Cybersecurity should be a concern for all employees at a firm (even you)! Security policies are no good if the rest of the firm’s employees don’t fully invest. The training can come in many forms, but all employees (new and old) need to stay up to date on trends so they are aware of the red flags that could be lurking in their inbox. Cybercriminals are smart and are continually evolving the threat game every single day. Without understanding the issues, employees can be considered the weak link, and will only continue to find workarounds for policies (ranging from acceptable use, network security, bring your own device, and more). We talked to our expert security team and put together our best practice list for cybersecurity that EVERY employee can easily follow.
1. Make Passwords Uncrackable
The best passwords are the ones you don’t even know. All a hacker has to do is guess your password once, and they gain access to much much more. Make your password strong and unique for each account you have. Take advantage of a passwords management site such as LastPass to help manage all of your account passwords. LastPass even automatically generates passwords that are indecipherable at a glance. One person’s easy to guess password could compromise a whole company, so being smart with password choices in imperative.
2. Go Phish
Nothing beats live training. You gain more knowledge from participating in live training than you would if you just read about the signs of an attack. Programs like Barracuda’s PhishLine and KnowBe4 (there are both free and premium plans) allow you (and other firm members) to test your awareness and how you would respond to an attack. This enables you to apply the knowledge you’ve learned directly. You’ll learn about subtle signs such as suspicious links and domains. Spelling errors can also be a dead giveaway of a potential attack. Not sure if a link is legit, open it in an incognito browser.
3. Keep Your Friends Close
Not all phishing attempts appear to come from strangers. Often, cybercriminals will impersonate friends and colleagues. If you receive a request for sensitive information (routing numbers, login info, confidential documents), pick up the phone and talk to the sender to ensure that the message isn’t fraudulent. Still not sure about an email, forward the email to your IT department so they can double check the validity of it. KnowBe4 has put together the top 10 most common phishing email subject lines below:
4. Double Down With MultiFactor Authentication (MFA)
The more barriers to entry, the more difficult it is for hackers to gain access to your data. Breaches are linked to stolen or weak credentials. MFA means that a user is must provide two types of authentication. Typically, this is a username and password plus one additional form, on a separate device (i.e., phone) a randomly generated One-Time-Passcode or push notification is created. Once the user enters their password AND code, then and only then can they log in. Even with a password, the hacker would still need the employee’s mobile phone to log into their account. It is important to note that multifactor authentication isn’t a silver bullet. Security threats are constantly evolving, but MFA is a significant upgrade to your company security posture.
5. Avoid the Lure of Public WiFi.
Work from home is becoming more and more popular in today’s society. Just because you’re working from home doesn’t mean you should throw all office security policies out the window. Using public WiFi at the coffee shop could very easily give hackers direct access to heaps of critical information. If you must connect to public WiFi, then make sure you have a VPN to ensure a secure connection.
Better yet, if you have a smartphone, you have a personal hotspot. If you have a data plan that can support it, use that over public wifi. It may not always be the cheapest option, but you can guarantee you are safe. Plus with unlimited plans becoming prevalent again, high data usage concerns are becoming a thing of the past.
6. Update, Update, Update
While they may be annoying, updates are vital when it comes to keeping your devices secure. Hackers are smart and keep up to date on the vulnerabilities that exist on out of date devices. Despite their persistently annoying reminder windows, updates are vital to maintaining the security of your applications and software. Hackers know the weaknesses of out-of-date devices. If you don’t update, you’ve essentially left a wide-open backdoor for hackers to gain access to your system and all the data inside. It’s essential to remember that updates aren’t optional, they’re mandatory.
7. Lock it Up
Even if you’re only stepping away from your desk for a moment, make sure you lock your screen. Better yet, set your screen to lock after a minute of inactivity automatically. This way, even if you forget to lock your workstation, you’re protected. In only takes one minute for an unlocked workstation to be compromised and a hacker to begin impersonating an employee.
Security Starts With Staff
No matter your position, these tips are relatively easy and can help you do your part when it comes to security. Cybersecurity is a team effort, and with your help, you can help protect your firm from the dangerous threats that exist around every corner. Don’t be proactive, be reactive!