Cybersecurity best practices that every employee/employer should know

July 23, 2020

It is not surprising to see how cyberattacks have become more sophisticated and prevalent over the past few years. Many businesses around the world have identified cybersecurity breaches in their networks, suffering attacks such as phishing, social engineering, malware, ransomware and more.

The fact that companies believe that external threats are the most important problem they need to protect against is something that needs to be reviewed twice, especially since the most vulnerable asset of any company is its employees. Regardless of how strong IT teams might be and how some employees might be familiar with common types of attacks, keeping in mind that they don't have the skill sets and knowledge to protect themselves from sophisticated attacks makes them more exposed and easier to target, posing a significant risk to any business.

A successful cybersecurity strategy must involve proper procedures to keep a proficient level of security and a monitoring system to search for breach attempts. The responsibility of keeping the organization's data safe falls not only on cybersecurity partners or IT departments, but on every single employee of the company, and training plays a significant role in this process. When it comes to protecting your information and integrity from cyber threats and attacks, company staff should be considered as or more important than any software used.

Important things to consider:

  • Working from home or using personal devices - Employee's personal devices can also be targeted through malware and are even easier to aim. Normally these devices are not secured properly and are used by several users that have nothing to do with work. Some employees even lend their devices to their children, unintentionally exposing their information even more. Kids love playing games on devices and most of the freely accessible games come with malware attached. Paying close attention on 1) who uses your devices, 2) the sites visited, and 3) the opened links can be the differentiation between getting assaulted or staying safe.
  • Clean data when disposing gadgets - Buying the latest gadgets sounds exciting, but if information is not wiped out of the old device, information such as intellectual property, credentials, customer numbers, etc. can fall into the wrong hands. Selling your old device or giving it out to your children without wiping out data is the perfect opportunity for criminals to extract valuable information. When handing your gadgets to others, make sure to reset or erase all its content, including apps, internet history, and saved passwords you forgot you had.
  • Be aware of suspicious moves and avoid impersonating emails - Many impersonations are flooding employee inboxes. Right now, there is a lot of labor dispersed, and most people have activities in their homes that do not give them time to focus on cyber threats. This has opened a big window for criminals to target people remotely. In stressful situations and getting used to working from home, unsuspecting employees won't be able to verify the authenticity of the counterfeit email without paying attention to specific details.

A few other cybersecurity best practices that every employee must follow are:

  • Be alert and keep an eye on your devices. The easiest way for a criminal to steal data is by stealing your devices.
  • Use encryption on your devices. This will help big time in case the device is stolen.
  • Use multifactor authentication. This adds one more layer of security.
  • Be aware of the phishing sites. Check the domain name carefully before clicking on it. A phishing site looks the same as an original site.
  • Better password management. Always use longer passwords with a combination of alphanumeric and special characters. Never share credentials. Use different password for different accounts. Use a password manager to store all the passwords.
  • Do not open email attachments or links unless the source is known.
  • Use updated browsers, older ones are leaky.
  • Make sure devices are always updated. If needed, set it up to automatically update.
  • Use privileged access only when it is necessary.
  • Install reliable antivirus and software bought only from original sites or reputable sources.
  • Be cybersecurity aware. Never miss a cybersecurity awareness program which your organization provides.

Cyberattacks should not be underestimated. Employers should ensure its staff have the necessary tools and knowledge to avoid threats and safeguard company data all the time. THETA432 will perform simulated attacks on your user groups and provide detailed metrics on who clicked when and how. Additionally, we will send employees to a learning management system where they will receive additional training to help them recognize various attacks. Contact us to learn more!

Authored by
Basheer Ahmed Khan
Theta432 Director of Operations, India