Working for any company and being in any position, believe it or not, you are on the front line in protecting your organization. Therefore, it is important to follow the basic security rules. It is the easiest way to keep your data as well as your organization’s data safe and secure.
In the past, particularly large companies, which have more sensitive and attractive data, were vulnerable to cyberattacks. Nowadays, this is no longer the rule. Cybercriminals often attack smaller companies on the assumption, which is often right, that they have less secured networks, which makes a breach easier.
Whether you work in a large or small company, it is smart to educate yourself and keep your devices and yourself safe, which can, without doubt, contribute to protection of your organization. A company may have the best security software and protection, nevertheless, if the employees are not well-informed, it may lead to reckless clicks on malicious content, data loss or misuse.
As part of European Cybersecurity Month, we have prepared 9 simple security tips for you in the spirit of the topic “Cybersecurity training for staff”, which should be followed by all staff.
Protection of personal and sensitive data
At work, it is important to exercise the same caution as in your daily life. Avoid sharing personal information or other sensitive information – such as access to banking or names and passwords to services and systems. Keep in mind that attackers can create e-mail addresses or websites that look legitimate but their goal is clear, to gain personal and sensitive information from you. They can also fake companies’ names or take over companies’ accounts on social networks and send seemingly legitimate messages.
It is also very important to prevent the leakage of data, sensitive information or the intellectual property of your company.
Beware of suspicious content
Beware of phishing. Phishing campaigns in which phishers try to trick you into clicking on malicious content are very often the gateway to your organization’s systems. Therefore, it is important to be cautious of e-mail links and attachments from senders you do not recognize. Phishing can also lead to identity theft. It is also the way most ransomware attacks occur. Attackers often replicate e-mails from top authorities, trying to trick employees into providing sensitive information or transferring money urgently.
If you are unsure about the legitimacy of an e-mail or other communication, always contact the sender or your company’s security department. Never respond to such messages. Sensitive information could be revealed or shared. Also, do not click on any adverts or links that look suspicious. When downloading files, be careful and always check the source from which they come.
Strong passwords and multi-factor authentication
Strong and complex passwords can help prevent access to your sensitive or company’s information. Simple passwords can make access easy but this type of convenience is too risky because simple passwords are easy to be figured out. If an attacker figures out your password, it could give them access to your company’s systems. It is therefore essential to create unique and complex passwords for each service separately.
The best security measure for a strong password is multi-factor authentication, which adds additional layers of protection. However, multi-factor authentication via SMS is not so secure, so it is better to use the form that does not include SMS, such as physical tokens, temporary security keys generated by the application and so on.
Every Wi-Fi should be well secured. It is not just about networks in the office premises. The trend of working from home is becoming more widespread, so make sure that you also have a well-secured Wi-Fi network at home. When working from home, it is advisable to use also a virtual private network (VPN). A VPN is essential when working remotely or for employees on business trips. A VPN will create an encrypted and secure “tunnel” that prevents anyone from intercepting your communication.
Never use public Wi-Fi networks for your work because they contain only minimal security features, and this can be very risky. Public Wi-Fi networks are easily attacked, and the data you transmit over them could become easy prey for attackers. Even a secure public Wi-Fi network, where many users know the password which is not public (for example public networks of hotels), is a problem. Avoid such networks and better use, for example, a shared mobile connection from your mobile phone.
Sharing work data
Just as much as you take caution when sharing personal or private information in social networks, the same caution should be extended to work. By sharing a photo or video carelessly, you might end up sharing details that might be used against your company. This could be bits of information that hackers may collect in order to gain access to the company’s system. A basic security measure is to carefully check the contributions you share from your workplace.
Installing updates and file backup
Following the best practices means keeping the operating system and installed applications updated. Up-to-date antivirus and anti-malware protections are also important; they must be able to detect and respond to new cyber threats. If your company sends you notifications of the latest updates, install them immediately. This applies to all devices you use in your work. Installing updates promptly helps defend against the latest cyber threats.
Backup is the best measure to ensure the security of personal and company’s data. One of the biggest threats to data is ransomware, which makes data inaccessible and demands a ransom. To prevent such scenarios, it is advisable for employees to back up their important information, for example to hard disks or to special devices or servers, specified by the employer.
Communication with the security department
It is important to be in touch with the security department, which is your company’s cyber and information security support. If you have a problem, do not hesitate to report it to this department.
Be aware of tech support scams. Hackers may pose as technical support providers. The goal is to trick you into installing malicious software on your device. Therefore, it is important to check the communication with your security department and not provide any information to hackers.
Any employee should be aware of the impacts of cyber threats on their professional as well as personal life. If your company offers cybersecurity training, do not hesitate to sign up for it. The employee’s responsibilities include not only knowing the basic cybersecurity policies, but also following the news and new trends. There are many platforms that provide on-line trainings and security tips and tricks.
Attackers are getting more sophisticated every day. In order to protect your data and your organization’s data as much as possible, there is an absolute need that every employee makes cybersecurity a priority.
Clean desk policy
At first glance, the contents of your desk can be a very uninteresting combination of personal and work materials, notes scribbled on pieces of papers or carelessly lying around USB keys. While it may not be obvious at first glance, your desk can be a valuable source of information for an attacker who can read interesting and valuable information from it.
Therefore, avoid a messy desk. Keep sensitive documents out of the reach of strangers, for example in a locked drawer or in files in a cabinet where only you have access to. Under no circumstances leave pieces of papers with passwords scribbled on them or USB keys with working contents on the desk.
« Späť na zoznam