Your staff have the potential to affect your business operations and reputation if they don't have smart online practices and stay secure online. Don't assume that they will understand the security risks they might be taking.
Many businesses simply do not include internet security as part of their day-to-day business. It is important, though, to develop a 'culture of security'. Businesses need to not only have security measures and programs in place, but also make sure staff are aware of and follow internet security policy.
No matter how good your business procedures, people will make mistakes. Managers and staff forget to log off, do not change their passwords, or neglect to download and install the latest software patches because they are too busy.
Raising awareness about online security is an important part of protecting your business.
- Develop clear rules for staff so that they understand what they need to be aware of and their responsibilities. You should also have clear policies on personal use and what is, or isn't, allowed.
- Provide induction training for new employees. It is a good time to introduce staff to your security polices and practices.
- Sign up for our free cyber security alert service. Put online security as a regular item on the agenda of your staff meetings and highlight any relevant warnings.
On this page
- Develop and maintain clear policies
- Provide security training for all employees
- Provide induction training for new employees
- Keep staff up-to-date
Develop and maintain clear policies
If your staff have access to work computers then you need to have clear policies about appropriate use and ensure staff understand their responsibilities regarding securing your information and equipment.
You may need to make a distinction between work and personal use. You may choose not to allow personal use at all or may choose to limit it to specific times or activities.
Provide security training for all employees
As part of developing a security culture in your business, provide general security training for your employees covering:
- updating and running security software
- using and protecting passwords
- using email safely: e.g. avoiding hoax emails and phishing, managing spam
- safe browsing practices: e.g. avoiding hoax websites, browser settings, how to tell if an e-commerce or banking website is secure
- using social networking websites: e.g. code of conduct for discussing work or colleagues online.
Provide induction training for new employees
When employees first start with your business it is important that you outline your security policies and/or practices before you issue them with a password to log on to their computer. This general induction should cover:
- who can access and use equipment
- what is considered acceptable use and what isn't
- requirements for creation, use and protection of passwords
- procedures for logging off and securing equipment at the end of the day
- personal email and internet usage
- protecting sensitive company information
- requirements for storage and transfer of work data
- procedures if business equipment is lost or stolen.
Keep staff up-to-date
It is important that you staff are aware of new security threats.
- Sign up for our free Cyber Security Alert Service.
- Put online security as a regular item on the agenda of your staff meetings and highlight any relevant warnings.