Photo Credit: © peshkova - stock.adobe.com
When a business falls victim to a data breach, it’s not necessarily due to an absence of security, but rather more likely an employee who lacks cybersecurity situational awareness education, is unaware of incident reporting processes or is unacquainted with emerging threats.
Are your employees making intelligent security decisions? Would they know how to identify a malicious phishing email? Furthermore, if they know how to distinguish one, would they know whom to notify internally?
The following article details 5 of the most effective habits employees can exercise to prevent and protect their companies from cyber-related incidents:
Don't install apps without verifying
Malicious software, or malware, and computer security threats make the Internet a risky landscape and pose risks to your company. We've all seen the headlines of employees utilizing software that isn't authorized by their employer and thus results in severe malware infections, reputational damage and financial loss. The old method of locking down systems to prevent issues have backfired with the surge of "shadow IT."
What's shadow IT?
This refers to IT projects conducted inside an organization's walls by human endpoints, and without organizational approval. For example, an employee is blocked from using a specific application, so that same employee finds an alternative, lesser-known app that is potentially riskier and downloads it onto their computer.
Don’t share your login credentials
Did you know that nearly 50 percent of employees have admitted to sharing their login credentials?
Password sharing is one of the most significant security issues affecting businesses today, and yet it is one of the least managed security risks. Employees share login credentials on a daily basis, unaware of the danger it presents.
You’ve most likely overseen or have been involved in a scenario in which a colleague has needed to access certain information quickly. The problem is, most end users don’t give a second thought to cutting corners and sharing their credentials. Many employers are guilty of failing to bat an eyelid at this unsafe practice, leaving companies vulnerable to a data breach.
Never upload company files to personal cloud storage
By storing files in popular services like Google Drive, Dropbox or another file sharing system, employees can place their employers in harm's way despite their good intentions. Personal cloud-based storage accounts often lack robust security protocols, audit and compliance features or are improperly configured, which can lead to data breach incidents and cybersecurity disasters. No matter how secure a cloud-based document management platform says it is, the reality is that you're granting someone else access to sensitive business information.
Do you know where your employees are storing business documents? If you don't want staff to utilize personal cloud storage to save sensitive business data, employees should be provided with clearly defined data storage policies.
Employees use their own technology in the workplace now more than ever. Bring Your Own Device (BYOD) is a perfect example of this. Firms that allow staff to utilize personal devices for business purposes need to define and implement policies and procedures to reduce security threats. Maintaining work data on a personal device opens the opportunity for risk and; therefore, requires greater device vigilance and proactive security measures.
As a best practice, we recommend companies employ a third-party IT partner with reputable cybersecurity advisory services to build a customized Cybersecurity Program. This should include policies, best practices, response plans, cybersecurity incident logging, vendor attestations and other regulatory materials, including Investor Due Diligence Questionnaire response materials.
Many employees aren’t aware of the risks associated with email technology. Employees are targeted by fraudulent emails every single day. Verizon reported that 30% of phishing communications are opened by targeted victims and 12% of those users click on the malicious attachment or link. (For more information, read "Common Phishing Attack Vectors" here.)
The bad habits of opening, clicking and replying to suspicious emails are compromising an increasing amount of proprietary or sensitive business data.
Email Security Tips
- Look for misspelling, poor grammar usage, inconsistent fonts, mismatched or unusual domain names within hyperlinks and the sender's email address.
- When you receive an attachment via unsolicited email and you do not recognize the sender, do not open it and to be safe, delete the email.
- If it looks like it comes from someone you do know, pick up the phone, use a phone number you know is valid (not a phone number from the suspicious email itself), and verify if this actually was sent by them.
- Do not click on suspicious links.
Use a Virtual Private NetworkIf you want to maximize privacy and make it more difficult for others to monitor your online behavior, a VPN (virtual private network) is a viable option even for casual web users. Typically, when you connect to a network, your computer delivers unsecured communication directly over the Internet, broadcasting a unique IP address that identifies that computer along with its physical location as "yours." This communication is often unencrypted, so that anyone logging that traffic (like your ISP) can see every site you visit and what you do while you're there. In a nutshell, using a VPN service interrupts this direct connection by using a server that acts as a middleman between your computer and the Internet. Pair a VPN service with the "incognito" mode on your browser, and you've got a double dose of Internet privacy.
Remember, there is no single way to avoid hacking or phishing attacks entirely, but using extra caution and exercising these good cybersecurity habits will reduce the chances of your business becoming a victim of a cyber attack.
If you’re worried about your organization’s vulnerabilities, there’s never been a better time to enlist a trusted IT partner to guard against the latest and future threats. Align’s subject matter experts leverage over three decades of experience, providing award-winning Managed IT Services and Cybersecurity Risk Management Solutions. We’ve enlisted a multidisciplinary team of elite professionals, uniquely qualified to provide Cybersecurity Advisory Services from various perspectives encompassing technology, IT, compliance, HR, governance and legal. Our unique end-to-end cybersecurity solution and collaborative approach allow us to detect risks and identify threat points embedded in virtually all business functions across the cybersecurity risk management spectrum.