October is Cybersecurity Awareness Month, an annual effort to raise awareness about the importance of cybersecurity in today’s workplaces.
Businesses can face significant monetary loss when falling victim to a cyberattack. Cybercriminals often rely on human error, such as employees failing to install software patches or clicking on malicious links or attachments, to gain access to systems. That’s why it’s critical to have robust cybersecurity protocols and training available within your organization to prevent attacks. Cybersecurity should be a priority for everyone, from your leaders to your newest employee, because it requires diligence and routine practice to keep data, clients and capital safe and secure.
If you’re interested in developing cybersecurity best practices but are unsure where to start, here are a few basic tips at the employee and organizational level that promote a culture of cybersecurity.
As an Employee
Receive an odd email? Delete it or pass it on.
Stop and think before you open attachments or click links in emails — especially those from external senders. Cybercriminals will try to make their messages appear as legit as possible through social engineering, so always be on alert when sorting through your inbox. Email links, instant messages and online posts are often how cybercriminals compromise your computer. If it looks suspicious, it’s best to delete it or forward it to your internal IT department to check it out.
Guard your devices.
In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place, and always lock your devices when not in use. Where possible, implement two-factor authentication (2FA) on your accounts to provide an additional layer of security. With 2FA, hackers need more than just your login credentials to access your accounts; they’ll also need a unique code (sent via a text or phone call or generated from a 2FA app), making it near impossible to gain entry without a physical device.
The stronger the passwords, the better.
Use passwords that are at least eight characters long and a mix of letters, numbers and characters. Even better, use passphrases that only you would know and avoid common dates and words. Passwords that don’t contain actual words are the strongest, so consider swapping in numbers or symbols where a letter may be. Whichever password you choose, be sure it’s unique for each of your accounts. You can use a password manager tool to help you keep track. Don’t keep a physical list of passwords in your desk space or store it digitally on your work computer (in case it’s ever stolen), and don’t share your usernames or passwords with anyone.
Trust your gut.
Never be afraid to double-check links or requests if something appears off. If a website takes you someplace you weren’t expecting, don’t enter your credentials. Instead, trust your gut and double-check the legitimacy of the website. Find the same web link you know is trusted and compare the pages to confirm it’s safe. The same goes for if you receive an email from your boss or coworker that seems odd. Before you agree to their request, reach out to their known email and confirm it. In today’s world, you can never be too cautious.
Always report suspicious activity.
If you experience any unusual problems with your computer or receive a strange email, report it to your IT department immediately. The same is true for those you see in the office: if you notice someone unfamiliar trying to scope out computers or insert a random USB drive, don’t engage with them or plug the USB drive into your device — report it. When in doubt, it’s always better to be safe than sorry.
As an Organization
Assess your organization’s security posture.
To best protect your organization, you need to have a full understanding of your information security landscape and maturity. Knowing where your current procedures excel and where gaps exist is essential in building a solid cybersecurity strategy. If you aren’t aware of your security vulnerabilities, you can’t take preventative measures against them.
Train your employees.
Having routine training and resources available for employees is crucial for minimizing risk. Your employees are your first line of defense against cyberattacks and should be well equipped with the tools and knowledge they need to make informed decisions. Technical solutions like firewalls and VPNs can only account for so much.
Have a response plan ready.
Cyberattacks can happen at any organization at any time. As part of your organization’s security strategy, you should have a response plan outlined in case an attack ever occurs. Having a well-planned and tested response plan is key to timely recovery. Everyone should know what role they play in case of an attack so that action can be taken to minimize the impact as much as possible.
Get a firm grasp of your organization’s data.
Do you know what data your organization stores and where it’s located? Employees may keep data on their desktop removable drives or some type of cloud storage (e.g., One Drive, Google Drive or Dropbox). You may also partner with vendors who have access to your data and can keep track of it using their own tools. Understanding the reach and makeup of your organization’s data is the only way you can protect it.
Perform routine backups and test restores.
Be sure to make electronic and physical backups (or copies) of all your important work. Key data can be lost in many ways, including computer malfunctions, malware, theft, viruses or even accidental deletion. Taking the time to back up your data could save you if the worst-case scenario ever becomes reality.
These tips are a great starting point for promoting cybersecurity best practices, but there’s much more you can do as an employee or organization to keep data secure this month and beyond. At Creative Planning Business Services, we help clients develop and implement a robust cybersecurity strategy that evolves and addresses risks for both the short and long term. Contact us today to learn more about our range of technology services.