Cybersecurity Best Practices For All Employees

NCSAM_Week2_Facebook-bannerOctober is National Cybersecurity Awareness Month, and all month long we are going to provide tips to stay safe online.  This week we focus on cybersecurity at work, and best practices that all employees should consider to keep their company information safe. With all of our National Cybersecurity Awareness posts, we are including great tip sheets from the Cybersecurity and Infrastructure Security Agency (CISA) on the week's topic.  Check out CISA's tips on Cybersecurity at Work!

Large enterprise company or small business, cybersecurity is always going to be a concern. You can have a team of IT professionals and the best security software in the world, but employee's actions can also have a big role in keeping your data safe. Just one employee mistakenly sharing sensitive company information by clicking on a malicious link could be the beginning of crippling data breach. By implementing these best practices for your employees, you can work to keep your company data protected.

  • Steer clear of pop-ups, emails from unknown senders and links.  Phishing is one of the most common methods for bad guys to get into your company data. Phishers blanket a large swath of your employees with a pop-up or malicious link in hopes that just one will click. Once the click happens, viruses and malware can spread quickly. Employees should NEVER click on links or pop-ups from unknown senders. Training on what to look for in suspicious emails or links is critical to keep these items top of mind for your staff. As a company, you can implement an email authentication program that blocks suspicious emails. When a suspicious email is received, it will be placed in a quarantine folder where you can review the email and verify its legitimacy. And if you really are questioning if something is for real, you can always call the sender and find out their intent. Always better safe than sorry!
  • Install security software updates when you are notified. One major way that cybercriminals get into business's data is through security gaps in software that hasn't been updated. When software manufacturers issue patches and updates, many times these are security-related items. If you receive notifications of updates to your operating system, web browser or security software, make sure you install them right away. This also applies to personal devices that you use at work, such cell phones or tablets. 
  • Back up your data regularly and consistently. If a cyberattack occurs, one major line of defense you have is your data back up.  If your IT department provides you with instructions on backing up your data, whether in the cloud or on an external hard drive, make sure you are doing these backups on a regular basis. Once you get into a practice of doing data backup, it will become second nature.
  • Use strong passwords, follow password rules and implement multi-factor authentication. Having a strong password can thwart a cybercriminal's attempts to gain access to your company data. Creating unique, complex passwords for each of your work accounts is essential. Strong passwords contain at least ten characters and include numbers, symbols, capital and lowercase letters. Hopefully your company employs password policies that force you to change your password on a regular basis. Make sure to update your password when prompted. If you're having trouble remembering all of your passwords, talk to your IT department or managed IT provider about a password manager.
  • Only connect company devices to secure Wi-Fi. When you are in the office, connecting to the network is usually accomplished with a wired ethernet connection. If you need to connect to wi-fi, make sure the network is secure and encrypted. If you are working remotely, utilize your company's virtual private network (VPN) if one exists. Because public wi-fi networks are risky and make your data vulnerable to a breach, if you're working out of the office, the VPN is an essential tool to protect data. Your IT department or managed IT provider will be able to get you set up on the company VPN.
  • Stay current on cybersecurity trends through training. Companies who value their data will take the time to train their employees on how to protect it. It is your job to know what your company's security policies are and that you're following them accordingly. When you're using a personal device, make sure you are following your company's Acceptable Use and Bring Your Own Device policies. Finally, take advantage of training and seminars your company may offer regarding cybersecurity. An informed and vigilant employee is one of the best lines of defense against a data breach or cyberattack.

These are just a few tips that all employees can implement and follow to keep company data safe. It is everyone's job to be vigilant against cybersecurity incidents. Just one wrong click on a malicious email or one connection on public wi-fi can leave your company vulnerable to a breach. Employees are obligated to engage in safe online behavior on work and personal equipment. If you aren't sure about a policy, reach out to your IT department or managed IT provider. 

Fraser offers many cybersecurity services to help businesses stay safe on the cybersecurity landscape. From VPNs, password policies, patch updates and cybersecurity training, we can help you protect your data and your business.