Cybersecurity Best Practices For All Employees

October is National Cybersecurity Awareness Month, and all month long, we are going to provide tips to stay safe online.  This week we focus on cybersecurity at work, and best practices that all employees should consider to keep their company information safe. With all of our National Cybersecurity Awareness posts, we are including great tip sheets from the Cybersecurity and Infrastructure Security Agency (CISA) on the week's topic.  Check out CISA's tips on Cybersecurity at Work!

Whether you are a large enterprise or a small business, cybersecurity will always be a concern. You can have a team of IT professionals and the best security software in the world, but employees' actions can also have a big role in keeping your data safe. Just one employee mistakenly sharing sensitive company information by clicking on a malicious link could be the beginning of a crippling data breach. By implementing these best practices for your employees, you can work to keep your company data protected.

• Steer clear of pop-ups, emails from unknown senders and links.  Phishing is one of the most common methods for bad guys to get into your company's data. Phishers blanket a large swath of your employees with a pop-up or malicious link, hoping that just one will click. Once the click happens, viruses and malware can spread quickly. Employees should NEVER click on links or pop-ups from unknown senders. Training on what to look for in suspicious emails or links is critical to keep these items top of mind for your staff. As a company, you can implement an email authentication program that blocks suspicious emails. When a suspicious email is received, it will be placed in a quarantine folder where you can review the email and verify its legitimacy. And if you really are questioning if something is for real, you can always call the sender and find out their intent. Always better safe than sorry!
• Install security software updates when you are notified. One major way that cybercriminals get into business's data is through security gaps in software that hasn't been updated. When software manufacturers issue patches and updates, many times these are security-related items. If you receive notifications of updates to your operating system, web browser or security software, make sure you install them right away. This also applies to personal devices that you use at work, such cell phones or tablets. 
• Back up your data regularly and consistently. If a cyberattack occurs, one major line of defense you have is your data backup.  If your IT department provides you with instructions on backing up your data, whether in the cloud or on an external hard drive, make sure you are doing these backups on a regular basis. Once you get into the practice of doing data backup, it will become second nature.
  
• Use strong passwords, follow password rules and implement multi-factor authentication. Having a strong password can thwart a cybercriminal's attempts to gain access to your company's data. Creating unique, complex passwords for each of your work accounts is essential. Strong passwords contain at least ten characters and include numbers, symbols, capital and lowercase letters. Hopefully, your company employs password policies that force you to change your password regularly. Make sure to update your password when prompted. If you're having trouble remembering all your passwords, talk to your IT department or managed IT provider about a password manager.
• Only connect company devices to secure Wi-Fi. When you are in the office, connecting to the network is usually accomplished with a wired Ethernet connection. If you need to connect to Wi-Fi, ensure the network is secure and encrypted. If you are working remotely, utilize your company's virtual private network (VPN) if one exists. Because public Wi-Fi networks are risky and make your data vulnerable to a breach, if you're working outside the office, a VPN is an essential tool to protect your data. Your IT department or managed IT provider will be able to get you set up on the company VPN.
• Stay current on cybersecurity trends through training. Companies that value their data will take the time to train their employees on how to protect it. It is your responsibility to be aware of your company's security policies and to follow them accordingly. When using a personal device, be sure you are following your company's Acceptable Use and Bring Your Own Device policies. Finally, take advantage of the training and seminars your company may offer regarding cybersecurity. An informed and vigilant employee is one of the best lines of defense against a data breach or cyberattack.

These are just a few tips that all employees can implement and follow to keep company data safe. It is everyone's job to be vigilant against cybersecurity incidents. Just one wrong click on a malicious email or one connection on public wi-fi can leave your company vulnerable to a breach. Employees are required to maintain safe online behavior on both work and personal devices. If you're unsure about a policy, please reach out to your IT department or managed IT provider. 

Fraser offers a range of cybersecurity services to help businesses navigate the complex cybersecurity landscape. From VPNs, password policies, patch updates and cybersecurity training, we can help you protect your data and your business. Wondering how safe your business is? Get a free cybersecurity assessment today!