网络安全建设步骤_3个简单步骤使员工保持最新的网络安全-CSDN博客

网络安全建设步骤

Worried that your business might fall victim to a phishing scam, a malicious link, or ransomware? It’s a reasonable fear given the rise of cyberattacks over the past decade. What’s worse is that despite the best efforts of brilliant minds, the attacks keep coming and they’re coming from ever-more-sophisticated sources.

担心您的企业可能成为网络钓鱼诈骗，恶意链接或勒索软件的受害者？考虑到过去十年来网络攻击的增加，这是一个合理的担忧。更糟糕的是，尽管有才华横溢的人尽了最大的努力，但攻击仍在继续，而且它们来自越来越复杂的来源。

That’s why your employees are such an important part of your cybersecurity strategy. It doesn’t matter how thorough your firewalls and monitoring software are, it means little if your employees haven’t been trained to recognize threats when they appear.

这就是为什么您的员工在您的网络安全策略中如此重要的原因。防火墙和监视软件的全面程度无关紧要，如果您的员工没有经过培训就可以识别威胁的出现，那将毫无意义。

If you want to protect your business from cyber threats, it’s up to you to make sure your employees have the proper training. Here are a few ideas to get you well on your way to a secure business information network.

如果您想保护您的企业免受网络威胁，请确保您的员工接受了适当的培训。这里有一些想法，可以帮助您顺利进入安全的商业信息网络。

对员工进行网络安全政策教育 (Educating Employees on Cybersecurity Policies)

Starting with a clear set of policies should be the first step you take. If employees have guidelines to refer to and follow at the very beginning, you’re more likely to be able to stop bad habits before they start. Ideally, it should be a major portion of any employee orientation and as part of an orientation packet.

首先应采取一套清晰的政策。如果员工从一开始就有参考和遵循的准则，那么您更有可能在开始之前就停止不良习惯。理想情况下，它应该是任何员工入职培训的主要部分，并应作为入职培训的一部分。

Give them a copy of the policies in writing their first day on the job.

给他们一份政策，以书面形式写出他们在工作的第一天。

The first policy outlined for new employees should be your password policy. Include such requirements as using at least one number, one symbol, and one capital letter. You could even go so far as to require that the capital letter not be the first letter of the password, nor the number or symbol be the last. Encourage your employees to create passwords that break obvious expectations.

为新员工概述的第一个策略应该是您的密码策略。包括使用至少一个数字，一个符号和一个大写字母的要求。您甚至可以要求大写字母不是密码的第一个字母，或者数字或符号不是最后一个。鼓励您的员工创建打破明显期望的密码。

In addition, remind your employees to not write their password down and to change their password every three to six months.

另外，请提醒您的员工不要写下密码，并且每三到六个月更改一次密码。

A simple password policy can go a long way in protecting your network. In the end, set policies give your employees the guidance they need to stay well within cybersecurity best-practices.

简单的密码策略可以大大保护您的网络。最后，设定的策略为您的员工提供了所需的指导，以使其始终遵循网络安全最佳实践。

利用办公室间消息传递和电子邮件 (Make Use of Interoffice Messaging and Emails)

When new cyber threats rear their ugly heads, you need to get the word out to your employees sooner than later. Forewarned is forearmed, and if they come across the latest threat, they’ll be less likely to be caught off guard.

当新的网络威胁浮出水面时，您需要尽早将信息传达给您的员工。预先警告是可以预知的，如果他们遇到最新的威胁，他们就不太可能措手不及。

The simplest, quickest way to inform employees of new threats is to send out a quick company-wide text notification or email. These messages or emails don’t have to be particularly involved. A simple link to an article outlining the latest threats should be sufficient. The point is to bring as many people in your organization up to speed as possible without having to make it a day-long chore.

通知员工新威胁的最简单，最快的方法是发送公司范围内的快速文本通知或电子邮件。这些消息或电子邮件不必特别涉及。只需简单地链接到概述最新威胁的文章即可。关键是要使组织中尽可能多的人加快工作速度，而不必花费一天的时间。

You don’t necessarily have to do it yourself. An office manager or IT team member can be given the responsibility of sending out the company-wide messages. Assign them the responsibility of checking cybersecurity news every week or two and make sure that employees know as part of their initial orientation to always check emails from these employees.

您不必自己做。办公室经理或IT团队成员可以负责发送公司范围内的消息。指派给他们每周或每两周检查一次网络安全新闻的责任，并确保员工知道作为其最初方向的一部分，以便始终检查这些员工的电子邮件。

进行定期的培训 (Conduct Regularly Scheduled Training)

Handouts at orientation and some emails or text messages here and there aren’t enough by themselves. While they’re both effective tips, you should take things a step further and establish a system of regularly scheduled training sessions to keep staff up to speed on the latest cybersecurity developments both inside and outside of the company. This will also impress upon your employees exactly how serious you take cybersecurity as a business practice.

定向讲义以及此处的一些电子邮件或短信，仅靠这些讲义还不够。尽管它们都是有效的技巧，但您应该更进一步，并建立定期安排的培训课程系统，以使员工紧跟公司内部和外部的最新网络安全发展。这也将使您的员工印象深刻，即您将网络安全视为一种商业惯例。

These sessions don’t have to be long. Every three months, a 30-minute to an hour-long session should be sufficient to cover a quick rundown on current cybersecurity policies and practices along with mention of the latest threats to be on the lookout for. That leaves plenty of time to cover an additional topic at each session such as the importance of software patching, what a phishing email looks like, or what to do when you suspect a cyberattack has occurred and you fear that business or customer data has been compromised.

这些会话不必太长。每三个月进行一次为时30分钟到一个小时的会议，应该足以涵盖当前网络安全策略和实践的快速精简，并提及需要关注的最新威胁。这样一来，您就可以在每个会话中留出大量时间来讨论其他主题，例如软件修补的重要性，网络钓鱼电子邮件的外观，或者怀疑网络攻击发生并且担心企业或客户数据受到破坏时应该采取的措施。。

When all is said and done, the greater the emphasis you place on caring about cybersecurity, the more your employees will pick up on that and do their part in keeping your business and customer data safe. And if all else fails, simply remind them that a serious enough data breach could result in a significant enough loss of business that it may affect your ability to stay operative.

一言以蔽之，您对网络安全的重视程度越高，您的员工就会越多地采取这种行动，并尽其所能来确保您的业务和客户数据的安全。并且，如果其他所有方法均失败，则只需提醒他们，严重的数据泄露可能会导致足够多的业务损失，从而可能影响您的运营能力。

When it comes to cybersecurity, maintaining best practices is in everyone’s best interest.

在网络安全方面，保持最佳实践符合每个人的最大利益。

Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.

感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门故事的链接。 您可以随时取消订阅。