How to Protect Your Company's Data by Keeping Your Employees Informed

04/03/2015 02:46 pm ET | Updated Jun 02, 2015

Company data security has been a major issue for years, but recent hacks are making it an even more serious concern among small- and medium-sized business owners alike. One small breach is all it takes, and all the information your company has stored--from employee passwords to sensitive client information--could be in the hands of a hacker. That means your company could be forced to pay a massive ransom, pay advanced security experts to resolve the problem, or bite the bullet and make a public apology that could devastate its reputation.

There are many advanced ways to protect against these types of cyberattacks and infiltrations, including hiring a dedicated cyber security expert, but one of the most effective methods of prevention is also one of the simplest: keep your employees informed.

How Employee Knowledge Can Prevent and React to Threats

When you take a look at the most common ways a company's database is infiltrated, it's no wonder why simple employee knowledge and involvement can help prevent the vast majority of incidents.

Password Vulnerability Fixes

One of the most common tactics for hacking into a company's network involves the use or manipulation of existing passwords. Weak passwords, including those with few characters or those related to an employee's personal life, are easily guessed or decrypted, and can then be used to gain further access into the system. Passwords that are mistakenly given out make the process even simpler for the hackers. Giving your employees knowledge about the importance of password strength and protection should be able to prevent this possibility altogether--make your employees form strong passwords and protect them at all costs.

Phishing Prevention

Phishing is a technique that involves the acquisition of sensitive information by posing as an authoritative source. In other words, if an employee encounters a form field that appears to be legitimate and enters sensitive company information into it, they could be unwittingly sending that information directly to a hacker or schemer. Letting your employees know that phishing is a real threat can prevent them from falling for such a scheme. Simply being aware of the risks is enough to mitigate most of the potential damage.

Web Download Discouragement

In schemes similar to phishing, some hackers use web downloads to easily get outside information onto company computers. For example, if an employee visits an unscrupulous website and clicks a download button, they could unwittingly install spyware onto their company computer. Within a few days, the hacker who hosted the file would have all the information he/she needs to do some real damage to the company. You can discourage this series of events from ever playing out simply by letting your employees know about it and telling them the potential damage is real.

Manual Device Intervention

In rare cases, a physically exposed company device could be enough for a hacker to infiltrate the system. For example, if a company laptop is left idle in public, a hacker could plug in a USB device and install some sort of virus or spyware that gathers sensitive information. Keeping your employees informed could help them keep better track of the company devices entrusted to them, and allow them to watch for any suspicious activity.

Unsecured Network Mitigation

Some hackers are also able to infiltrate corporate systems through an unsecured network, or through some third-party network connection. For example, if an employee's smartphone is used to access the company's wireless network, a hacker could use the device to acquire sensitive information. Discouraging employees from connecting to the company network without authorized devices in the authorized way can prevent this outcome.

Keeping Your Employees Informed

Now that you know increased employee awareness can prevent most preventable security breaches, the trick is to achieve that level of awareness. There are several different ways you can distribute this information and ensure your employees understand it, so choose one or more that best suit your company's culture.

Policy Changes

Your first step should be to make some changes to your company's Internet and tech device policies. For example, you could explicitly ban employees from opening attachments from unverified sources. You could also limit the use of wifi to only company devices.

Briefing Emails

Once your company policy is updated, it's a good idea to send out a handful of briefing emails letting your employees know when the new policies go into place. Sending multiple rounds is advisable just in case some employees miss the first blast of information. You can also send weekly or monthly "best practice" reminder emails that keep data security top-of-mind for your workforce.


In-person meetings can help you confirm that all your employees are receiving your intended information, and that they understand that information. Once a month is more than enough to keep your employees apprised of the latest data security developments, even less frequently for smaller businesses.

Workshops and Seminars

If you want to get really serious about company data security, you could also encourage your workers to attend outside workshops or seminars designed to get your employees up-to-speed on the latest threats. If you have the money to spend on this, it's incredibly valuable as a data breach prevention tool. As security breaches become more sophisticated, this type of employee education becomes even more valuable.

When your employees are better informed about the nature of cyber security, they'll be less likely to make mistakes and more likely to take immediate action if they see something amiss in the company's network. Instead of or in addition to a dedicated staff member to help prevent cyber threats, you'll have a massive network of individuals all doing their part to keep your company information safe.