It’s National Cybersecurity Month. This week we’re exploring cybersecurity in the workplace. Untrained employees can be one of the biggest vulnerabilities to your organization’s network security. Presumably every person in any given organization has their own computer. This makes every employee a potential target for hackers and scammers. A lack of cybersecurity awareness among end users puts businesses at risk due to factors like; phishing, negligence and thoughtless clicking of links. Here are some tips to ensure your employees know how to avoid putting your organization at risk.
#1 Create a Culture of Cybersecurity
It’s important to create an office culture that emphasizes the importance of staying safe online. All employees should have the understanding it’s the shared responsibility of everyone in the office to ensure cybersecurity. You probably have an I.T. department tasked with protecting the organization from cyber attacks, but all it takes is a mistake by one employee to allow an attacker access to your network.
#2 Create a Cybersecurity Policy & Provide Training
A Cybersecurity Policy is a document that should outline specific requirements for appropriate use of your organization’s devices, data, internet, email, passwords, etc. Your policy should apply to each employee, as well as contractors and any other person with access to your network and data. We highly recommend using one of the many templates available online, they will serve as an excellent starting point. Once you have a clear Cybersecurity Policy in place, make sure each employee gets a copy and hold a company-wide training to make sure everyone understands what is expected.
#3 Encourage Strong Passwords & Responsible Management
Encourage your employees to only use strong passwords that can’t be easily guessed or stolen. Passwords should be at least 8 characters long, use a mix of upper and lowercase letters and contain special characters. Passwords should never include things like birth dates or names or people and should be changed frequently. All employees should avoid writing their passwords down. If there are many different passwords that are hard to remember, consider a secure password keeper. Exchanging of credentials should also be avoided. Check out our helpful guide on how to make a strong password.
#4 Educate About Spam & Phishing
Phishing emails and calls are one of the most common risks your employees will face at work. Educating them about spotting and avoiding these attempts is critical. Train employees to be critical of things like vague titles, grammar mistakes, attachments, and unknown senders. In addition to the obvious attempts, make sure they understand that many phishing emails are sophisticated and designed to trick you into acting. Emails could appear to be from someone at the company or even a familiar organization. Teach employees to hover over any hyperlinks to preview where they will be taken if clicked. More detailed information about phishing attacks can be found here.
#5 Communicate About New Threats & Scams
Be sure to keep your employees informed about new threats. If there’s a particular phishing email going around or a breach, make sure they know about it. US-CERT (United States Computer Emergency Readiness Team) has a great resource for alerts on current security issues.
#6 Require Installation of Updates & Patches
Make sure employees know they are expected to install all available updates and patches. No clicking “maybe later”. These updates and patches often include the solution to combating the latest vulnerabilities. If you have an in-house I.T. team, have them double check that everyone is up to date.
#7 Remind Them to Lock Their Devices
Employees should be expected to keep devices password protected and lock them when not in use.
#8 Test Them
There are many great solutions for phishing simulation awareness training. Fake phishing emails are sent to your employees, allowing you to identify and address potential weak spots without ever putting your network in harm’s way.
#9 Discourage Unauthorized Software Downloads
We recommend requiring employees to check with your network administrator before downloading software to their computer’s. Even programs that are commonly downloaded onto home computers without a second thought can open your network up to risks like ransomware. Many times the software being downloaded and installed by employees is not even work related.
#10 Limit Internet Access or Establish Browsing Rules
If you’re not blocking employees from certain websites then it’s important to at least establish browsing rules. An internet usage policy should be outlined in your policy. This will help employees avoid risky behaviors like downloading questionable material, sending confidential information, visiting unsecured websites, and more.