Are your employees putting your agency at risk for a cyber attack?

Cyber attacks are becoming increasingly common. They can affect both small and large businesses. And many times, criminals gain access to a company’s computer network by the careless action of a company’s employee or employees. That’s why it’s so important to make sure your agency’s workers understand their responsibilities to help keep your computer system safe and secure. Start the process by:

Helping them understand the risk. It’s estimated that 60 percent of small businesses fail within six months of a cyber attack. Studies also show that nearly 90 percent of all cyber attacks could have been easily prevented. For many companies, the problem is malware. That’s malicious software designed to gain access to a network, find sensitive data and possibly steal that data. There are various types of malware, including spyware, viruses, worms and other types of malicious code that infiltrate a computer. Once malware is installed, it can allow hackers to extract private and sensitive data from your customers.

Providing training. Talk to your employees about the risk and train them to not click on links or open attachments to e-mails they are not expecting. This is one of the most common ways hackers gain access to a company’s computers. Employees also should always allow work devices to automatically install updates, which often contain important safety updates. They should also know other important ways to protect their employer’s computer systems. Well-trained employees are the first line of defense against a cyber attack.

Using strong passwords. Long and strong passwords with a mix of uppercase and lowercase letters, numbers and symbols are ideal. Set a specific timeline — such as every three months — for changing agency passwords. Here are some tips for creating strong passwords.

Avoiding personal use of company computers. Consider requiring employees to refrain from checking their personal e-mail accounts, using social media channels and surfing the Internet using company computers and devices.

Prohibiting the installation of outside programs on work computers. If a computer contains company information, you’ll want employees to avoid downloading any programs or apps on it.

Being vigilant. When outside the office, never leave work devices unattended and make sure your employees aren’t, either. Password-protect your phone or tablet and log off or lock your screen every time you step away. Use two-factor authentication. Verifying your identity twice before accessing an account can dramatically reduce the odds a hacker can gain access to sensitive information.

Backing up files and data regularly. It doesn’t matter whether you use cloud storage or external hard drives. It’s important to have a backup in the event of a ransomware attack.