As digital technology continues to expand at a rapid-fire pace, so does the window of opportunity for cyber attacks. Believe it or not, businesses fall prey to at least half of all cybersecurity breaches, according to experts.
Phishing scams, password hacks, and malware attacks are just a few of many cyberattacks that can have detrimental effects on business operations. Employees are essential tools in an organization’s arsenal against cybercrime, so providing them with security awareness training should be a top priority.
The following are cybersecurity best practices every employee should know and exercise.
Watch Out for Phishing Scams
Phishing occurs when cybercriminals send emails impersonating reputable companies to obtain passwords, credit card information, Social Security numbers, and other pertinent information.
Receiving an email that asks you to disclose personal or financially sensitive information is the number one red flag indicating a phishing scam.
It’s important to be aware of other characteristics of phishing emails which commonly include:
- Emails with generic subject lines or greetings; “Hello Dear” or “Hello Customer” instead of the recipient’s actual name
- Emails with multiple spelling and grammatical errors
- Emails that create a sense of urgency; “urgent action required” or “your account will be closed”
- Emails that require verification of information by clicking on a link; update payment details or billing information
Beware of Business Email Compromise (BEC) & CEO Fraud
Aside from credible companies, cybercriminals will also use authority as a disguise, often spoofing company email accounts. Many tend to pose as a CEO requesting money transfers, gift card purchases, or urgent tasks.
It’s crucial that employees never reveal sensitive company information and, therefore, never reply to a suspicious email. Instead, if an employee senses a BEC attack, they should:
- Carefully inspect email address domains to uncover inconspicuous differences; office.com versus 0ffice.com
- Verify the validity of the request in person or directly over the phone
- Forward the email in question to the company’s IT or security department to double-check.
Keep an eye on your email hosting security. Here’s how to set up a secure business email for free.
If you are using mass external communication methods (like newsletters), consider setting them up on a different domain to keep your primary one private. You can easily generate a domain which will cost you as little as $2 a year and use it for your public correspondence to keep your employees safe from phishing attempts..
Exercise Caution with Links, Attachments & Downloads
In their attempt to steal information, phishers will send emails that include links, attachments, and downloadable files that have malware embedded in them. If malware infects an employee’s device, hackers can steal and sell company information and intellectual property.
To reduce the risk of potential malware, individuals should avoid clicking on links in emails and instead type or paste the URL directly into the web browser. Even if an email comes from a sender the employee recognizes, employees should refrain from opening and downloading attachments unless they are expecting a file from them or can verify personally with them.
Use a Virtual Private Network (VPN) for Secure WiFi
Public WiFi has many apparent advantages, which can include preserving data on smartphones and other like devices, as well as allowing employees to access work outside of the office. Despite this, public WiFi networks can be quite risky as malware can transfer between devices connected to the same network.
To protect all employees, especially those working remotely, employers should require the use of a virtual private network (VPN) on all devices. A VPN works to keep online activity private when using a public WiFi network by hiding a user’s browsing history, IP address and location, streaming location, devices, and web activity.
Above all, ensure your own website security and speed: You want your internal documentation to be accessible company-wide, yet quickly and securely. Fix My Site Speed is a good platform to help with that.
Install and Update Security Systems & Software
Secure software is fundamental for defending devices and websites from online threats that can compromise a company’s sensitive data and information. For optimal protection, companies and their employees should install antivirus and other anti-malware software on all devices.
More importantly, optimal protection also means taking the time to update software promptly in order to preserve the security of all systems and programs. Not only do newer versions of software run more efficiently, but they also prevent time and data lost from attacks on vulnerable, outdated software.
Safeguard Mobile IT Devices
VPN use alone cannot protect devices from cybersecurity breaches; employees must also do their part to keep both personally-owned and company-owned mobile devices secure. Even if unintentional, negligent employee behavior such as sharing inappropriate data via mobile devices and physically losing mobile devices can make businesses vulnerable to cyber attacks.
To mitigate data security risk from mobile IT devices, IT professionals suggest employees:
- Do not leave devices unattended or in insecure areas
- Know how to render all data unreadable if a device is lost or stolen
- Disable auto usernames and passwords
- Turn off location services
- Use safe stores for downloading mobile applications
- Avoid oversharing personal information on social media
Here’s an in-depth guide on protecting your online identity.
Develop Strong Passwords
Another way hackers steal information is by guessing passwords and thus breaking into accounts. A common mistake many folks make is using easily detectable information for login credentials such as the names or birthdays of children, spouses, and pets.
It’s especially critical for employees to have both strong and unique passwords. A unique password is a password that is only used for one account. Therefore, employees need to create separate passwords for all of their professional and personal accounts. Moreover, a strong password is one that contains:
- At least 8-10 characters
- A combination of uppercase and lowercase letters
- Symbols or special characters
For added security, the Better Business Bureau (BBB) recommends password changes every 30 to 90 days. However, for memory’s sake, people tend to reuse variations of old passwords or write down new passwords. Instead, employees should consider logging passwords in a password manager.
Use Multi-Factor Authentication
Multi-factor authentication is a security method that acts as an extra barrier of protection by requiring two or more credentials to validate a user’s identity when logging into a device.
Providing a second factor of authentication, such as a temporary code sent to one’s smartphone, can keep a user’s account secure even if their password has been compromised because a hacker must also possess the additional authentication measure.
Maintain Consistent Internal Communication
When it comes to an organization’s cybersecurity, it’s better to be proactive than reactive. All employees have a responsibility to communicate any potential or active cyber risks promptly, whether it’s C-Suite to all personnel, or a single employee to IT. When all parties exercise due diligence, data security in the workplace is likely to improve.
Employees should become familiar with their company’s IT department or support team so that they can reach out if they suspect a possible threat. However, employees can only report suspicious activity if they know what to look out for. Given this, companies should have ongoing training regarding cybersecurity that entails identifying various cyber threats and understanding best cybersecurity practices and policies.
Part of prioritizing cybersecurity within a company includes focusing on and emphasizing employee knowledge and skills.
Equipping employees with adequate information, training, and resources will help them to better recognize the ever-increasing range of threats to their company’s cybersecurity. In doing this they can also help defend your company’s important information against attacks and ultimately data breaches.