If it feels like you hear about a new corporate data breach or cyber attack every day, you wouldn’t be far from the truth. Hackers are improving their tricks and working harder than ever to get a company’s sensitive data.
According to a study by IBM, human error is the main cause of 95% of cyber security breaches. That means their IT teams could have the best security practices and keep everything completely locked down, but there’s still an employee that’s helping a hacker compromise their environment. That’s not to say that an employee is partnering with the hacker. They’ve just been tricked into giving the hacker the assistance they needed to infiltrate a company’s network.
So, if you’re an IT professional, then you already know how important it is to educate your coworkers to stay safe. Let this article be a guide on best practices for data security to help you train them. On the flip side, if you’re not and you just want to learn how you can be a safer and more cautious employee, this article has ten cybersecurity best practices to help you do just that.
Tip 1: Look out for social engineering and phishing
Social engineering and phishing are probably the most popular methods for security breaches at any company.
Both of these scams are when a bad actor tricks an employee into providing them with sensitive information. A perfect example of this is when a hacker sets up a fake website to look like an internal one. The hacker will send this fake link to people within your company and trick them into logging in, which, in turn, lets the hacker see the credentials. Now, the scammer has access to your entire network using that password.
These attacks aren’t limited to fake websites either. Bad actors have been known to set up fake Wi-Fi networks in office buildings and even go as far as to call people pretending to be an IT professional. This is why it’s so crucial to educate your employees about network security best practices.
Tip 2: Don’t click on links from unknown sources
This is another fairly big issue in the corporate environment. Sometimes, it falls into the same category of phishing attempts with links coming in emails. But suspicious links from pop-up ads and other sketchy websites across the internet can also lead to security threats.
It’s important that every employee in your company stays vigilant and can recognize warning signs. As you read earlier, it only takes one person to cause a breach for your entire company.
While this primarily has been about links to other websites, the same is true for email attachments. You should only be opening files emailed to you from people you know and trust. Even then, it’s important to make sure it’s really the person you know sending the file and not someone trying to impersonate them.
Tip 3: Use (different) strong passwords
A strong password can sometimes make all the difference in preventing a security breach. So many people use common knowledge or easily searchable information as their passwords —
things like pets or kids’ names, birthdays, or addresses for their sign-on credentials. Using a complicated password that includes eight or more characters, an upper and lowercase letter, a number, and a special character can really make a huge difference.
Regularly changing your password is admittedly annoying, but that can also help protect your company’s accounts. If someone does get your password and gain access to your accounts, changing the password locks them out almost immediately.
Another big password-related mistake is to use the same one for every account. The reason this is so incredibly dangerous is that once a hacker has access to one of your accounts, they have access to all of your accounts. Even if you vary your passwords by one character, that can protect you immensely.
Tip 4: Avoid public Wi-Fi
The reality is that sometimes work needs to be done wherever you are, so public Wi-Fi can’t be avoided in those situations. But the more you can stay away from them, the safer you’ll ultimately be.
The problem with them is not that they are inherently dangerous; it’s that you don’t know who else is on them. A popular hacking tactic is for scammers to frequent local coffee shops and other public businesses, lurking for devices with minimal to no security. This creates the perfect scenario for hackers to gain access to sensitive information.
Additionally, from time to time, scammers will also go to these places and set up fake networks that look legitimate. Once a device connects to this faux network, the scammer is able to monitor all of the traffic, including every website you visit and everything you type in.
Tip 5: Run software updates
Every day, there are new hacks and vulnerabilities exploited in software. Updates to your operating system and applications are released to help make them more secure.
While it’s easy to ignore software updates, especially when you’re busy and racing to beat the deadlines, it’s crucial that these updates are installed as soon as possible. If you have to ignore or delay an update, try to make it a point to come back to them when it’s more convenient. Even if that means that you need to set a calendar reminder for the end of the work day or schedule it as the first thing for the next morning. Believe it or not, a software update can save your company’s entire infrastructure.
Tip 6: Backup your files
You should be doing this anyway. But frequently, backing up could be your saving grace in the event of a ransomware attack.
Ransomware is a virus that infects a device and locks it down — holding the device and, perhaps more importantly, the data on that device ransom until you pay a fee to get it back. So, then you’re left with the choice of either negotiating with a hacker and paying or just wiping all of the data and starting over.
If you have a recent backup, then wiping the data isn’t such a tragic step. Plus, you won’t have to worry about the next steps and remediating the virus. You’ll be able to just erase the hard drive and start fresh.
Tip 7: Turn on multi-factor authentication
Passwords aren’t the only thing most people get lazy about. Answering security questions is also something people commonly do the bare minimum to get through. So, if a hacker isn’t getting the cooperation they want through phishing or social engineering attempts, they’ll resort to clicking on the “forgot password” link. However, if you have multi-factor or “2-step” authentication turned on, you could protect yourself from this.
The unfortunate thing is that most employees will groan at the thought of making the login process any longer or more complicated. But the truth is it’s protecting them and your company, so it’s better to have multi-factor authentication set up and turned on.
Tip 8: Lock up your devices
Most of these cybersecurity tips for employees might seem like common sense, but the reality is they are. Just like you wouldn’t leave your office unlocked because of the sensitive materials you keep in there, you shouldn’t leave your computer out in the open. Your hard drive or your cloud storage is like a digital filing cabinet. So, leaving it out and unprotected makes your company data vulnerable.
You also would not leave your office key in the door, so don’t leave your password on a post-it note stuck to your keyboard. That’s just lazy and ultimately unnecessary.
Tip 9: Know your company
Again, if you think about what your company does and who you and your coworkers interact with on a regular basis, then you can probably pinpoint where your cybersecurity vulnerabilities are. Take an extra step to try and spot phishing or social engineering attempts. But also try to think through all of your workflows and see how you can better tighten them up to prevent future security breaches.
Tip 10: Embrace education
Learning about best practices for data security is a lot like watching HR videos. Many employees will roll their eyes at the thought of seeking out more ways to make their passwords more secure. But cybersecurity is so much more than that. Hopefully, at this point in the article, you can see just how easy it can be for a hacker to get access to your company’s data and why it’s so important for every person in your office to take security seriously.
While it’s easy to pass off the responsibility of cybersecurity to your company’s IT team, the reality is it’s everyone’s job. Because all of the employees in your office have access to sensitive data, they all need to stay diligent and be mindful of what they’re doing. Following even just a few of these cybersecurity practices can greatly mitigate your company’s vulnerabilities and risks protecting not just the individual employee but your entire company.