Cybersecurity Tips And Best Practices For Employees And Employers
Cybersecurity is immensely complex and requires businesses to put in a large number of security controls, policies, processes, and tools just to secure their data and IT infrastructure. But, in spite of their best efforts, the number of cybersecurity incidents is growing faster and inflicting greater financial damage than ever before.
Interestingly, 95% of cybersecurity events can be traced to human error. This means that by regularly educating employees about cybersecurity risks and encouraging them to stay vigilant businesses can significantly reduce cybersecurity incidents that result in security breaches.
How To Keep Employees Well-Informed About Cybersecurity?
Educating your employees about cybersecurity is not a one-time project but a continuous process. Its goal should be not merely to educate but to empower people to take an active part in security and contribute to mitigating security risks. It typically involves cybersecurity awareness training and the promotion of behaviors that contribute to the overall security of the IT infrastructure and company data.
But, keeping employees engaged with cybersecurity initiatives is a challenge in itself. The key to success here is to keep things simple and repeatable. To that end, from the employees’ perspective, they need to remember the following three objectives:
Protect Your Device
Protect Your Accounts
Protect Your Information
In the following sections, we go into detail about how to achieve each of these objectives.
1. Protect Your Device
Computers and smartphones are essential tools of the modern workforce. Every modern employee is connected to the corporate network and the Internet through a desktop, laptop, or smartphone. While this connectivity is essential for them to fulfill their tasks, it also opens up the devices to possible cyberattacks.
Here are steps you can take to thwart cyberattacks on your devices:
Keep Your Device Updated
Software companies and developers regularly release patches and updates for their software and applications to improve functionality, usability, or performance. But in many cases, these patches and updates also fix security vulnerabilities. Keeping your device updated with the latest patches ensures that your device and software are safe from known vulnerabilities.
This is a simple way to secure your device from vulnerability exploits. A common example of such an exploit was the WannaCry ransomware attack. It used a vulnerability in the Microsoft Windows operating system. Those devices that had not installed the security patch got infected and were held to ransom.
So, make sure that your devices and applications are always up-to-date with the latest patches and updates.
Beware Of Malware
Malware is any malicious software that can exploit or harm your device, network, or service. There are different types of malware such as viruses, worms, or trojans classified based on how they spread. These malware can be used for different purposes such as gaining unauthorized access, stealing data, or disrupting the normal functioning of a device or software.
As we mentioned in the previous section, malware is often delivered through downloads but the most common method of malware delivery is through emails. In fact, over 75% of malware is delivered via email.
By simply being vigilant and not clicking on suspicious links and attachments in emails or messages, you will be able to prevent most of the common malware infections.
Careful What You Download
A common method of delivering malware is through downloads. By now, I believe we all know that we should not download anything from shady websites. However, often even legitimate websites offer software that come bundled with bloatware, adware, or spyware.
So, avoid downloading software and applications from websites you do not know. If you have to download anything, do so from trusted websites such as Ninite. But, the best option is to reach out to your IT support technician as they will be able to help you with downloads and installations according to your organization’s security policies and best practices.
Keep Your Antivirus Program Up To Date
An antivirus is the first line of defense for any organization. It protects users who may knowingly or unknowingly click on malicious links or attachments. Antiviruses offer real-time scanning and auto-cleaning of malicious files and applications giving employees peace of mind so they can go about their business without having to constantly worry about malicious websites or spam emails.
Antivirus software use signature files that contain a list of known malicious files and malware. These files are regularly updated to reflect the latest information about new threats. Therefore, it is important to keep your antivirus software updated so that your device is adequately protected from all known malware.
Use Device Encryption
Loss or theft of a device is a common cybersecurity risk, especially among remote workers who work from cafes and similar establishments and for digital nomads who travel a lot. Stolen devices pose a great risk as they can give attackers access to sensitive information, internal networks, and cloud resources.
This risk of lost or stolen devices can be mitigated by encrypting the device. Encrypted devices ensure that the data on the device is secure and confidential even if an attacker gains physical access to the device. Although encryption cannot prevent unauthorized access, it ensures confidentiality and privacy.
Secure Your Network
Computer networks are complex systems and the more devices that are connected to them, the greater the risk of security breaches. While the networks in the office are amply protected by a number of network security measures, home networks do not have the same level of security.
So when working from home, you can do the following things to secure your networks:
Ensure that all devices are using WPA2 (Wi-Fi Protected Access II).
Use virtual separation to create a dedicated network segment for work.
Use trusted sources to download and install the firmware, updates, and patches for the network equipment.
Use a firewall to protect the network against unauthorized access.
If the home network has IoT devices, connect them to a separate network segment.
