Monday, January 29, 2024

Cyber Security Awareness Tips for Employees

Cyber Security Awareness Tips for Employees

We've refreshed our list for 2024 of our cyber security awareness tips for employees that you can use for either personal or professional means. 

Cyber security threats are constantly evolving, so it is important to stay up-to-date on the latest threats and to take steps to inform all your employees.

Take a look at the following cyber security tips to learn your "something new" for today 😃

#1 Double your login protection to stop data breaches in their tracks

Enable multi-factor authentication (MFA) for added protection.

It ensures that the only person who has access to your account is you.

Use it for email, banking, social media, and any other service that supports it.

If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token.

#2 Secure your home network

Cyber criminals can access all your connected devices via your home router.

As more staff work from home, it's important to secure your home Wi-Fi by setting the password to something complex and personal.

Ensure that you have changed the default password on smart devices.

#3 Treat business information as personal information

Business information typically includes a mix of personal and proprietary data.

While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through payroll etc.

Usually, sensitive data.

Be exceptionally careful about what you are sharing, and be cautious of how you are sharing it.

#4 Connect only with people you trust to prevent security risks

Our next cyber security awareness tip is to connect with only people you trust.

While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust.

Cyber criminals frequently use social media to harvest information about potential targets for social engineering purposes.

#5 Check your app permissions

The next cyber security awareness tip is to check your app permissions.

Your mobile device can have suspicious apps running in the background or using default permissions you never realised you approved.

They can gather your personal information without your knowledge.

Use the “rule of least privilege” to delete permissions that you don’t need or no longer use.

Bonus: Only download apps from trusted vendors and sources.

#6 Protect your devices with antivirus software

Make sure your device’s security software scans for viruses and malware.

That includes your personal device too, if you have work related data on there.

Be sure to periodically back up any data that cannot be recreated such as photos or personal documents.

#7 File sharing between devices should be disabled when not needed

You may want to consider creating a dedicated directory for file sharing and restrict access to all other directories.

You should always only choose to allow file sharing over home or work networks.

Never on public networks.

Bonus: Password protect anything you share.

#8 Get assistance to secure your network

Check the customer support area of your ISP or router manufacturer’s website for specific suggestions to assist in securing your wireless network.

#9 Use a VPN (Virtual Private Network)

One of our key cyber security tips.

VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted.

VPNs allow employees to connect securely to their network when away from the office.

Many businesses have a VPN.

If a VPN is available to you, make sure you use it.

#10 Know who is on your network

Most wireless access points and wireless routers let you see which devices are connected.

Our 20th tip of our cyber security tips for employees is to review these lists frequently for any devices which are unfamiliar, either blocking those which are unfamiliar, or changing WiFi passwords to keep unauthorised devices out.

#11 Use a long passphrase password

You should consider using the longest password or passphrase you can.

Combine three random words together, with two numbers. Capitalise some characters.

Bonus: Add in some punctuation and capitalisation.

#12 Keep your software up to date

The next cyber security awareness tip is to keep your information safe from known vulnerabilities by turning on automatic updates so you don’t have to think about it.

Out of date devices create opportunities for malicious hackers.

Bonus: Set your security software to run regular scans.

#13 Social media is part of the fraud tool set

Cyber criminals can gather corporate data about your business partners and vendors, as well as HR and financial departments, by searching Google and scanning your business social media accounts.

Avoid oversharing on social media and do not conduct official business, exchange payment, or share Personally Identifiable Information (PII) on social media platforms.

It's used for social engineering.

#14 A cyber attack only needs to happen once

Data breaches do not typically happen when a cybercriminal has hacked into your company’s infrastructure.

Many breaches can be traced back to a single phishing attempt, security vulnerability, or instance of accidental exposure.

Do not click on unknown links, be wary of unusual sources, and delete suspicious messages after reporting or forwarding all phishing attacks to your IT department.

#15 Back up your data

Back up all your data to another device or third-party cloud service in case your device is compromised.

Remember 💡 Synchronisation services such as OneDrive and Dropbox are not data backup solutions. The changes ransomware makes can damage synchronised copies too.

#16 Stop auto connecting

Number 10 of our cyber security tips for employees is to make sure your device doesn’t automatically seek and connect to open wireless networks or Bluetooth devices.

This opens the door for cyber criminals to remotely access your device and have access to sensitive information.

Disable these features so the choice to connect to a secure network is in your hands.

#17 Avoid sensitive activities on public WiFi

Confirm the name of the public network and exact login procedures with appropriate staff before connecting.

