Why you need to promote Cybersecurity good habits
You may feel secure knowing that you have a competent IT security team and many security tools in place to protect you and your company from cyber-threats. But it doesn’t matter how strong your door is if you habitually forget to lock it.
Good cybersecurity habits are the foundation on which you can build strong cybersecurity. They minimize security risks due to human error and promote a security-conscious culture. It is an effective and sustainable defense against cyber threats. However, good habits aren’t formed instantly and need concerted effort. In a previous blog post, we discussed how you can create a cybersecurity-conscious culture in your company and advised you to start with the basics.
In this blog post, we share with you eight important but easy-to-adopt cybersecurity habits. By adopting these into your work and personal lives, you can gradually turn them into habits, which will protect you, your family, and your company from a wide variety of cyber threats. To help you remember these good habits, we are sharing a “Cybersecurity Good Habits” poster (at the end of this blog post), which you can use as a desktop guide.
6 Cybersecurity Good Habits To Adopt Right Now
Here’s our list of cybersecurity good habits:
1. Lock your device / take your device
An unlocked and unattended device is an invitation for hostile actors to steal or delete your data, infect your computer, or use it for malicious purposes. Your computer is very likely to contain sensitive business information and giving access to it even unintentionally can lead to security breaches such as espionage, data theft, etc.
Locking your device is a convenient way to secure it from unauthorized access when you need to step away for a few moments but don’t want to shut down the device completely. It is easy to lock your device. Here are the keyboard shortcuts for locking your computer:
Control + Shift + Power for Mac, and
Window key + L for Windows
Mobile devices such as laptops and smartphones are common targets for theft not just for the purpose of cyber-crimes but also for their resale value. So, when not in use, it’s best to keep mobile devices on your person at all times. The use of physical locks and docking stations is also a good way to prevent your device from theft. If you are working from a cafe or public place, stay vigilant and avoid sitting close to the exit.
2. Look before you click
According to Verizon’s 2020 Data Breach Investigations Report, 22% of security breaches involved phishing. This means many people are clicking on malicious links or attachments unintentionally and causing breaches. It is often difficult to identify phishing emails at a quick glance. Phishing emails are designed to look authentic and use social engineering to appear convincing.
Even if your employees are trained to identify different types of phishing emails, while they are busy working, it is difficult for them to notice the red flags. When you receive a cleverly crafted phishing email while you are juggling 20 different things in your head, it is quite possible to get deceived. The only way to safeguard against phishing is to make certain emailing practices a habit.
Here are some examples:
Think twice before clicking on a link sent in an email.
Hover your mouse pointer over the link to reveal the underlying URL
Think twice before opening an attachment sent via email.
Whenever the email asks for sensitive information, for payment, or tries to create urgency, pause and ask the following:
Do you recognize the sender’s email?
Were you expecting the email?
Were you expecting the attachments?
If you calmly look for the telltale signs of phishing emails, you will be able to identify most if not all such emails. And once it becomes your habit, it is very unlikely that you will fall for any phishing scams.
3. Verify the requests
Very often phishing emails or phone calls are made to appear to come from your boss, your bank, government agencies, or tech support. The scammers do this because they know that many people find it difficult to say no to someone with authority. Often such emails and calls are able to collect sensitive information and are the precursor to serious cyber-attacks.
Such online scams try to create a sense of urgency so that you don’t get time to think calmly about the request being made. To add to the challenge, it is also rather easy to spoof phone numbers. Therefore, you must always ask for verification to confirm the identity of the requester, or hang up and call back on a published number. Remember that banks, government agencies, or tech support will never contact you out of the blue, let alone ask for sensitive information over the phone.
4. Adopt Good Password Hygiene
You’d be surprised how common poor password habits are. To give you an example, the most common password in the world is still “123456”. There’s an elaborate list of bad passwords including “password”, your name, personal information, etc. that is common knowledge but people still use them. Short, easy-to-guess passwords are easily exploited and one doesn't even have to be a hacker to do it. Every year, businesses across the world lose millions of dollars due to security breaches caused by hacked accounts using compromised login credentials.
Good password hygiene is easy to adopt and is critical for strong cybersecurity. We use many applications and it can be challenging to create and remember strong passwords for all of those accounts. But this challenge can be easily overcome by using a password manager.
Here are some good password habits:
Use a password manager.
Never share your password with anyone.
Use a different password for each account.
Always click “no” when websites, untrusted browser extensions, or apps ask to remember your password.
5. Keep everything updated
Have you heard of the WannaCry ransomware attack? If not, you should learn about it to understand the importance of keeping your system updated. The WannaCry ransomware used a vulnerability in the Microsoft Windows operating system. Although Microsoft had already released a patch to fix that vulnerability, many companies failed to install the patch. Those that hadn’t updated their systems with this patch got infected and had to pay a heavy price.
Software patches and updates are released occasionally to fix security vulnerabilities, or to improve functionality, usability, or performance. Therefore, it is important to install these updates as soon as possible. This ensures that your devices and applications are safe from known vulnerabilities. However, it isn’t just the devices and software that need to be updated.
Cyber threats are ever-evolving. Cybercriminals keep creating new ways to scam or exploit unsuspecting users. Therefore, it is necessary to keep our knowledge of cyber threats up-to-date so that we are well-equipped to counter cyberattacks. Regular education about cyber threats, preventive measures, password hygiene, phishing drills, and mock attacks go a long way in creating a strong cybersecurity system.
6. Perform Regular Backups
Many businesses and individuals focus on preventive measures but neglect preparations for when a breach actually happens. Preventive measures such as antivirus, anti-malware, spam filters, etc. will prevent a lot of the risks but they can’t protect you 100% against cyber attacks. There is no foolproof cybersecurity system but there is a safety net of backups.
Backups are not only useful when your device crashes but they are also critical in case of ransomware attacks. Backups are the only “guaranteed” protection against ransomware.
Here are a few good backup habits:
Don’t keep your backup media connected at all times.
Have you tested your backup; tried running a recovery recently?
As promised here’s the cybersecurity good habits poster for you:
Bonus - Report Anything Suspicious
Whenever you receive an email or phone call that you suspect to be a scam, it is best to report it to your IT team. This way your colleagues throughout the company can be alerted if any real threats are found. In addition, often phishing emails and calls are the first steps in a larger targeted cyberattack. If you immediately inform your IT team of such activities, they can investigate the matter and take preventive measures.
If your company doesn’t already have one, create an official reporting protocol so that all employees know exactly what to do and whom to contact in case of a suspected cyber-attack. And make sure to keep the process simple so that reporting isn’t a hassle and employees can do it quickly and easily.
If you liked the blog, please share it with your friends