There are certain digital security principles—like creating strong passwords—universally applicable to everyone in the office, whether you’re an intern or an executive. But just as each department fulfills a distinct role in a business, each requires a distinct set of cybersecurity priorities and best practices to focus on.
To stay ahead of threats in an increasingly hostile cybersecurity landscape, IT needs to provide each unit with tailored training that reflects its needs. Here are some department-specific concerns to keep in mind.
Sales: Make room for mobile security
Sales teams are characterised by their mobility. Employees in sales tend to be out and about—networking, nurturing prospects, meeting with clients, and attending events. As a result, they rely heavily on mobile devices to be productive. Sending emails from the road, taking notes after meetings, and entering information into a CRM while on the go are all regular parts of their work lives—which means mobile device security must be a top priority for sales teams.
It’s no secret a mobile device can represent a security vulnerability, but employees outside the IT team may not realise the magnitude of this vulnerability. In fact, internal mobile security awareness was highlighed as a major challenge for 31 percent of Australian businesses surveyed for Telstra’s 2018 Security Report. Part of the problem is the speed and convenience of these devices, which can seem antithetical to security best practices. Faced with strict security guidelines, employees may cut corners, but lax security can also leave an organisation exposed. It’s all about striking a balance.
Take passwords, for instance. The most secure passwords are long, random, and contain multiple character types. However, those types of passwords can be a pain to enter, especially on a mobile device. Most users don’t have the patience to manually enter arduous passwords every time they sign into a network. Instead, they may feel inclined to create an easy password, opening the network to risk.
You’ll need to work with the sales team to explore more convenient—but still secure—options, such as:
- Two-factor authentication
- One-time passwords
- Biometric authentication
- Password managers
Each of these solutions can ease the log-in process without compromising digital security—it’s just a matter of figuring out the right solution (or combination of solutions) that works for your business. But once you select a solution, you need to make sure your users understand its value and will follow through on security best practices.
Take biometric authentication, for instance, a security process that relies on biological characteristics (like a fingerprint) to verify if the user has the correct permissions to access a device. For the salesperson in the field, this will protect their phone or other mobile device from being accessed by others—only they can get through the authentication process by pressing their fingerprint to the scanner. From IT’s perspective, it’s a matter of making sure every device—whether company-provided or not—is set up with that authentication and each user understands how to use it and why.
Finance: Shield your highly sensitive data
One particular cybersecurity risk faced by the finance department is the phishing scam. Finance teams work with highly sensitive and valuable information—the type of information hackers are most eager to get their hands on. Even the finance teams at companies like Google, which prides itself on having strong security practices in place, can fall prey to these scams (to the tune of $100 million).
According to the international Anti-Phishing Working Group, over 100,000 unique phishing websites are detected each month. Phishers are getting craftier and more sophisticated every year—often leveraging the wealth of information on the internet and social media that makes impersonation even easier.
A security strategy for your finance team should emphasise how to identify and avoid phishing scams. Education is key, since employees can’t avoid phishing scams if they don’t know what to look for in the first place. The most effective scams are the subtle ones.
Of course, Phishing 101 is to avoid clicking on links or downloading attachments from unknown senders. But what about emails from known senders that seem a bit off? If a link or attachment doesn’t come with appropriate context, employees need to know they should scrutinise the text of URLs and seek confirmation from the sender. Organisations should also consider holding regular anti-phishing training sessions to improve an employee’s ability to avoid fraudulent links.
HR: Close the gaps in your print environment
Employees in the HR department need to deal with a lot of documents—contracts, resumes, benefit administration forms, and so on—which means a lot of printing. Printers are an essential part of the HR team’s workflow, but printers often go overlooked in digital security strategies.
Print security must be a top priority for HR. These employees should know how to print sensitive documents without worrying they’ll be intercepted by hackers. In addition, unclaimed print jobs are one of the most common ways sensitive data gets exposed. Rather than leaving the print jobs in the tray, organisations need to utilise secure pull print capabilities that require the user to authenticate at the device before printing documents.
The best way to maintain high standards of print security is to deploy devices that come with built-in security features, provide continuous monitoring to detect and stop attacks, and possess self-healing capabilities. In these cases, the devices themselves do most of the security heavy lifting, so you and your IT team are free to focus on more strategic work.
Brand-new employees: Share your IT security best practices
Human error is often the main source of a security breach. Up-to-date technology and strong policies only go so far if people continue to make mistakes that leave an organisation vulnerable. Even interns and entry-level hires need to be equipped with security best practices.
For example, while an intern who’s only been working with the organisation for a few months may not need a dedicated corporate smartphone, they can disrupt the entire company’s workflow by using their personal phone. Everyone who works for a company, from the bottom up, should receive a crash course in corporate security best practices—including BYOD policies.
In an ideal world, every department should receive a comprehensive and ongoing education in cybersecurity. Of course, there will always be overlap between each department’s security needs, which makes the task a little easier for your IT team. By setting priorities early on and creating a comprehensive security strategy addressing each type of employee, you can ensure every department has the relevant knowledge and tools it needs to keep your organisation safe.