Official TEKConn Blog

Educating employees should be an IT priority

The first line of defense against cyber threats is a staff educated on security best practices.

The first line of defense against cyber threats is a staff educated on security best practices.

All small and midsize businesses (SMBs) should have proper IT security in place, which should include both technical infrastructure safeguards and written corporate policies. In fact, one of the most effective ways to lower IT support costs is to properly educate employees on such measures.

A recent ITworld article explores common missteps companies can make that complicate matters and unnecessarily expose them to dangerous cyber security threats. Many of those mistakes can be traced back to a single point of origin.

"The most fortified network is still vulnerable if users can be tricked into undermining its security – for example, by giving away passwords or other confidential data over the phone," according to the article. "For this reason, user education should be the cornerstone of your IT security policy."

Companies need to educate employees on security best practices, including levels of sensitive information and how it should be shared – or not shared – as well as red flags to look out for and what to do when they see one. There should also be definitive criteria by which employees determine what needs to be brought to a supervisor's attention and a clearly outlined procedure for reporting such concerns.

In reality, many SMBs do not have the resources to provide such education to their employees. In these situations, IT support firms have been guiding businesses for years, helping them to avoid perilous network pitfalls.

When employees are armed with the right information, they are likely to become more security conscious in their personal interactions on the Web outside of the office. At that point, security best practices become almost second nature to them. This brings with it the added benefit of an easier implementation of bring-your-own-device policies, should companies choose to pursue that option in the future.