The primary reason why the human race has been able to make startling progress in this new century is because of relentless technological innovation. Today, people take technological miracles for granted. They are not surprised that a smartphone is actually a pocket-sized computer or startled that Uber is planning to tentatively roll out self-driving cars.

However, this giddy progress also has its shadow side. While innovative computer engineers are working in think tanks to reshape our world, there is also an underground network of cyber criminals who are just as busy trying to siphon off corporate assets.

Today any company online is vulnerable. Targeted attacks by hackers aren’t just directed at large corporations with millions or billions in assets. They are also directed at small to medium enterprises (SME’s) because these are the low-hanging fruits.

Why Advanced Security isn’t enough

Unfortunately, relying on the best security software is not enough.

Yes, high quality security can protect a company’s computer system from its endpoint-to-network-to-cloud from both present and emerging threats. Yes, it’s easy to safeguard mobile devices, networks, data centers, and the cloud so authorized users can access their work from the office or at home. And yes, it’s possible to preempt new threats quickly, detect data breaches fast, and provide solid protection to data in physical environments, virtual environments, and cloud environments. But despite all this, computer systems are still vulnerable to cyber threats.

While security technology is more than a match for well-organized gangs of cybercriminals, there is a weak link, and that weak link is people.

If you want to keep your computers and your networks safe you can’t rely on advanced security technology alone, you also have to ensure that your employees understand their roles in protecting sensitive data, resources, and assets.

Why Employees are the Weak Link

Here’s an analogy to explain why employees are the weak link in protecting a company’s computer systems:

There are millions of people who drive cars. While most of them know how to drive, they are clueless about what to do if the car breaks down. They are drivers, but not car mechanics.

Similarly, in a company, almost all desk jobs have employees who know how to use the software they need to use for company business but they don’t know much about computers in general. So, for example, the employees in the Accounting Department know how to navigate around the features of a spreadsheet or accounting software, but they aren’t aware of much else. They have little to no understanding about hardware, software, or networking.

It is this weakness that hackers exploit. They might do it through a phishing attack or by pretending to be an irate customer on the phone who can’t access their account information. In other words, employees who don’t understand the security aspects of a computer system are innocent enough to be duped by simple cons. For instance, they don’t know what a firewall is or why encryption is important.

How to Train Your Employees

While it’s not necessary to retrain employees outside their sphere of expertise, it’s important to put policies in place that explain use best security practices, how to identify risks, and how to avoid getting fooled by any type of con.

Here are 3 examples of things employees need to know regardless of what work they do on the computer,

1. How to avoid adding unauthorized files or programs to their computers.

Your employees need to have clear rules about what files they can download from emails or a website, as well as what programs never to install. Employees must not only understand these rules, but abide by them at all. Hackers often slip in apparently innocent-looking files or programs that open up security vulnerabilities.

2. How to create strong, alphanumeric passwords.

By default, most people choose passwords that they can remember. These are often the names of people or pets, favorite dates, or sayings and slogans. Hackers are very good at trying out a variety of permutations based on a person’s personal information.

The best passwords should have words, numbers, and characters, and they should be at least 12 characters long. Since passwords may be difficult to remember, they should not be stored digitally, but written down and kept in a safe place away from the computer. Accounts can be made even more secure by using two-step authentication.

3. How to avoid link bait.

Hackers often seed malware behind link bait. These links may be hiding in social media posts, online advertising, instant messages, or email attachments.

Often employees believe they know the source and think the link is harmless. Unfortunately, it’s easy to hack into someone’s email or social media list of contacts.

Employees also need to know how to use spam filters to keep their inboxes clean.

Training Employees

Advanced security systems are not enough to safeguard computers. Security policies have to be put in place that lists all possible security vulnerabilities. Once this is compiled, employees trained to abide by them.

Essentially, employees need to learn good judgment when interacting with customers or going online. They need to be aware of the possibility of a threat attack.

What’s more everyone in the company needs to be trained to exercise good judgment regardless of the nature of their work or their position in the company, everyone from entry level workers to upper management.