Getting Employees to Take Security Seriously

One of the most overlooked security risks for small businesses today comes from the most unlikely of places: your own employees. Non-business-related Internet use by employees such as online shopping, Web surfing, and the personal use of corporate e-mail can not only drain productivity from your business, but it may also open you up to any number of security risks. Thus, it is in your best interest to frequently remind your employees of some of the steps they can take to limit these risks:

1. Never assume. Make sure all Web sites are using SSL encryption while entering personal information. That means looking for a padlock or a key symbol.

2. Storing information is dangerous. Don’t allow sites to save a username or password. Also avoid providing a work e-mail address as contact information.

3. Avoid the avoidable. If the deal looks too good to be true, it probably is.

4. Don’t open attachments. E-card e-mails do not include any attachments. If you receive an e-card notification with an attachment, delete it immediately and then empty your deleted e-mails folder.

5. Know what to look for. A legitimate e-mail notification will come from the sender’s e-mail address, not,, and so on. If you receive an e-card from "friend," "parent," or "colleague," it’s very likely it comes from a spammer. When in doubt, delete.

Jim Lippie President Staples Network Services Lawrence, Mass.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE