Cyber Security Awareness Tips for Employees
We've refreshed our list for 2023 of our cyber security awareness tips for employees that you can use for either personal or professional means.
Cyber security threats are constantly evolving, so it is important to stay up-to-date on the latest threats and to take steps to inform all your employees.
Take a look at the following cybersecurity tips to learn your "something new" for today 😃
#1 Treat business information as personal information
Business information typically includes a mix of personal and proprietary data.
While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through payroll etc.
Usually, sensitive data.
Be exceptionally careful about what you are sharing, and be cautious of how you are sharing it.
#2 Connect only with people you trust to prevent security risks
Our next cybersecurity awareness tip is to connect with only people you trust.
While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust.
Cybercriminals frequently use social media to harvest information about potential targets for social engineering purposes.
#3 Double your login protection to stop data breaches in their tracks
Enable multi-factor authentication (MFA) for added protection.
It ensures that the only person who has access to your account is you.
Use it for email, banking, social media, and any other service that supports it.
If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token.
#4 Secure your home network
Cybercriminals can access all your connected devices via your home router.
As more staff work from home, it's important to secure your home Wi-Fi by setting the password to something complex and personal.
Ensure that you have changed the default password on smart devices.
#5 Use a long passphrase password
You should consider using the longest password or passphrase you can.
Combine three random words together, with two numbers. Capitalise some characters.
Bonus: Add in some punctuation and capitalisation.
#6 Keep your software up to date
The next cybersecurity awareness tip is to keep your information safe from known vulnerabilities by turning on automatic updates so you don’t have to think about it.
Out of date devices create opportunities for malicious hackers.
Bonus: Set your security software to run regular scans.
#7 Social media is part of the fraud tool set
Cybercriminals can gather corporate data about your business partners and vendors, as well as HR and financial departments, by searching Google and scanning your business social media accounts.
Avoid oversharing on social media and do not conduct official business, exchange payment, or share Personally Identifiable Information (PII) on social media platforms.
It's used for social engineering.
#8 A cyber attack only needs to happen once
Data breaches do not typically happen when a cybercriminal has hacked into your company’s infrastructure.
Many breaches can be traced back to a single phishing attempt, security vulnerability, or instance of accidental exposure.
Do not click on unknown links, be wary of unusual sources, and delete suspicious messages after reporting or forwarding all phishing attacks to your IT department.
#9 Back up your data
Back up all your data to another device or third-party cloud service in case your device is compromised.
Remember 💡 Synchronisation services such as OneDrive and Dropbox are not data backup solutions. The changes ransomware makes can damage synchronised copies too.
#10 Stop auto connecting
Number 10 of our cyber security tips for employees is to make sure your device doesn’t automatically seek and connect to open wireless networks or Bluetooth devices.
This opens the door for cyber criminals to remotely access your device and have access to sensitive information.
Disable these features so the choice to connect to a secure network is in your hands.
#11 Avoid sensitive activities on public WiFi
Confirm the name of the public network and exact login procedures with appropriate staff before connecting.
Do not trust any network without an access password, and consider using a VPN to keep your confidential data private when using public networks.
#12 Limit what information you post on social media
Many people don’t realise that personal posts on social media are all that criminals need to know to target you, your loved ones, and your physical belongings – online and in the real world.
- Full names
- Postal address
#13 Never leave your mobile devices unattended
Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.
Never leave your equipment unattended in a public place. Enable “automatic lock” functionality where available.
#14 Play hard to get
No, this is not love advice 😊
Cybercriminals use social engineering tactics, hoping to fool their victims.
If an email looks “phishy” do not respond and do not click on any links or attachments found in that email.
When available use the “junk” or “block” option to no longer receive messages from a particular sender.
#15 Check your app permissions
The next cybersecurity awareness tip is to check your app permissions.
Your mobile device can have suspicious apps running in the background or using default permissions you never realised you approved.
They can gather your personal information without your knowledge.
Use the “rule of least privilege” to delete permissions that you don’t need or no longer use.
Bonus: Only download apps from trusted vendors and sources.
#16 Protect your devices with antivirus software
Make sure your device’s security software scans for viruses and malware.
That includes your personal device too, if you have work related data on there.
Be sure to periodically back up any data that cannot be recreated such as photos or personal documents.
#17 File sharing between devices should be disabled when not needed
You may want to consider creating a dedicated directory for file sharing and restrict access to all other directories.
You should always only choose to allow file sharing over home or work networks.
Never on public networks.
