Effective workplace security is becoming more and more critical. With news of increased ransomware attacks dominating headlines, the threat couldn’t be clearer. The majority of the most devastating hacks in recent memory couldn’t have happened without negligent or ill-informed employees.
The two most common attack methods used by ransomware bad actors are phishing attacks and brute force hacking carried out against RDP services. Why? Because they work—by targeting the weakest links in a cybersecurity perimeter, bad actors can gain access to systems and data far more easily than if they go after vulnerabilities in software.
Educating your employees about the kinds of threats they face gives you a better chance of avoiding these expensive and disruptive events. Here are some practical tips to increase employee awareness—and data security.
- Learn How to Identify Phishing Attacks
Phishing attacks are typically emails that seem to be from a legitimate source. The email might ask for “verification” of sensitive information or include some sort of “software update” that the recipient is urged to install right away. Teaching your employees how to recognize the signs of a phishing attempt may be the best first line of defense in keeping your data secure.
Here are some more things to be aware of:
Misspelled Words, Mangled Grammar, Nonspecific Salutation Lines
If you receive an email that contains language that doesn’t seem right, that’s a sign it could be a phishing attack. If an email sent to you opens with “Valued Customer” or some other generic form of address, that’s another big warning sign.
Always Check Links
Hover over links in email messages to be sure they’re pointed to where they claim to be. The domain in the text of the email should match the domain of the link in the preview. If it doesn’t? Don’t click it.
Requests For Usernames, Passwords, or Other Sensitive Information
It’s unlikely that anyone would legitimately ask for this information via email. If you receive a request like this, call your IT department for more information.
Be Wary Of Attachments
Scan every attachment you get for viruses, and never open an attachment with a file extension you don’t recognize.
If you want the highest quality of cybersecurity education for your employees, invest in managed IT services that can ensure thorough employee security training.
Use Unique, “Fresh” Passwords
Passwords should never be used more than once and should be changed every 90 days at a minimum.
Some useful tips about passwords:
- The best passwords contain 12-15 characters and use a variety of letters, numbers, and symbols.
- Length is the most important factor in password creation. A password using all lowercase letters will suffice if it is long enough.
- Use a phrase or a short sentence for you to remember, but not one from pop culture. A good example could be “ilovepepperonipizza”.
Better yet, use a password manager that can store passwords safely in an encrypted vault and only require you to have a master password.
Avoid Single Factor Authentication
99.9% of compromised user accounts fail to use Two or Multi-Factor Authentication. 2FA or MFA is a must for secure logins.
While this might sound fancy, MFA or 2FA will usually send a code or request to a secondary device. Once you authenticate access on that device, you’re good to go.
Separate Business and Personal Devices
Keep personal devices off of your business network, or use a VPN to ensure files can be accessed securely by remote workers. Allowing employees to access your network from potentially compromised personal devices is asking for trouble.
And while it may be tempting to use your work devices for personal means (e.g. social media, gaming, and online shopping), designate those activities to your personal devices.
Be Cautious About Wifi Connections
It’s well-known that public hot spots aren’t secure, but it’s worth saying again. While it may be tempting to get some work done at the airport or a coffee shop, those connections will leave your online activity viewable to anyone looking.
Similarly, some stores or public locations will use Wi-Fi or Bluetooth connections to track your location while within range. When not in use, turn off Bluetooth and Wi-Fi so that you aren’t automatically connected unknowingly.
If your job means traveling and using public Wi-Fi, invest in a VPN to make your connection more secure.
Keep a Clean Machine
One of the best ways to keep your device secure is by staying on top of what’s on it. This can be done in two ways: keeping all applications and software up-to-date, and deleting old or unused applications periodically.
Having an up-to-date device is a great defense against viruses, malware, and other online threats.
Use Encryption
Encrypting devices is widely recognized as one of the best steps you can take to ensure data security—so much so that device encryption has been a default feature on Android devices since Android 6, and Apple devices since iOS 8.
For Windows, use BitLocker, for macOS use FileVault, and on Linux use something like dm-crypt.
Final Thoughts
IT security isn’t something to be taken lightly, and having reliable cybersecurity training isn’t something that can wait. Good security relies on well-trained and knowledgeable professionals, making your IT support team one of your most valuable assets.
If you’re looking for high-level IT security professionals, ISG Technology can help. Our team of expert technicians is more than capable of keeping your network secure, and your data safe.
Want to learn more? Contact us today.