When considering ways to protect your business from cyber attack, one of the most overlooked network security threats you face may be your very own people. Is it because of some underhanded motivation to sabotage your business? Not likely. In most cases, it’s because your workforce is simply unaware of the security risks.

Tip #1 – Secure Hardware. You already have security measures in place to secure your servers, network, data centers and storage. But none of that will matter if someone walks off with one of your employee’s laptops. You can use cable locks for this, and position it as a positive – that your employees’ work is valuable and so are they. Require employees to log off their system whenever they leave their desks – even if they are just going to the restroom. This will help safeguard against any “insider threat,” like a disgruntled employee mucking with their machine.

Tip #2 – Secure Connections. Make sure your VPN is operating optimally, for when remote employees log into the network, or when office employees log in from the road. This may sound like a no-brainer, but remember the RSA hack in 2011? No one questioned that the two-factor SecurID tokens could be vulnerable (until, of course, it happened.) Don’t assume that just because you have a VPN system in place, that all is well. Keep up with the latest patches, upgrades and vulnerabilities; and be proactive about keeping it all up-to-date. In this era of remote workers and BYOD, securing connections in and out of the network is critical.

Tip #3 – Create Phishing Attack Gurus Among Your Employee Base. When a phishing attack is successful, it usually means that the systems in place to prevent such an attack have failed. Even so, the employee usually takes the brunt of the blame. During a session at RSA Conference 2015, Ira Winkler, president of Secure Mentem, speaking on the subject of phishing attacks said, “In the end, it is a minority of people who end up actually clicking on phishing messages, but all it takes is one. There is no such thing as a perfect countermeasure.”

Avoid putting your dedicated employees in such a situation, and instead, teach your employees about the insidiousness of phishing attacks. Show them examples of how a well-constructed email with a company’s logo and seemingly legit email address can have dire consequences if the employee clicks on the link provided (potentially depositing malware into the network.) Teach them how to mouseover the link so they can see where the link really goes.

Tip #4 – Don’t Enforce – Engage. Don’t make employees feel like they’re living in a fortress, or that they’re being scrutinized as network security risks. Help them feel like they’re an integral part of your company’s security culture by making training and compliance rewarding. Celebrate the successes of “employee watchdogs” by promoting them in your internal newsletter or in regular email blasts.

By taking these four steps, you can help create a culture of security and awareness while fostering shared accountability for cyber risk. Employees that are trained, engaged and part of the cybersecurity process are allies, not risks. With an empowered workforce, you can strengthen the scope and depth of your cybersecurity strategy.

Learn more about educating your employees on IT security in the workplace >>

Another way to capitalize on the human element of cybersecurity is to engage the support of experts, like those at Resilient Intelligent Networks. A systems integrator and partner of Fortinet, Resilient offers best-of-breed technologies and services in networking, data security and firewall implementation. Our dedicated, experienced team can help you develop and deploy the networking solutions and employee it policy and enterprise strategies you need to meet your biggest cybersecurity risks, head on.

Is it time to analyze the security of your network and employee activity within it? Check out 4 Reasons You Should Conduct a Cyber Threat Assessment>>