Bonus: Password protect anything you share.
#18 Get assistance to secure your network
Check the customer support area of your ISP or router manufacturer’s website for specific suggestions to assist in securing your wireless network.
#19 Use a VPN (Virtual Private Network)
One of our key cybersecurity tips.
VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted.
VPNs allow employees to connect securely to their network when away from the office.
Many businesses have a VPN.
If a VPN is available to you, make sure you use it.
#20 Know who is on your network
Most wireless access points and wireless routers let you see which devices are connected.
Our 20th tip of our cyber security tips for employees is to review these lists frequently for any devices which are unfamiliar, either blocking those which are unfamiliar, or changing WiFi passwords to keep unauthorised devices out.
#21 Don’t tell anyone your passwords
Seems like an obvious one, but you would be amazed how many people write down their passwords or share their login credentials via email.
Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.
#22 Update your social media privacy settings
Set the privacy and security settings to a level you’re happy with.
Disable geotagging. It allows anyone to see where you are, and where you aren’t, at any given time.
Not a great idea.
#23 Check for the "green lock"
Our next cybersecurity awareness tip is to practice safe surfing wherever you are by checking for the "green lock" or padlock icon in your browser bar when making financial transactions.
It indicates a secure connection which has undergone extended validation, and that the business you are dealing with takes the security of your transaction seriously.
#24 Share with care
Even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it.
Think before you post.
#25 Use a password manager
Another one of our key cybersecurity tips.
A password manager is the most secure way to store all your unique passwords.
With just one password, you can create strong passwords for every account that you have.
At CSC, we recommend 1Password.
Bonus: Never divulge your master password 😉
Extra bonus: Protect your manager with a physical security token.
#26 Be wary of communications that implore you to act immediately
Cybercriminals will always attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy, or that they are about to miss out on something.
If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform.
If the email comes from a business but still looks “phishy”, reach out to them via customer service to verify the communication.
#27 Be wary of hyperlinks
Hover over links to verify they are authentic.
Ensure that URLs begin with “https”. This indicates encryption is enabled to protect your information.
Watch out for “lookalike” domains, such as “myb4nk.com”.
#28 Utilise a firewall
Firewalls can prevent some cyber attacks by limiting malicious traffic.
They can also restrict unnecessary outbound communications.
Some devices and operating systems come with a firewall preinstalled.
Make sure your device is currently using a firewall and that it is configured properly.
#29 Double check email attachments
It is common for cybercriminals to alter the return address so that it looks like the message came from someone other than the sender.
Before opening any attachments, verify that the message is legitimate by contacting the person who sent it.
Use caution even from people you know.
Be especially wary of unsolicited attachments.
#30 Utilise the “guest” account option on WiFi
A widely used feature on many wireless routers, it allows you to grant wireless access to guests on a separate wireless channel with a separate password.
This maintains the privacy of your primary credentials.
#31 Watch out for Phishing 🎣
No, not fishing: Phishing.
More specifically, phishing attacks.
According to Verizon’s 2021 Data Breach Investigations Report, 36% of all breaches involved phishing attacks. 85% of those breaches involved a human element.
Its goal is to gain sensitive information about you and use it to make unauthorised purchases or to gain access to a secure system.
Be a cynic. Always suspicious of unexpected emails.
#32 Use unique passwords
Too many people fall into the trap of using the same or very similar password for all accounts.
Cybercriminals try to use stolen passwords from one service to log into other services, known as “credential stuffing”.
Defeat this by using a unique strong password for each service.
Bonus: Use a password management app to set random passwords for each account.
#33 Understand and follow company policies
To maintain information security, your company may have developed a number of policies.
This could include a:
- Work From Home (WFH) policy
- Acceptable Use policy
- Data Security policy
- Cryptographic policy
If you are uncertain about your employer's data security expectations, we recommend you request clarification from them or review their policies again.
#34 If in doubt, report to your IT department
Our final tip is to report any incident to your IT department as soon as possible.
Timing is everything with cyber security, so don't be afraid to report a cyber security incident.
Especially, when you're at fault.
Your IT team will thank you for it.
(Obviously, not the part where you clicked on the link 😉)
We hope you enjoyed our cybersecurity awareness tips for employees.
For a quick cheeky plug, we do offer Cyber Security Awareness Training to businesses and their employees 😊
If you have any other questions, please feel free to get in touch.
Back to the blog.
Sign up to our newsletter
The latest insights, articles, and resources direct to your inbox.