10 ways your staff can support your company’s health and safety

The biggest cybersecurity threat facing businesses is much closer than you think. The Verizon 2022 Data Breach Investigations Report – found that human error was a key factor in 82% of breaches, which is why it’s crucial for companies to raise awareness of cybersecurity in the workplace and ensure that employees have appropriate guidance and resources to help minimize risk to the organization.

When it comes to cybersecurity, engaging your staff can be challenging, so focusing on simple yet effective best practices is essential. Here are 10 behaviors to encourage among your colleagues to best deal with the growing cyber threats.

Be an email skeptic

According to Cisco’s 2021 Cyber ​​Threat Trends Report, phishing is responsible for 90% of attacks. Social engineering tactics are designed to trick humans, so considering that human error is the number one cause of cyber incidents, it makes sense that methods like phishing are among the most popular for hackers. It is therefore essential that company employees be wary of emails entering their inbox and always be cautious.

Tips for your employees:

If you receive an email asking you to click on a link, always check the spelling of the URL and the sender’s email to see if it is genuine. It may also be a good idea to consider the language style of the email. If it has an urgent tone or contains a lot of grammatical errors, you should be very hesitant to open links and attachments. If you suspect a phishing email, report it to the security team.

Use MFA

Using multi-factor authentication (MFA) adds an extra layer of security, making it harder for an attacker to gain access. There have been instances where simply using MFA would have prevented a complete data breach. Enterprises should strive to standardize MFA authentication across all enterprise platforms and accounts.

Tips for your employees:

MFA may seem like an inconvenience, but this extra step in the login process can make the difference in protecting your identity. You may have noticed that many public providers, such as Gmail, have implemented MFA on their service for most of their subscribers. You should use MFA wherever you can. It’s also important to note that your MFA codes should never be shared with anyone, as attackers can also use social engineering techniques to trick you into sharing an MFA code in order to impersonate you.

Update apps when prompted

Outdated software is another attractive target for attackers. A patch management program is part of a mature security practice. Patch management should include all assets within the organization. The patch schedule should be planned in advance and should also allow for off-cycle patch processing for urgent patch releases.

Tips for your employees:

Cybercriminals often take advantage of outdated software, so update reminders should not be ignored. As an organization, it is important for us to periodically update the software and hardware that keeps the business running. This may create a slight inconvenience, but it is necessary to keep the business safe.

Patching is also important for your personal protection. For example, a recent flaw in Apple’s operating system could allow an attacker to take full control of your smartphone. The only way to prevent this exploit is to update your smartphone with the recommended patch. These updates include critical security patches designed to fix vulnerabilities that could otherwise be exploited.

Generate strong passphrases

The old days of non-memorable passwords have been usurped with passwords. If your organization hasn’t yet adopted a passphrase approach, there are still standard practices that can protect old-fashioned passwords. Password complexity rules should not be the only protection mechanism. Your systems can be protected by adhering to strict password history, reuse and reset requirements. Your company should have a password policy outlining password guidance and expectations. The policy should be read and acknowledged by employees, and should be part of the onboarding process for new employees.

Tips for your employees:

Just as airbags and seat belts can improve your car safety, you should always practice defensive driving techniques. Likewise, multi-factor authentication is important to protect your identity, however, it is only one element of a defensive security posture. Although the wait to create long passphrases can be a source of irritation, it is extremely important to minimize cyber risks.

Passphrases should be unique and never shared. Password managers are the most efficient and inexpensive tool if you’re having trouble with creating passwords or tracking passwords.

Beware of public Wi-Fi

With the rise of remote working over the past two years, we have had to pay close attention to certain threats and introduce new security measures and best practices. The organization should have a tightly controlled Wi-Fi system, with a guest network for those who do not need access to corporate resources. Personal devices should be separated from the corporate network, unless the device meets the organization’s security standards.

Tips for your employees:

If you work outside of the office, you should be wary of the Wi-Fi networks you connect to. Free public networks are generally not particularly secure, as they do not require any authentication to establish a connection. This means that malicious actors have the ability to intercept data that you post on the Internet, such as emails, payment information or credentials. These unprotected networks can also be used to distribute malware, compromising any unsecured connected devices.

If you work away from your corporate network, it is recommended to use a virtual private network (VPN) which will establish a secure and encrypted connection between your device and the internet.

Avoid using company devices for personal purposes

Unless your business is a media-based business, the use of social media should be limited, if not prohibited altogether. Your marketing and communications department may need access to social platforms to conduct business, and they can be protected using network segmentation, as well as other administrative protection mechanisms.

Tips for your employees:

Allowing crossover between work and personal use on company devices is poor security practice, as websites and apps you may use in your spare time may not meet the standards set for security. organization, which can put the company at risk if you are on the company network. Therefore, it is best to keep all online browning and social media activity on your own devices using cellular data or the guest network.

Likewise, while social media may seem entirely separate from your professional life, the information you disclose on these social networking sites can be used by criminals in a variety of ways that can indirectly affect you and your business. For example, if you use the same credentials in multiple places, those other accounts can be compromised, giving malicious actors access to corporate data.

Many cell phone providers also offer free device protection, which must be activated on your personal device. Also consider using a secure and confidential browser to better protect yourself.

Avoid Shadow IT

Shadow IT remains a challenge for many organizations. Employee training is only the first step in combating this problem. Various tools exist to help prevent the use of data leaks due to the use of Shadow IT. All software and devices should be audited and approved, especially if the organization allows a BYOD policy.

Tips for your employees:

Shadow IT refers to the use of applications and other software that have not been pre-approved by your company’s IT department or vendor. This is dangerous, as these may fall below safety compliance standards. If you’re surreptitiously using unapproved technology, IT won’t have the visibility to detect threats that may surface. While having to ask for approval for every app or device you want to use can hamper productivity, if they’re not secure, they can be risky for the entire business.

Always lock screens

Screen locks are a simple way to prevent unauthorized use and potential privacy breaches. Automated lockout times must be approved by senior management of the organization.

Tips for your employees:

Cybersecurity is not just about online behavior. Whether in the office or even at home, it is always advisable to lock your computer screen whenever you leave it unattended to prevent any unauthorized person from accessing your account and to protect any confidential information.

To be curious

Curiosity is one of the best motivators for anything. If you work on making your employees curious about cybersecurity, it acts as a force multiplier. The best way to generate interest in cybersecurity is to communicate openly and frankly. Do not allow security knowledge to be hoarded as a specialized secret.

Tips for your employees:

Cybersecurity may seem like just a job for your company’s IT team, but every employee can contribute to an organization’s security posture. Take the time to talk to your IT team and find out what else you might know, and what steps you can take to keep your business and personal information safe. After all, your data is also kept within the organization, so it’s in everyone’s interest to do their part to defend against cyberattacks.


About the Author: Clive Madders is Technical Director and Chief Evaluator at Cyber ​​Tec Security. He works directly with companies that go through the Cyber ​​Essentials certification process. With over 25 years of experience in the cybersecurity industry, he has built an extensive repertoire, providing managed ICT support services, Cyber ​​Essentials certifications and advanced security solutions to help improve the corporate cybersecurity maturity across the UK.

Twitter: @_cybertec

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.

Comments are closed.