October is Cybersecurity Awareness Month, an annual effort to raise awareness about the importance of cybersecurity in today’s workplaces. Creating and maintaining a culture of cybersecurity is critical for all organizations—no matter your industry or size—and is a responsibility shared among all employees.
Businesses can face significant financial loss when falling victim to a cyber-attack. Cybercriminals often rely on human error, from employees failing to install software patches to clicking on malicious links or attachments, to gain access to systems. That’s why it’s critical to have robust cybersecurity protocols and training available within your organization to prevent attacks. Cybersecurity should be a priority for everyone, from your top leaders to your newest employee because it requires diligence and routine practice to keep data, clients and capital safe and secure.
If you are interested in developing cybersecurity best practices but are unsure where to start, here are a few basic tips at the employee and organizational level that help promote a culture of cybersecurity.
As an employee:
1. Receive an odd email? Delete it or pass it on. Stop and think before you open attachments or click links in emails, especially from external senders. Cybercriminals will try to make their messages appear as legit as possible through social engineering, so always be on alert when sorting through your inbox. Links in email, instant messages, and online posts are often how cybercriminals compromise your computer. If it looks suspicious, it’s best to delete it or forward it to your internal IT department to check it out.
2. Guard your devices. In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use. Where possible, implement 2FA or two-factor authentication on your most used accounts to provide an additional layer of security. With 2FA, hackers need more than just your login credentials to access your accounts, and instead need a unique code sent via text, phone call or generated from a 2FA app, making it near impossible to gain entry without a physical device.
3. The stronger the passwords, the better. Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Even better, use passphrases that only you would know and avoid common dates and words. Passwords that don’t contain actual words are the strongest, so consider swapping in numbers or symbols where a letter may be. Whichever password you choose, be sure it’s unique for each of your accounts. You can use a password manager tool to help you keep track. Do not keep a physical list of passwords in your desk space or store it digitally on your work computer in case it’s ever stolen, and do not share your usernames or passwords with anyone.
4. Trust your gut. Never be afraid to double-check links or requests if something appears off. If a website takes you to someplace that you were not expecting, do not enter your credentials. Instead, trust your gut and double-check the legitimacy of the website. Find the same web link you know is trusted and compare the pages to confirm it’s safe. The same goes for if you receive an email from your boss or coworker that seems odd. Before you agree to their request, reach out to their known email and confirm it. In today’s world, you can never be too cautious.
5. Always report suspicious activity. If you experience any unusual problems with your computer or receive a strange email, report it to your IT department immediately. The same is true for those in-office, if you notice someone unfamiliar trying to scope out computers or find a random USB, do not engage with them or plug it in your device, and report it. When in doubt, it’s always better to be safe than sorry.
As an organization:
1. Assess your organization’s security posture. To best protect your organization, you need to have a full understanding of your information security landscape and maturity. Knowing where your current procedures excel and where gaps exist is essential in building a solid cybersecurity strategy. If you aren’t aware of your security vulnerabilities, you can’t take preventative measures against them. BerganKDV offers a free mini self-evaluation where you can get a high-level view of how your organization’s security measures stack up. Try it out here.
2. Train your employees. Having routine training and resources available for employees is crucial for minimizing risk. Your employees are your first line of defense against cyber-attacks and should be well-equipped with the tools and knowledge they need to make informed decisions. Technical solutions like firewalls and VPNs can only account for so much.
3. Have a response plan ready. Cyber-attacks can happen at any organization, at any time. As part of your organization’s security strategy, you should have a response plan outlined in case an attack ever occurs. Having a well-planned and tested response plan is key to timely recovery. Everyone should know what role they play in case of attack so that action can be taken to minimize the impact as much as possible.
4. Get a firm grasp of your organization’s data. Do you know what data your organization stores and where it’s located? Employees may keep data on their desktop removable drives, or some type of cloud storage (One Drive/Google Drive/Dropbox). You may also partner with vendors who have access to your data and keep track of it using their own tools. Understanding the reach and makeup of your organization’s data is the only way you can protect it.
5. Perform routine back-ups and test restores. Be sure to make electronic and physical backups or copies of all your important work. Key data can be lost in many ways including computer malfunctions, malware, theft, viruses, or even accidental deletion. Taking the time to back up your data could save you if the worst-case scenario ever becomes reality.
These basic tips are a great starting point for cybersecurity best practices, but there’s much more you can do as an employee and organization to keep data secure that goes beyond just this month. At BerganKDV, we help clients develop and implement a robust cybersecurity strategy that evolves and addresses risks for both the short and long term. If you have additional questions regarding how to administer strong cybersecurity procedures and training techniques, BerganKDV can help. Contact one of our team members today to learn more about our security solutions.