In the office, cybersecurity is everyone’s responsibility. By reminding your employees of these simple online safety best practices, your organization can avoid becoming the next victim of a cyber-attack. Check out the tips below to improve your organization’s cybersecurity defenses and minimize risk.
- Lock it up
Modern workplaces are often split between multiple locations and may involve remote employees. No matter where your office is located for the day, devices should be carefully secured. Make sure employees know to always keep portable devices such as laptops and cell phones locked with a secure passcode. There are many ways to create secure passcodes. Some devices have biometric scanners, while others use a PIN or matrix passcode for authentication. If you are using a text password, make sure it is unique for each account.
- Two is better than one
For critical applications and accounts, employees should be required to use two-factor authentication. A good way to remember how it works is that it’s a combination of any two of the following:
- Something you have (such as a randomly-generated code or ID badge)
- Something you are (such as a fingerprint)
- Something you know (such as a password)
Two-factor authentication is an important layer of defense beyond the typical password. It decreases your risk of falling victim to a compromise because criminals need access to not only your account password, but your additional security method as well to access the account. Be sure it’s required for employees accessing sensitive networks or data.
- VPN for the win
When conducting work business outside of the office network, ensure your safety by never using wi-fi without using a VPN (Virtualized Personal Network). A VPN acts as a secure tunnel over the internet, encrypting traffic. By implementing a VPN to your office’s secure network, employees can travel while relying on the defense controls at HQ. Requiring employees to VPN into a secure network is essential; using public wi-fi networks can expose your organization’s accounts and data to malicious actors or compromised infrastructure.
- Stay on guard
From the founder to the new intern, everyone at your organization needs to remember: if something looks suspicious, chances are it is! Malicious actors will leverage urgent subject lines, billing-related attachments, and spoofed senders to entice the recipient to take action. Share these email and web browser tips: Never open or download attachments from unknown senders and always hover over a link before clicking to ensure you’re being directed to the intended URL. Implementing these security best practices can help prevent the spread of malspam and ransomware.
- Training is key
Your organization’s cyber defenses depend on an educated workforce that can apply best practices to avoid threats. From recognizing a suspicious email to knowing when to connect via VPNs, you’ll want to ensure your employees understand cybersecurity essentials. SANS is the leading cybersecurity training institute for professionals offering courses on multiple topics. Their security awareness training programs help train employees on topics like phishing, two-factor authentication, and more.
About the Author
Sean Atkinson is Chief Information Security Officer of CIS® (Center for Internet Security, Inc.). He uses his broad cybersecurity expertise to direct strategy, operations, and policy to protect CIS’ enterprise of information assets. His job responsibilities include risk management, communications, applications, and infrastructure. Prior to CIS, Sean served as the Global Information Security Compliance Officer for GLOBALFOUNDRIES, serving Governance, Risk and Compliance (GRC) across the globe.