As a business leader, there are many things you can do to keep your organization safe. You can install good firewalls, keep your antivirus software up-to-date, scan for network vulnerabilities, and keep your admin password safe and secure, however, there is one area of your business that is increasingly difficult to control from a security standpoint…your employees. Strong organizational security practices can be rendered useless by an employee who reused their work password on Facebook, clicked a malicious link in an email, or wrote down all their passwords and left them out in the open.
One of the main reasons that personal cybersecurity practices are a concern for your business is the rampant reuse of passwords. Since people have so many passwords, they often resort to using the same password for multiple sites. That can be a problem for your business because if a personal site is breached, cybercriminals may now also have access to your work accounts. Once a site is breached, any exposed username and password will eventually find its way to the Dark Web, where cyber criminals can use special software to try that same password and username on thousands of sites across the internet.
As a business leader responsible for IT, it is important to educate employees on maintaining good cybersecurity practices both at work and in their personal lives. Below are 9 quick cybersecurity wins that you can share with employees that will help keep them and your business safe.
Use a Password Manager
Password managers are a growing cybersecurity tool that has been on the rise for both business and personal accounts in the last few years. Password managers such as 1Password or Bitwarden allow you to store all of your passwords in a safe location. You will only have to remember one long, complicated password to access them, instead of many different passwords. If you pair this with multifactor authentication, you will be making it near impossible for someone to breach one of your accounts using a stolen password.
Multifactor Authentication
Multifactor authentication (MFA) or Two factor authentication (2FA) is another must have personal cybersecurity win. MFA is the process where you need more than one method to access a system. This is usually a password combined with an app on your phone, a token sent to you via a text or email, or a biometric method such as a fingerprint or facial recognition scan. MFA stops a stolen password from becoming an issue because the password alone will not provide access to your account. MFA is provided for most personal sites such as Google, Facebook, and Nest, and should be used for everything, especially if an account has access to your credit card information.
Stay Up to Date
When your PC, phone, or applications want you to update them, please do it. System updates generally contain several security updates including fixing any discovered vulnerabilities. You can also set your devices to update automatically, which is generally a good practice.
Be Smart with Your Smart Phone
For the most part, smart phones are pretty secure, but always make sure to only download apps from reputable sources such as the Google Play Store or the Apple App Store. Take a minute to either delete any unused apps or check to ensure that your frequently used apps are up to date. Also, always lock your phone and use biometric facial or fingerprint recognition if available and backup your device to a Cloud provider.
Avoid Using Work Email for Personal Accounts
While we generally like to keep all activity in one place, using your work email for a personal account can cause a problem if that site is ever breached. Encourage your employees to maintain a safe and secure personal email account if they aren’t already doing so.
Avoid Public Wi-Fi
It’s nice to not have to use your own data plan to watch cat videos at Starbucks, but public Wi-Fi can be dangerous. One issue with public Wi-Fi is that it is possible for cybercriminals to create a fake public Wi-Fi account and then steal data from anyone who accesses it. There have been cases of cyber criminals setting up near an airport and shooting fake Wi-Fi signals into the terminal. In general, avoid it if you can, or make sure you are using a VPN to hide your data.
Be Cautious with Public Charging Stations
If you need to charge your phone on the go, make sure you plug it in directly to an outlet. Some wireless charging stations can be used to connect to and steal data off your phone. This is known as “Juice-jacking” and has occurred in airports, hotels, and other high traffic areas that might offer free charging.
Be Aware of Vishing and Smishing
Most people who work in an office setting are aware of the concept of phishing, or a fraudulent email designed to trick a person into downloading malware or revealing a password. However, Vishing, or Voice Phishing, is another big-time scam. Vishing scams often involve the element of fear, such as posing as a police detective or a government tax official claiming you owe money. Vishing can be alarming if you have never experienced it before, as it catches people off guard and often induces a quick or panicked response.
Smishing, or SMS Phishing, is a fraudulent text message, and often these can come at just the right time to convince someone that it is real. Common Smishing tactics involve frequently used services such as Netflix or Amazon and also rely on fear by telling the user they missed a payment, their package is delayed, or the service is going to be cut off.
In general, always be careful, especially if the message or call uses threatening or urgent language. You can always contact the real organization directly using the number or contact email on their website as well. Never reply to or open a link if you are unsure.
Spread the Word
Just because you know that the Netflix text you received is fake, don’t assume everyone else is just as savvy. Make sure you share cybersecurity tips with friends and family. The more people that know about, the more likely we are to collectively avoid being breached.
More To Explore
8 ways to spot a phishing attempt…before it’s too late!
The last few years have seen a surge of phishing attacks - unsolicited emails intended to deceive you into revealing personal information, account credentials, or other sensitive data. If successful, stolen information can be used for credit card fraud,...