According to the Verizon DBIR for 2022, 82% of breaches involved human error. Hackers are targeting employees with phishing campaigns, malware, and more to penetrate system security and access critical data. To best protect your organization and encourage a culture of cybersecurity awareness, it’s important that you and your employees are educated on cybersecurity best practices.
To help you get started, here are 10 cybersecurity tips every employee should know:
1. Utilize a strong password
We have all heard that having a strong password is important, but what classifies as a strong password?
- Should be at least 16 characters long
- Contain and mix letters, symbols, and numbers
- Avoid utilizing words, especially proper nouns
- Never include Personally Identifiable Information (PII)
- Are not re-used
If you are creating secure passwords, it can be difficult to keep track of them all. Using a password management app to store and manage your different passwords can help you keep organized in a secure fashion.
2. Use the SLAM method to help spot suspicious emails
Phishing attacks are a huge part of modern-day cyberattacks- some are highly personalized and may contain references to your coworkers, family members, your hobbies, and more. The best way to mitigate this is awareness- use the SLAM method to help identify phishing attacks:
- Sender: Check the sender’s email address
- Links: Hover and check any links before clicking
- Attachments: Don’t open attachments from someone you don’t know or attachments that you weren’t expecting
- Message: Check the content of the message and keep an eye out for bad grammar or misspellings
3. Secure Your Web Browser
Web browsers are used frequently on corporate and home devices, and attackers will try to exploit vulnerabilities in them to take control of your computer (for example, this year’s Google Chrome Zero-Day vulnerability). The best way to secure your web browser is to configure automatic updates, avoid saving passwords in your browser, use trusted web browser plug-ins from web browser app stores, and limit security settings and what data is being transmitted to web browser providers.
4. Maintain the Latest Software on Your Smart Devices
To help prevent attackers taking advantage of vulnerabilities on your smart devices, update phones, tablets, TVs, speakers, thermostats, etc. with the latest software available. If an Auto-Update feature is available, enable it. These devices can potentially be a source of infection just like any other computer.
To further secure your devices, ensure your utilizing screen unlock password capabilities where available. Organizations should also consider mobile device management solutions to help increase the security of their mobile device environment to help ensure device and app compliance and control data flow outside trusted mobile apps and devices.
5. Utilize Multi-factor Authentication (MFA)
For both corporate applications and personal applications, it’s imperative to enable MFA to validate that the person logging is who they claim to be, and to prevent malicious hackers from authenticating into your network.
6. Secure Your Home Network
If left unsecured, your home network can pose a risk to both your personal and corporate data if you are working remotely. Here are a few tips to help secure your home network:
- Plug computers into your router, not your modem
- Change the default password on your router
- Ensure firmware is updated, choosing automatic updates if available
- Disable remote router administration – you should not need to make changes when you are away and this increases security by removing an easy path to your device
7. Use a VPN
Virtual Private Networks (VPNs) provide a great way for employees to securely access remote resources from multiple locations by connecting two private networks securely over the internet. Utilizing public Wi-Fi in airports, hotels, and coffee shops without a VPN can inadvertently give away a lot of details about what devices you have and what you’re doing on the internet. In the hands of a hacker, this information can be used to formulate an attack.
8. Don’t Forget About Physical Security
As more and more employees travel back into the office, it’s important to remember that physical security at the office is also important.
Reminders for physical security include:
- Lock your computer when leaving your desk
- If your organization uses badge access, don’t allow tailgating – each person should scan their own badge
- Protect and lock away paper files with sensitive data
9. Be Aware of What Information You’re Sharing on Social Media
Social media may be a great way to share information with family and friends, but are you also sharing information with attackers?
Scammers and attackers can use the information you post on social media to gain PII about you that can be used against you. Review your privacy settings on a recurring basis, delete old and unused accounts, and review your photos and videos foreground and background before posting to ensure you’re not sharing anything that could reveal key pieces of personally identifiable information.
Before you go to post on social media, ask yourself – could this information you’re about to post be used against you?
10. If you see or do something, say something!
Last but not least, if you notice something suspicious, whether it be an email, text, or unauthorized visitor in the office, or end up accidentally clicking a phishing email link, alert your supervisor, IT department, or company to help ensure that the incident is handled quickly, and damage kept to a minimum.
Employee education is a critical component of cybersecurity, and organizations should have cybersecurity awareness training as an ongoing part of their cybersecurity program in addition to other layered defense and protection measures, such as 24/7 monitoring and alerting, managed detection and response, and vulnerability assessments.
Cybersecurity impacts us all, and it’s up to both employees and employers to remain educated on cybersecurity best practices to protect ourselves and our companies from malicious attacks.