By Paul Carlisle for TCAJOB

Many large-scale manufacturers, construction, and fabrication companies integrate a safety program into their everyday operations — from morning safety meetings, ongoing worker training, to rewards systems for practicing safety measures. But many businesses, both large and small, fail to create even the most basic IT security program, even when the stakes are high.

Paul Carlisle,

A data breach — an incident in which unauthorized persons gain access to critical corporate or customer data — can come with significant fines for small businesses.

According to a report by the Verizon RISK team in conjunction with the U.S. Secret Service, small businesses can pay more than $36,000 to recover from a single data breach and comply with mandatory post-breach processes such as notifying customers and hiring an external investigation.

We go to great lengths to support our clients with the right tools and the right education. But, even the best IT tools in the world can’t help you unless you properly train your employees to safeguard sensitive data online and protect company IT resources.

It is employees — not viruses or hackers — that cause over half of all security breaches, either through operational error, like downloading the wrong software, or deliberate mishandling of corporate IT systems. Your employees can be the greatest gatekeepers or the greatest threat to IT security. And it all starts with proper training.

Train employees in basic security principles 

Establish a standard on safety protocols to ensure critical client information and corporate data is not exposed to security breaches. While many operate under HIPAA or PCI compliance measures, that doesn’t mean other small business owners can’t implement simple measures to train employees on what is and isn’t appropriate. For the small business owner this means putting practices and policies in place that promote security, train employees to identify and avoid risk, and establish rules on how to handle vital data.

Establishing an internal cyber safety-training program to teach best practices like creating and managing strong passwords, appropriate internet use, and software installation policies and procedures, can make a significant difference in employee cyber security awareness. Moreover, you should consider implementing a written policy that clearly spells out proper protocols, roles and responsibilities, and expectations for managing digital data and software.

Incident reporting and maintaining company resources

Downloading unauthorized software without explicit permission from a supervisor should also be strictly prohibited.

Your company should have a clear policy for what employees can download and keep on their company computers. For example, ensure your employees are aware that they cannot install any unlicensed software from unrecognized providers on any company computer. If not vetted and sourced properly, unknown software could pose a serious risk for downloading malicious software, corrupting your data, and opening security vulnerabilities in your network.

Employees should also be educated on how to handle incident reporting in the event their computer becomes infected by a virus or is experiencing unexplained errors.

Training should involve recognizing and reporting legitimate warnings or threats in order to mitigate risks and prevent a possible breach. For example, training employees how to spot possible phishing scams — a sophisticated hacking technique where an attackers tries to retrieve data like passwords and login information by posing as legitimate company — stacks and additional layer of repellant against possible security breach.

Theft is also a big concern for small businesses. The rise of mobile devices provides an additional layer of security risk. It’s important to train your employees on protecting their computers from theft by keeping them always in safe location and locking them with strong passwords. Important corporate documents should be routinely backed up and stored safely. Your employees should also be responsible for running regular updates to the virus protection software updates and other security software on company computers.

Combining solid IT security technology, employee training programs, and data protection policies can significantly improve a company’s security efforts and protect small businesses from costly data breaches or malicious viruses. At elevate, we understand that establishing IT policies and placing technical defenses can be costly and time-consuming if not maintained properly. Engaging an IT managed service provider in your IT policy ensures you can keep costs manageable and threats preventable.