords, like the one they use to log in to their computers, and reminding them of passphrase rules and best practices will keep password strength in the front of their minds. 

Report Security Incidents

90% of all cybersecurity breaches start with a phishing email, which is why it’s so important to educate your team—and yourself—about security threats. Set up an easy-to-remember process for your team to follow so they don’t “take the bait” and can report the incident to your mail provider. Gmail and most mail apps have capabilities built in to report phishing and spam in your email. 

Encourage your team to err on the side of caution and to report any emails that seem questionable to you or your IT team, rather than investigating them alone. 

Creating a more secure internet doesn’t fall on one person or company, but together we can all do our part to create a safer web experience for everyone. Security is a global responsibility. We should all be excited to take part in growing the future of cybersecurity at our homes and offices. 

Interested in learning more about how to protect your business? Check out our latest cybersecurity blog post about implementing security measures on a shoestring budget.

Reader Interactions

Put your accounting on autopilot

Schedule a free consultation today.

Scalefactor dashboard desktop graphic