The best way to keep your company’s sensitive information out of the wrong hands is to have a comprehensive cybersecurity defense, combining advanced technology with employee vigilance. We’re sharing cybersecurity tips for employees, and it all revolves around education.
Why Educating Employees on Cybersecurity is so Important
While establishing a strong perimeter defence is a good start for your cybersecurity program, have you planned for the eventuality of a security breech? When a malicious email or text sneaks through to an employee, they better know how to respond.
According to a recent Pricewaterhouse Coopers survey, 86% of business executives expressed concern about cyber threats and lack of data security.
As cybersecurity becomes more sophisticated, so do hackers, infiltrating IT infrastructures with increasing frequency and skill. According to the FBI, phishing was the most common type of cybercrime in 2020, with losses from business email compromise skyrocketing over the last year.
So how do you avoid becoming another cybercrime statistic? Preventing data leaks by educating employees on what it takes to protect proprietary documents and data is key. Remember, it’s not just potential financial losses. A successful cyberattack can damage your industry reputation and lose customer trust.
Take Physical Security Precautions
The importance of a clean desk is often overlooked when it comes to data security, but it helps keep paper assets secure. A messy desk can also make it difficult to realize something is missing, such as a folder containing printouts with customer data.
When leaving your desk, be sure to lock your computer screen with password protection, put away any documents, mobile phones, or USB drives, shred documents before recycling, and close and lock file cabinets.
You should also avoid writing usernames and passwords on visible slips of paper or sticky notes, or display calendars for all to see.
Stay Vigilant for Email Threats
Social engineering is a non-technical, malicious activity that exploits human interactions to obtain information with the intent to gain access to secure devices and networks. Cybercriminals often pose as credible, trusted authorities.
An example of social engineering is an email where an employee is asked to contact a tech support hotline and is tricked into giving up credential information.
Phishing Email Compromises
Phishing is a key threat for employees, with attempts to acquire sensitive information such as usernames, passwords and credit card data via email. Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way.
Common Phishing Techniques
Commonly used email tactics can be embedding links that redirect users to an unsecured website requesting sensitive information, installing Trojans via a malicious attachment, or spoofing the sender address to appear as a reputable source and requesting sensitive information.
How to Block Phishing Attacks
A few simple steps and checks will allow you to block Phishing attacks. To start,never give out your personal and financial information via email. Always inspect the website, looking for the “https” to indicate the site has applied security measures, and check the URL for variations in spellings or a different domain.
Be wary of emails requesting information of any kind, instead reaching out directly to the business through other means to verify the request.
And lastly, utilize the latest operating system, software and web browsers, as well as antivirus and malware protection.
Want to learn more about how to block phishing attacks? Download our eBook for all the details.
According to Verizon’s 2021 Data Breach Investigations Report, 96% of cyberattacks arrive by email.
Follow Best Practices for Username & Password Management
Employees should always avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords, according to Splash Data, are those that use a series of numbers in numerical order, such as “123456”.
It is also important to avoid common usernames, such as Username, administrator, Administrator, User1, Admin, and so on.
How Attackers Exploit Weak Passwords
Most websites don’t store actual username passwords, but they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. The weaker the password, the easier it is to break the password hash.
Take a deeper dive into password security. Download our eBook for a list of common word mutations hackers use to identify passwords if they feel they have a general idea of what it might be.
9 Tips to Strengthen Your Password Security
- Change passwords at least every three months for non-administrative users and every 45 to 60 days for admin accounts.
- Use different passwords for each login credential.
- Avoid generic accounts and shared passwords.
- Identify and change weak or duplicate passwords.
- Pick challenging passwords that include a combination of letters (upper and lowercase), numbers and special characters (for example, “$”, “%” and “&”).
- Avoid personal information such as birth dates, pet names and sports.
- Use passwords or passphrases of 12+ characters.
- Use a password manager such as LastPass.
- Don’t use a browser’s auto-fill function for passwords.
Whenever possible, use two-factor authentication. This advanced security technology requires users to authenticate their ID with a passcode received by text. This approach ensures that end users not only know their passwords but also have access to their phone.
Don’t Neglect Mobile Security
Mobile security is an increasing concern as more employees connect to corporate networks through their own (often multiple) devices. These devices, not being under company control, pose greater risks to security.
Mobile Device Security Challenges
Mobile device security challenges include lost, misplaced or stolen devices, mobile malware arriving via text messages, and unsecure third-party apps that can serve as a gateway to the device’s operating system.
Unsecured public Wi-Fi can also pose a risk. Hackers in the vicinity of or on the same network can overtake a device and capture sensitive data in transit.
How Employees Can Secure Their Mobile Devices
Employees should start by setting a PIN or passcode, enable remote locate tools to help locate lost or stolen devices, and use an antivirus and malware scanner to keep it clean.
Up your mobile security game with a Mobile Device Management (MDM) solution. An MDM platform gives businesses the ability to enforce the use of passcodes and apply geofencing capabilities.
Download our Cybersecurity Tips for Employees eBook for an even more in-depth look at workplace cybersecurity issues and solutions. It’s a useful reference and employee training tool for businesses of any size.
– Before you continue reading –
Cybersecurity Tips for Employees eBook
Download our Cybersecurity Tips for Employees eBook for an even more in-depth look at workplace cybersecurity issues and solutions. It’s a useful reference and employee training tool for businesses of any size.
Always Practice Secure Website Browsing
There are plenty of threats lurking online. Some may seem obvious, but others can be well hidden, like Malvertising. A form of malicious code, Malvertising distributes malware through online advertising. It can be hidden within an ad, embedded on a website page or bundled with software downloads, even on a site you may think trustworthy.
Social media platforms can also harbour threats, with common Facebook hacks and attacks including click-jacking, phishing schemes, fake pages, and more.
To avoid falling into a hacker’s trap, stay alert online. Be wary of all online downloads, interact only with well-known, reputable websites, and don’t follow links from email.
Websites are one of the most common sources of attack. This makes keeping up-to-date browsers paramount for all employees. Find the complete list of website browsing best practices for employees in our eBook. Download your copy now!
The Benefits of Partnering with a Managed Services Provider
A Managed Services Provider (MSP) that focuses on IT security will help support your cybersecurity defenses. The MSP will keep employee devices updated with the latest antivirus software, provide security assessments and offer guidance on how to mitigate mobile security risks.
We recommend choosing an MSP that can provide complete endpoint management, scanning downloaded apps and devices for viruses and providing a heads-up if malicious activity is detected.
Follow These Cybersecurity Tips for Employees for a Combined Defence of Education and Technology
Strong cybersecurity begins at the frontline with your employees. Armed with the knowledge shared in this blog article and eBook, they’ll be able to work proactively to make sure sensitive information does not fall into the wrong hands.
Let’s talk about your needs and how we can help with Managed IT services! In today’s world of advanced hackers, it’s more important than ever to have a comprehensive cybersecurity defense. Download our Cybersecurity Tips for Employees eBook today. It’s a useful reference and employee training tool, providing an in-depth look at workplace cybersecurity issues and solutions.