Many employees think information security is a technical challenge that is the sole responsibility of the IT department. This had led many to develop poor habits in safeguarding digital data. Over-reliance on conventional security measures, such as antivirus and firewalls, have led to a false sense of security.
Since employees are an organization’s first line of defense, they need ongoing employee awareness training to stay on top of security best practices. Here are five cybersecurity tips they can start with.
#1. Practice safe clicking
While many browsers and other applications do a good job of filtering malicious content and highlighting potentially dangerous links, you shouldn’t take such controls for granted. Hackers often spoof things like email and web addresses to dupe unsuspecting users into clicking on a malicious link. Email, instant messengers, and social networks have become hotbeds of malware proliferation, and there’s a whole lot that spam filters still don’t catch. Employees should be trained to always look twice before clicking on a link, particularly those in unsolicited emails and instant messages or unexpected posts on social media.
#2. Avoid weak login credentials
Recent studies have shown that the most popular passwords of the past few years have been “123456” and “password,” among other woefully inadequate choices. Weak login credentials such as these are so easy to guess that they’re akin to leaving an account wide open to the public. Password policies should establish and enforce the best practices for generating user account credentials that cannot be guessed or cracked by a brute force attack. It’s also a good idea to add a secondary authentication layer to verify a user’s identity such as temporary SMS codes.
#3. Learn about phishing scams
Although vulnerabilities in technology tend to get more media attention, most attacks start with a social engineering scam that exploits human ignorance. Conducting these scams doesn’t even require much technical knowledge, since they’re entirely reliant on duping victims into taking a desired action, such as clicking on a malicious link or email attachment or even giving away login credentials outright. Employees must learn how to identify phishing scams, which is why phishing simulations should be a regular part of your security awareness training program.
#4. Secure mobile devices
The portable nature of mobile devices makes them susceptible to loss or theft. This is problematic since many smartphones, tablets, and laptops host enormous amounts of sensitive data, and many users are accustomed to keeping themselves logged in to the various online accounts they use. Alarmingly, a lot of smartphone owners don’t even use a PIN code or lock screen.
All businesses should have a policy that enforces strong access credentials and encryption of all sensitive data stored on these devices. Remote wiping can also help to protect lost or stolen devices.
#5. Be wary of insecure networks
Most people don’t think twice when connecting to an unsecured public wireless network. After all, it’s always more convenient if you don’t have to ask someone for a key. However, these networks are highly vulnerable since they don’t encrypt traffic sent between the device and the local router. This means the data may be intercepted and misappropriated by a wireless eavesdropping attack. Aside from educating employees on the dangers of using public Wi-Fi, your business’ resources should only be accessible via your corporate VPN. This way, employees should still be able to use unsecured networks safely.
Tech Squared provides proactive technical support and managed services to businesses in Roanoke, Blacksburg, and Lynchburg. Call us today to find out how we can improve your information security.