When businesses consider protecting their company information from cybersecurity attacks they first focus on the digital access points where a hacker may gain access to their system. By setting up firewalls and building a safe digital infrastructure, this is a natural place to start. However, what happens if an employee is targeted with an email, voicemail or text? Even the most seasoned employees could fall victim to a cybersecurity attack. After all, cybercriminals know what they are doing! Over the next two blog posts, we’re going to share the top five defenses you can implement today against cybersecurity threats. To prepare your firm to meet these threats, you’ll need an inventory of important data, where it is stored, and who has access to it.
Cybersecurity Defense #1: A Clean Office Space
Employees who have a messy or disorganized office space run a higher risk of being targeted for an attack. With the increased mobility of today’s workers, this defense is more important now than ever. When smartphones, USB drives and open laptops are in full view of others, it is much easier for a hacker to swipe a digital device or read confidential information. Furthermore, with a messy or disorganized workspace, it may be hours before an employee notices that something is missing. Here are the key ways your employee can keep their workspace secure:
- Keep all confidential folders or papers in a LOCKED filing cabinet or drawer (and make sure the employee keeps the key on them rather than in easy view for swiping).
- Create a habit of locking down a laptop or computer whenever the employee gets up from their desk – even if it’s just for a quick bathroom break.
- Erase notes on whiteboards after meetings or before video calls. Often, important business processes or confidential information can be in plain view.
Cybersecurity Defense #2: Recognize a Phishing Attempt
Phishing refers to a cybersecurity threat through an employee’s email and – according to recent statistics – is the source of 90% of successful cyberattacks. The sender is usually unknown to the recipient and it is often asking for sensitive information. The email may contain a link that takes the employee to a malicious website or the person may pose as a member of your own IT department. Here are the best practices to share with your employees so that they can avoid any potential threats:
- Educate your employees that you will NEVER ask for financial or personal information in an email. If they receive a request, and it looks like it is coming from a team member, have them flag it for IT to investigate.
- Share with your employees how to spot an insecure URL link. For example, a site should have https:// at the beginning of its address. The “s” means the site is secure, versus http://
- If an email looks like it came from a legitimate sender, such as a bank, have the employee reach out to that sender via phone or in-person – not through email. This way they can confirm if the email was real or a phishing attempt. This is especially critical if the email is suggesting financial transfers or payments, purchase of gift cards or similar transactions.
Cybersecurity Defense #3: Create Strong Passwords!
We know it’s difficult to remember all the passwords that the internet requires of us. The following tips provide basic information on how to secure your logins and passwords:
- Create a unique user login ID and password for every website and portal. To make this manageable, employees should be using a password management system (like LastPass) to generate and securely store their unique passwords for easy access. With a password management system, they are only required to remember ONE password in order to access ALL of their passwords.
- Use Multi-Factor Authentication (MFA) to protect your accounts from compromise by password attacks. MFA is a security enhancement that allows you to present two pieces of evidence – something you know (a strong password) and something you have (a secret code) – when logging in to an account.
- Use strong passwords with a combination of letters, numbers and symbols ($, &, #, etc.) and avoid using any pet names, birthdates or other personal details.
Cybersecurity is a real threat for businesses, and deserves your attention and focus to protect your business data and your reputation.
Stay tuned next month while we deliver our tips for keeping employees’, and your company’s, information safe while browsing the internet and using their mobile devices. If you can’t wait until then, contact us to discuss more! In the meantime, stay safe.