It can be difficult to find a place to start as many workplaces offer very vague cyber security policies, with some not having them at all. Luckily, even without set policies, there are multiple ways in which you can apply additional safety measures to your data. Doing so will also make you less likely to become a weak link used by hackers as an entry point into your company’s network. Not all online guides are the same, with many covering complicated tech methods only cybersecurity experts can understand. Although the tried and tested online security tips below may seem very simple at first, they’re also the most effective. Implementing at least a few of them in your daily routine will add great security to your data at work — regardless of how tech-savvy you are!
13 Best Cyber Security Practices You Should Follow in Your Workplace
1. Protect Your Accounts With Strong Passwords
Securing your devices and online accounts with passwords is one of the most effective ways to keep your data safe — unfortunately, it’s also become a weak spot hackers use to break into your profiles and steal sensitive data. That’s because many people disregard the importance of setting strong passwords and often reuse the same simple combinations, like ‘12345’ or ‘password’, to secure work devices and accounts. As hackers now have some of the most sophisticated tools that help them easily crack passwords in seconds, you need a combination that will definitely keep your data hidden. The strongest passwords must contain at least 8 characters with a mixture of uppercase and lowercase letters, numbers, and special characters. Each of your profiles should be protected with a brand new combination so avoid repeating passwords, especially for vulnerable or work-related accounts. You should also refrain from using words that could be easily linked to you, such as your children’s names, dates of birth, or the address of your primary school. While combining your wife’s maiden name with your wedding date may seem like a strong combination, hackers can still recover these details from various sources (like social media) and log in to your accounts. Instead, ensure the combination is random and doesn’t mean anything, for example, “Ofh61D3x!?p”. As these combinations are a lot more complicated and difficult to remember, many workers write them down in notebooks or pieces of paper they leave in plain sight at work. It’s another mistake that may compromise the security of your accounts as anyone who walks past your desk can learn your login details. Password managers effectively store and organize all of your passcodes — so you don’t have to remember them yourself. They can even create the most secure combinations for you! Programs like LastPass, RememBear, NordPass, or Sticky Passwords are completely free to download and use, so you won’t have to spend a penny to stay safe at work. Alternatively, you can apply even more protection to your accounts by using passphrases instead of one-word passwords. These usually take the form of a single sentence or a phrase decided by you. Their unusual length makes it a lot more difficult for cybercriminals to break through, even with the use of the most advanced hacking software.
2. Set Up Multi-Factor Authentication On All of Your Accounts
Two-factor authentication requires you to provide two separate verification methods when you log in to your accounts. The first step of authentication is almost always through using a correct password, while the second differs depending on the platform you’re trying to access. Very often, you’ll be asked to provide a separate email address or a phone number which the platform will use to send you a randomly-generated access code or link. You’ll be allowed to access your account only by entering the correct combination — or by clicking on the link. This creates an additional layer of security to all of your accounts by making sure hackers won’t be able to break in, even if they successfully guess your password. Almost all websites now allow you to apply this double protection to your profiles — you can even turn it on to limit unauthorized access to your iPhone. The setup process is very simple, and you’ll be able to enable the two-factor verification in your account settings on most platforms. If you’re struggling to find it, you can always contact customer support or your IT department and they’ll sort it out for you.
3. Always Verify the Email Sender Before Clicking on Any Attachments or Links
Phishing is one of the most popular scamming methods used to steal your vulnerable information or gather a company’s data. Hackers create very generic messages implementing scare tactics to encourage you to click on a link or download an attached file. As soon as you comply with such a request, you give scammers easy access to your device and the data it holds by downloading malware that immediately infiltrates the network. It’s now estimated that there are over 3.4 billion phishing emails sent out every day. You need to pay great attention to detail because scammers work hard to disguise anything that could look suspicious. Watch out for grammar mistakes, click-bait links that sound too good to be true, unusual requests, and odd spelling, particularly in the email address. Don’t rush, make sure to carefully check every letter in the email address, and compare it to the company’s email displayed on their website if possible. You can also call the organization in question to verify if they recently tried to contact you. Finally, you should also forward the email to your IT department so they can run additional checks. Interact with the received email only if you get the green light from the specialists and are 100% confident the sender is legitimate. Be aware that phishing emails don’t always mimic third-party companies — many of them seem like they’re sent from your colleagues, employers, or even friends. This makes them a lot more believable, as you’re less likely to be suspicious of the contents of the received email. To avoid compromising your and your company’s data, always confirm the sender’s identity using another method of communication. You can quickly and easily verify the origin of such email by calling or messaging the sender through an online system your company uses, such as Slack or others. Alternatively, you can ask them in person if the alleged sender works in the same department or building as you.
