Anyone who works in information security is constantly juggling multiple risk scenarios. At their most extreme, information security threats can pose an existential threat to a business. Empowering your employees so that everyone plays their part in minimizing those threats can be a game-changer for your business. Ivan Milenkovic, Group Chief Information Security Officer at Webhelp, explains how you can help your people keep themselves – and your business – safe from digital harm.

In an organization like Webhelp, we understand that we’re the guardians of vast amounts of our own – and our clients’ – data. Failing to protect that information is simply not an option for our business. That means, in part, empowering all our people to take ownership of information security. It means building a digital culture at Webhelp that helps to inform and educate our people so they are able to protect themselves and our customers.

The most important message we focus on is helping our people understand that there needs to be a clear demarcation between their public and private selves. The last few decades have seen the digital space between those two worlds shrink until it has effectively disappeared. If you went to work at any point in human history before the age of the internet, your life at home versus your life at work, were two completely distinct spaces. The technology you needed to do your job only existed in your office or on your shop floor.

A few decades ago you didn’t need to remember a handful of passwords to get through daily interactions, and you didn’t have a work laptop or phone to worry about keeping safe. There were no social networks designed to quietly collect as much of your personal data as possible in the background, in order to sell it and monetize it back to you in the form of targeted ads. Truly, the analog world was a simpler place.

Nowadays it’s a very different picture, and our behaviors can have severe consequences. The ever-growing disparity between the complexity of global tech platforms and the level of technological literacy most people have means that it’s absolutely key to frame your messages in the real world. That’s why it’s so important to couch your messages in language everyone can understand, ideally with real-world consequences that are easy to visualize.

Let’s take a look at some of them.

What happens in Vegas, stays…on the internet.

With this message we’re talking about how the repercussions of a costly, damaging mistake can, these days, be captured and stored forever. If a digital asset gets out of an individual’s possession it can escape forever. Approximately 90% of all the data that has ever existed has been generated in the last few years, and those volumes grow each year exponentially. Losing control of your own personal data is bad enough. But if that data loss happens at work, then the potential scale of the impact is much more consequential. Sending company data outside of the company network might be tempting for a whole host of perfectly legitimate reasons, but there is always a trade-off to be made with security.

Don’t feed the phish

Phishing is when someone poses as a legitimate organization to lure people into providing personal, sensitive data. We all like to think that it’s only ‘other people’ who fall into this digital trap, but that kind of misconception plays right into the hands of the phishers. As their scams become more complex, the chances of any of us mistaking one of them as legitimate, rises.

It could be an email pretending to be from Paypal, for example, informing you that someone has attempted to log in to your account from an unknown device. They ask you to click on a link to confirm your identity, which takes you to a bogus website that imitates PayPal to log in to your account – login details are then captured. It’s so easily done, particularly since so many of us use our phones from the moment we wake or go to sleep.

So don’t click on links from unrecognized senders, particularly if it’s asking you to confirm financial or password information, or download files or open attachments. It’s always a good idea to click on the sender’s email and check it’s from a legitimate and recognized email address.

Treat your password like you treat your pants

By which we mean, change them regularly, don’t share them with anyone, and keep them private. This helps prevent your accounts from being compromised. If you do get hacked, regularly changing your password means there’s a smaller window for attackers to be able to access your accounts.

Only you should know your passwords to keep others from accessing your accounts. Don’t even mention them to people you trust. Always keep them hidden and never write them down. Finally, make sure your P@$$w0rd5 are strong, and keep them somewhere safe, like a password manager application (rather than a piece of paper).

Again, we’re trying to use language and messaging that helps to open people up and hear what we’re saying. It’s an unexpected metaphor but it works because it’s a simple, real-world example that anyone can relate to.

Choose your friends carefully

So much of our online behavior would look very different if we moved it into the real, offline, world. If a stranger walked up to us in the street and asked to be our friend, would we say yes instantly and start sharing all our thoughts with them, along with photos and videos of our nearest and dearest? Almost certainly not.

Yet that behavior is common on social media. It’s easy to share something, but it’s harder to know who’s seen the information, even if you remove it. Every single day millions of people give away reams of their personal information in games, quizzes, and memes shared online. Date of birth, family names, places of birth, you name it and someone somewhere is sharing it on a social network, where it can be taken and used by scammers. The consequences can be severe – and expensive.

Again, you wouldn’t empty out your wallet or purse in the street and let someone wander off with the contents, so why not take a little of that real-world caution across to digital spaces? Always make sure you know who your friends are and who you’re connected to. Be aware of the kind of information you’re sharing on social media, and remember to adjust your social media privacy settings, so you are in control of what information others can see.

There are no shortcuts

Ultimately, all of this messaging comes down to a simple truth that every employee needs to hear. A customer experience business like ours only exists because our clients trust us with their most precious asset: their brand and all the customer data that comes with it. There’s nothing we take more seriously and there absolutely can’t be any infosec shortcuts. It’s why we put so much effort into helping our people be safe online, whether that’s at work or at home.

If you’re looking for a partner who takes your information security just as importantly as you do, then get in touch with us. 

Contact Us