2. Protect Your Accounts
Protecting your device is only part of the battle since most cyberattacks target user accounts via credential stealing, remote desktop protocol, password attacks, etc. User accounts can be adequately protected by using the following steps:
Use Multi-Factor Authentication (MFA)
Multi-factor authentication is a method that, in addition to the username-password combination, utilizes additional factors to verify the identity of the user. The additional factors can be biometrics such as fingerprint or facial recognition or a one-time password (OTP) sent to your phone.
Two-factor authentication (2FA) is a commonly used MFA that uses an OTP sent to the phone via SMS or generated by an application as the second authentication factor. This additional authentication factor makes it extremely difficult for hackers to break into user accounts even if they gain access to the username-password combination.
Use Virtual Private Network (VPN) Connection
A virtual private network (VPN) extends your private corporate network over the public network, enabling you to securely access your corporate resources from any location. It establishes a secure, encrypted connection to prevent web traffic containing personal information or sensitive data from being exposed to the public internet.
VPN is an essential security tool for businesses. On one hand, it allows employees to securely access corporate resources from any location and on the other hand, protects the organization’s infrastructure from unauthorized access and snooping.
VPN is an absolute must whenever you are using a public network irrespective of whether it is for work or personal purposes.
Use A Password Manager
A strong password policy is one of the key requirements of an IT security policy. Employees are usually required to conform to the following password rules:
Use separate passwords for each account,
Not to use personal details as passwords,
Immediately change default passwords of accounts and devices,
Use long passwords consisting of letters, numbers, and special characters.
Such password requirements are burdensome and difficult to fulfill when employees have to use many different applications and software.
Thankfully, password managers take these tedious tasks off your plate by making it easy to come up with strong passwords and remember them along with associated usernames. Password managers also ensure that you do not fill in your credentials on spoofed websites.
A password manager is a great tool that ensures that strong password policies can be effectively implemented without unnecessarily burdening the employees.
Beware Of Phishing
Businesses are commonly targeted by cybercriminals with Business Email Compromise (BEC), which is a type of phishing scam. While most phishing emails can be easily spotted, many attacks, especially targeted spear phishing emails can be extremely realistic and very hard to identify.
The only way to effectively protect yourself from phishing is to learn how to identify different types of phishing attacks and be vigilant.
3. Protect Your Information
Organizations usually provide their employees with security tools and systems to protect them against cyberattacks. But the cyberattacks are not limited to the workplace. Cybercriminals often craft elaborate schemes to gain access to the personal information of employees while they are away from work.
The gathered information is then used to launch targeted cyberattacks that appear believable and are difficult to identify. The following steps will help you protect your information from falling into the wrong hands while you use the Internet:
Beware Of Social Engineering
Social engineering is usually one of the first steps in complex cyber scams or fraud. It employs psychological manipulations such as scare tactics, urgency, etc. to compel employees to knowingly or unknowingly divulge sensitive information, which is used for phishing, impersonation, identity theft, or for launching further cyberattacks.
Your main defense against social engineering is to be aware of the different techniques used, always follow company procedures, and never divulge sensitive information to anyone without verifying their identity, especially over email or phone calls.
Use Privacy Browser Extensions
Safeguarding our online privacy, digital privacy, or internet privacy is our own responsibility. The more personal information we share online, the easier it becomes for cyber criminals to use social engineering to target us.
It is common to have to answer secret questions when retrieving account access using the “forgot password” option. Also, it is common, albeit ill-advised, practice to use the date of birth, year of graduation, or phone numbers as part of passwords. So, if our personal information is readily accessible to everyone, it becomes easy to guess the passwords or answers to secret questions.
Therefore, we need to be diligent in protecting not just work-related information but also our personal information as we browse online. It is a good practice to use trusted browser extensions that block hidden trackers and scripts and improve privacy while you are online.
Configure Your Privacy Settings
Marketing and salespeople, especially those at large companies love to know everything about you. Most websites collect and store your information, which is later used for serving targeted ads.
But, your information is valuable not just to marketers but also to hackers. They can learn a lot about you from your browsing history and social media use and utilize that information for social engineering and launching targeted cyber attacks.
Thankfully, web browsers, mobile operating systems, and most major websites have privacy settings that protect your information. These settings are usually hidden away because your personal information is of great marketing value to them.
Here’s a list of pages of some major websites where you can find your privacy settings:
Choose your privacy settings - Computer - Google Chrome Help
Managing Your Account and Privacy Settings - Overview | LinkedIn Help
Make sure that you apply strict privacy settings so that your data is protected.
Conclusion
The Internet is filled with wonderful and incredibly helpful content but it also has plenty of hard-to-see pitfalls. A single seemingly harmless click can expose your sensitive personal data to criminals or infect your device with malware. By following the above three-point cybersecurity plan, you can adequately protect yourself from most of the common cybersecurity threats.
Does your organization have adequate cybersecurity safeguards in place? Do you regularly train your employees in phishing, malware, and other cybersecurity threats? Click the button below to reach out to us and learn how we can help improve your organization’s cybersecurity posture.
If you liked the blog, please share it with your friends