4. Connect Only to Secure WiFi Networks
As more companies are implementing Cloud storage, employees are allowed to perform their tasks from the comfort of their own home or a public space, like a cafe or library. However, remote work removes any cyber protection applied in your workplace and makes you an easier target for cyberattackers. You should never carry out any work-related duties using an unsecured WiFi network in hotels, cafes, restaurants, libraries, and other commonly used public spaces. Active or idle hackers can easily intercept public networks and break into every device that’s connected to them. Then they infect their targets with malware, like worms and viruses, or perform a Man-in-the-Middle (MitM) attack that allows them to intercept and collect all data sent between you and the internet. If your work requires you to do your tasks when you’re out of the office (for example on a business trip) consider protecting your devices with a VPN. A VPN connection will automatically encrypt your online traffic giving you full anonymity even on public WiFi networks. Data encryption makes it impossible for hackers to read what information you send and receive and protects you from malicious actors waiting to enter your devices. By setting up a connection to a VPN server prior to using any public hotspot, you’ll become invisible to snooping eyes regardless of where you do your work.
5. Turn on Your Firewall to Monitor Incoming Traffic
Any work device you and your co-workers use is likely to be connected to the same online network provided by the company. This constant internet connection and exchange in communication between devices allows hackers to look for any existing vulnerability that could allow them inside the network. Even the smallest weakness in your device can be exploited to access data stored within your computer and any other device with the same internet connection. Firewalls can prevent such attacks from happening by monitoring and limiting the traffic that passes through the network. In other words, it builds an online wall between the internal connection in your workplace and external traffic that comes in from the internet. Based on a set of pre-configured settings, firewalls permit or forbid data packets from passing the security wall effectively stopping any malicious traffic from entering your network. On top of that, installing a firewall on your device will also completely hide your device’s details from anyone outside of the network that your device is connected to. As installing firewalls is a highly complex process, you won’t be able to do it yourself. Contact your employer, system administrator, or the IT team and request to have it set up on your network at work.
6. Avoid Malicious Cyber-Infections With Appropriate Antivirus Software
Malicious files circulate the internet on a daily basis looking to infect as many devices as possible. They often contain various types of malware, such as viruses, worms, ransomware, spyware, adware, and more. The aim of each malicious file differs depending on its type, but most of the time they’re created to collect your personal and business information, record keystrokes, or even completely lock you out of the system. It’s very easy to protect yourself against commonly known malware by installing antivirus software. It’s a program whose sole purpose is to search for any signs of malware by tirelessly scanning any downloaded files and the devices it’s installed on. Once it finds anything suspicious, the antivirus swiftly eradicates the threat by removing the malicious program from any infected files. There are many antivirus programs to choose from and you can opt in for a paid subscription or a free service, depending on your budget. Some of the most recommended free antivirus softwares include AVG, Avira, and Kaspersky Security Cloud, which also offers a variety of affordable paid plans for additional protection. Most programs are very easy to set up and come with a set of written instructions for you to follow. Alternatively, you could consider adding an extra security layer by downloading a reliable VPN. Aside from encrypting your data on each connection, many VPNs come with built-in malware and adware blockers. These work similarly to an antivirus actively preventing suspicious files from downloading and blocking pop-up ads from infecting your device.