Do not trust any network without an access password, and consider using a VPN to keep your confidential data private when using public networks.

#18 Limit what information you post on social media

Many people don’t realise that personal posts on social media are all that criminals need to know to target you, your loved ones, and your physical belongings – online and in the real world.

This includes:

  • Full names
  • Postal address
  • Birthdays
  • Children
  • Holidays
  • Location

#19 Never leave your mobile devices unattended

Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.

Never leave your equipment unattended in a public place. Enable “automatic lock” functionality where available.

#20 Play hard to get

No, this is not love advice 😊

Cyber criminals use social engineering tactics, hoping to fool their victims.

If an email looks “phishy” do not respond and do not click on any links or attachments found in that email.

When available use the “junk” or “block” option to no longer receive messages from a particular sender.

#21 Be wary of hyperlinks

Hover over links to verify they are authentic.

Ensure that URLs begin with “https”. This indicates encryption is enabled to protect your information.

Watch out for “lookalike” domains, such as “myb4nk.com”.

#22 Utilise a firewall

Firewalls can prevent some cyber attacks by limiting malicious traffic.

They can also restrict unnecessary outbound communications.

Some devices and operating systems come with a firewall preinstalled.

Make sure your device is currently using a firewall and that it is configured properly.

#23 Double check email attachments

It is common for Cyber criminals to alter the return address so that it looks like the message came from someone other than the sender.

Before opening any attachments, verify that the message is legitimate by contacting the person who sent it.

Use caution even from people you know.

Be especially wary of unsolicited attachments.

#24 Utilise the “guest” account option on WiFi

A widely used feature on many wireless routers, it allows you to grant wireless access to guests on a separate wireless channel with a separate password.

This maintains the privacy of your primary credentials.

#25 Watch out for Phishing 🎣

No, not fishing: Phishing.

More specifically, phishing attacks.

According to Verizon’s 2021 Data Breach Investigations Report, 36% of all breaches involved phishing attacks. 85% of those breaches involved a human element.

Its goal is to gain sensitive information about you and use it to make unauthorised purchases or to gain access to a secure system.

Be a cynic. Always suspicious of unexpected emails.

#26 Use unique passwords

Too many people fall into the trap of using the same or very similar password for all accounts.

Cyber criminals try to use stolen passwords from one service to log into other services, known as “credential stuffing”.

Defeat this by using a unique strong password for each service.

Bonus: Use a password management app to set random passwords for each account.

#27 Understand and follow company policies

To maintain information security, your company may have developed a number of policies.

This could include a:

  • Work From Home (WFH) policy
  • Acceptable Use policy
  • Data Security policy
  • Cryptographic policy

If you are uncertain about your employer's data security expectations, we recommend you request clarification from them or review their policies again.

#28 If in doubt, report to your IT department

Our final tip is to report any incident to your IT department as soon as possible.

Timing is everything with cyber security, so don't be afraid to report a cyber security incident.

Especially, when you're at fault.

Your IT team will thank you for it.

(Obviously, not the part where you clicked on the link 😉)

#29 Don’t tell anyone your passwords

Seems like an obvious one, but you would be amazed how many people write down their passwords or share their login credentials via email.

Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.

#30 Update your social media privacy settings

Set the privacy and security settings to a level you’re happy with.

Disable geotagging. It allows anyone to see where you are, and where you aren’t, at any given time.

Not a great idea.

#31 Check for the "green lock"

Our next cyber security awareness tip is to practice safe surfing wherever you are by checking for the "green lock" or padlock icon in your browser bar when making financial transactions.

It indicates a secure connection which has undergone extended validation, and that the business you are dealing with takes the security of your transaction seriously.

#32 Share with care

Even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it.

Think before you post.

#33 Use a password manager

Another one of our key cyber security tips.

A password manager is the most secure way to store all your unique passwords.

With just one password, you can create strong passwords for every account that you have.

At CSC, we recommend 1Password.

Bonus: Never divulge your master password 😉

Extra bonus: Protect your manager with a physical security token.

#34 Be wary of communications that implore you to act immediately

Cyber criminals will always attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy, or that they are about to miss out on something.

If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform.

If the email comes from a business but still looks “phishy”, reach out to them via customer service to verify the communication.

 

We hope you enjoyed our cyber security awareness tips for employees.

For a quick cheeky plug, we do offer Cyber Security Awareness Training to businesses and their employees 😊

If you have any other questions, please feel free to get in touch.

 

 

Back to the blog.

Sign up to our newsletter

The latest insights, articles, and resources direct to your inbox.