Back to News

Most security professionals will tell you that the most vulnerable spot in a company’s digital security net isn’t any particular technology—it’s the users themselves. While digital protection policies start at the top of a company, every team member needs to be an active participant.

It’s wise for tech leaders to develop a set of digital protocols that apply across the company. Below, 12 experts from Forbes Technology Council share their tips for vital steps all employees need to take to ensure robust digital security.

1. Starting Security Education Early And Refreshing Often

Education is key. To help protect Elastic from attacks targeting our workforce, we provide a program based on communication and training to all personnel with access to Elastic systems, regardless of role. We establish policies in new-hire onboarding and insist on continued education via annual refresher courses throughout an employee’s tenure. – Kim Huffman, Elastic

2. Regularly Testing Security Awareness

Take constant tests and quizzes. My team has found this practice to be most effective when it comes to protection and security, as well as for staying up to date in the matter of new additions. After all, it is the most effective way to ensure that your company’s security rules and regulations are learned and well-remembered through time. – Daria Leshchenko, SupportYourApp Inc.

3. Using A Password Manager

It starts with password security. We require employees to use a company-provided password manager to generate and store strong, unique passwords for each account. While it’s required for use internally, it’s also an employee benefit we encourage people to leverage for personal accounts. A compromised personal password reused in a work context could enable criminals’ easy entry into your network. – David Endler, SpyCloud

4. Practicing Good Credential Hygiene And Enabling Auto-Updates

We strongly recommend all employees practice good credential hygiene. That means not using weak or default admin/system passwords; instead, consider using a strong phrase. Also, ensure your employees have proper security training to avoid phishing attacks and downloading malware. Lastly, enable automatic updates for the operating system you are using and update as recommended. These should be table stakes but are often forgotten practices. – Gaurav Banga, Balbix

5. Implementing Two-Factor Authentication

Digital protection starts with active security protocols. All employees should utilize two-factor authentication on all logins, as 2FA acts as a kind of “double lock,’’ securing private information while validating user identity. While a basic security protocol, it’s one way to ward off potential hackers with the added benefit of reminding everyone within your organization that security is there. – Robert Weissgraeber, AX Semantics

6. Using A VPN

Most executives feel the shift to remote work has increased the need for data loss prevention strategies and for good reason: Not all employees share the same security priorities. Tapping into unsecured Wi-Fi networks is just one example. Yet, the solution that can and will cover a lot of ground is to encourage employees to use a virtual private network before signing on. Encryption is key. – Meghann Chilcott, EHR Data

7. Purging Outdated, Unused Data

What all employees should be doing but usually don’t is purging outdated, unused data. Any data no longer needed for daily operations is a nuclear asset that increases the “blast radius” of harm if a business is breached. To manage and protect digital properties properly, companies should create annual mandates on cleaning out outdated, unused data to create good hygiene habits. – Caleb Barlow, CynergisTek

8. Replace Or Supplement Web-Based File Sharing

Utilize a unified file sharing application internally either alongside or instead of something Web-based such as Google Docs, which may be more prone to data breaches. This will not only keep internal data and documents safely stored, but it can also help protect any sensitive client information. – Andrew Jornod, VertexOne

9. Not Sending Sensitive Info To Personal Email

Never send sensitive company or client information to personal email accounts, even if it’s just to print a document out at home. Although the action is often well-intentioned, valuable data now sits in an environment that is not secured by the company, leaving it vulnerable to cybercriminals, and your company could be at risk of breaching data protection regulations such as GDPR. – Edward Bishop, Tessian

10. Limiting Access To Consumer Data

At Infocepts, we take customer data privacy very seriously. Our need-to-know policy is enforced, and only associates who need access to customer data are provided access to the systems and data stores. Data flow across project teams is restricted by physical and digital controls. Systems-based controls are coupled with training so associates are fully aware of why data privacy is crucial and how to ensure it. – Shashank Garg, Infocepts

11. Not Clicking Unknown Email Links

Since digital assets are very valuable to an organization, one key protocol is not to click on any links in emails that come from untrusted members or unknown sources. Conducting separate employee training with email protection software will go a long way to help. – Buyan Thyagarajan, Eigen X

12. Reporting Anything Out Of The Ordinary

If you see something, say something. If someone notices something out of the ordinary, such as an unusual piece of code or a newly created file, they should immediately report it. By definition, hackers and their activities don’t belong in the environments they target, so it is up to everyone to identify when things are out of place and up-level it to those who can prevent further intrusion. – Fabrizio Blanco, Viant Technology