7. Keep Your Devices Up-to-Date with Automatic Updates
Updating software on all of your devices is crucial to protect your data at work. Hackers spend a significant amount of their days researching what vulnerabilities they can utilize in every popular software system used by businesses. These bugs and weak points are used to create a point of entry into your device and even the entire network in your workplace. Once allowed access, cybercriminals could gain remote control over the system and databases — sometimes even for months on end! Software companies regularly update their products to remove known bugs and release new products through software updates. Downloading and installing these updates whenever they’re released will ensure your device is protected with the latest security improvements. Each update forces hackers to start their research from the beginning — making them even less likely to succeed before another patch is created. As system updates are released sporadically, the best and most effective practice is to enable automatic updates on all of your devices at work. That way you won’t have to remember to check for them manually every day — instead, your system will be programmed to install them as soon as they’re released. Many devices come with automatic updates enabled, but if you aren’t sure if it applies to you, contact your IT department to have it checked and turned on, if necessary.
8. Create Backups of Important Folders and the Whole System
Backing up existing files doesn’t protect you against cyber attacks — but it can save you a headache in case your device gets stolen, lost, or compromised in an attack. That’s because you’ll be able to recover the most recent version of your files by downloading their backup from the cloud and installing them on another device. There are two very different types of backups: a full backup and incremental backup. The first one works by duplicating all of your company’s assets, such as files, databases, and systems, and saving them on another device or on the cloud. An incremental backup adds to the full backup by copying any files that you created or modified since the last full backup. Experts recommend regularly performing both types as it’ll ensure you’ll always have access to the most updated version of your company’s data. While it’s not always possible to back up your data on a daily basis as it may take too much time, check if your system allows for automatic weekly or monthly backups. These can be set to save directly to the company’s cloud account or a separate device, like a USB stick or hard drive memory. Which one you choose is entirely up to you and your workplace, but weigh out the pros and cons of each before you make a decision. Saving your backups on an external device will add the responsibility of keeping that device safe. You want to make sure it’s stored in a secure place where no one can steal it or modify it. On the other hand, while saving backups to the cloud is by far the easiest method of preserving and retrieving data from anywhere, the online technology can still be quite unsecure. As the cloud is still a fairly new technology, it comes with multiple vulnerabilities that can be exploited by hackers without alerting cyber security experts. This may lead to potentially handing over all of your company’s data to an attacker should your cloud account be compromised.
9. Apply Web Filtering Services to Disable Automatic Uploads
Web filters are an efficient way of blocking certain content and sites on all of your devices at work. You’ll be able to specify which platforms you’d like to disable and what sites can be viewed, but not posted to. That way you’ll still be able to scroll through social media during your tea breaks, but you won’t risk accidentally sharing any vulnerable data by uploading photos to your Instagram story. It’s particularly useful if your work requires you to browse the internet to carry out research. As millions of sites on Google are unsecure, you’re likely to accidentally visit some without realizing in time. Non-HTTPS platforms can sometimes carry malicious code embedded into them, which installs web trackers and malware on your device as soon as you access them. Web filtering can prompt warnings prior to letting you open unsecured sites so you can avoid visiting websites you don’t trust. You can turn on appropriate content filters by accessing them in the settings on your devices. Though they sometimes appear under ‘parental controls’, they can also be utilized in work settings as a way to avoid cyber security mishaps. Some online security companies also offer their versions of web filtering software that can be downloaded for free. The most popular programs include Qustodio and OpenDNS Family Shield. You’ll find they offer extra services aimed at helping parents manage their kids’ screen time, but it won’t impact your user experience at all.
10. Be Aware of Possible Insider Threats
When talking about cyber security threats, many guides focus mainly on hackers trying to break in from the outside, but that’s not always the case. It’s really common for cyber attacks to originate internally with research showing that 30% of hacking attempts are now carried out by current or former employees. Insider threat describes an instance of someone acting in ill manner with premeditation — but it can also mean various accidents coming from human error or negligence. Regardless of their origin, insider threats put your data at risk of being leaked and transferred to the wrong hands. That’s why it’s so important to ensure you don’t leave yourself open to those you work with by limiting vulnerable information displayed on your desk or workspace. Remember to put away any folders that contain valuable information either about company-related processes or your personal data. Hide any USBs and, if possible, lock your devices in a safety cabinet or a locker. Refrain from writing down your passwords and login credentials in notebooks or scraps of paper, especially if you’d leave them in the open. Every employee should have their access restricted to only the necessary areas of the business network. This means that unless you’re required to share certain accounts and documents with your team, you should never give out your login details to anyone. Doing so will minimize possible inside threats and make it more difficult for those who wait for an opportunity to act with malicious purpose. It’s also a good idea to shut down or log out of your work devices every time you leave them unattended, even if it’s just for a toilet break. This will effectively prevent anyone from snooping through your files without your permission. It may be difficult to remember to lock your computer every time you step away from it, but it’s a habit worth working towards. Many programs now allow you to enable automatic shut down after a certain amount of time of inactivity. Your IT team can help you set it up, so don’t hesitate to ask!
11. Safeguard Your Data When You’re Out of the Office
While public WiFi networks put your online data at risk, you should also protect your devices and work information by following easy non-technical practices — especially if you work remotely. As hackers are known to actively search for new victims in public spaces, you should never assume your details are safe, even when you aren’t connected to the internet. If your role requires you to work away from the company, make sure to do everything you can to keep your company’s data secure. Avoid overly-crowded spots at airports, hotels, or restaurants. If possible, pick a seat with your back facing the wall, so no one can look at your devices over your shoulder. Additionally, consider getting a privacy filter to apply to your device or simply dim the screens to make it more difficult for passers-by to see what you’re doing. Be careful of what information you discuss when you’re out of the office. Many companies require their employees to sign a non-disclosure agreement, which prevents you from sharing business details with anyone outside of the company. However, you should also refrain from discussing any work-related issues with your colleagues when you’re not in a business setting, for example in a cafe or bar. Such places are a common hangout space for hackers who are waiting to hear any information that could help them perform successful attacks. You never know who’s eavesdropping on your conversations, so stay away from mentioning any confidential details. Finally, always turn off your devices when you’re done with work for the day. Any device that’s left on remains connected to the internet, increasing the chances of it becoming compromised by hackers. Making sure all of your devices are properly switched off at the end of the day will significantly reduce this risk by fully removing their connection to the online network.
12. Attend Cyber Security Trainings At Work
According to Kaspersky Lab, human error now accounts for around 90% of all cyber attacks that happen in businesses of all sizes. Even the smallest mistake you make, such as clicking on a fraudulent link, can lead to catastrophic loss of a company’s data. These errors are often a result of a lack of appropriate cyber security knowledge amongst workers and can be easily fixed by attending all IT trainings in your workplace. Despite being undervalued by many employees, these courses are a great way to learn more about how to protect yourself and the company you work for. They cover a wide range of topics from explaining basic IT knowledge to showing all the steps you should take after a cyber attack occurs. Very often, they’re also provided free of charge as a part of your employee training program and take place during your working hours, so you get a break from your usual tasks. Completing one course won’t get you out of other classes though. The cyber security field is ever-evolving so what was current last month, may not apply anymore. IT courses are constantly updated with the latest preventive techniques and newly researched information. Each offered class is equally as important as the next, so make sure you attend them regularly.
13. Reach Out to Your IT Department When In Doubt
Unless your position requires cyber security knowledge, remember that you’re not expected to be an IT expert. Don’t worry if you don’t understand certain procedures or policies and never hesitate to direct any questions to the IT department in your workplace. The IT team can help you when it comes to changing your security settings, downloading and installing antivirus software, or managing web filters and VPN connections. They can easily pinpoint weak spots on your devices and ways in which hackers can silently gather your data. However, they’re also open to suggestions on how to improve their work and the business network so definitely start a discussion if you have any ideas. After all, a robust cyber security system at work is a joint effort of everyone involved. You should also report any suspicious activity to the IT experts. They aren’t always aware of everything you encounter online, so it’s best to keep them updated on any security warnings and alerts prompted by your security software.
Take Precautions to Protect Your Data — Don’t Wait For Others to Do It For You
With over 20 commonly known cyber attacks, your data needs your protection more than ever — especially at work. As your company stores your personal details, such as social security numbers, bank details, and home address, you shouldn’t only rely on its cyber security protection. Instead, remove yourself as a possible hacking target by making sure you follow at least a couple of the cyber security tips outlined above. In addition to creating a cyber security routine, remember that cyber attackers constantly alter and improve their techniques to bypass even the toughest protective measures. You need to keep on top of it by staying up-to-date on all security policies implemented in your workplace as well as the latest cyber security methods.