Over 73% of CISOs across Europe agree that human error is the biggest cyber vulnerability as we draw close to the end of 2023. A study conducted by Stanford University Professor Jeff Hancock and security firm Tessian shows that 88 per cent of data breaches involve employee mistakes. According to a similar report by IBM, human error contributes to 95% of data breaches. Humans are the easiest targets for cybercriminals.
We are often unaware of good security practices, prone to making mistakes, and predictable. Our predictable social behaviour makes it much easier for hackers to use social engineering tactics to breach our guard and acquire sensitive information than crack open an encrypted file. Therefore, cybersecurity awareness among employees is crucial for the survival of a business.
This post will discuss key security risks and the cybersecurity best practices employees can observe to avoid such risks.
The importance of maintaining good cybersecurity habits
When hackers target a specific business, they go through meticulous steps of reconnaissance, intelligence gathering, tailoring a payload, and putting specially directed efforts to breach that company’s cyber defence. In other cases, hackers loosen their vulnerability scanning bots to launch mass attacks. These bots scan through thousands of networks to find well-known security vulnerabilities – like casting a net to catch fish.
In either case, good security habits observed by employees increase a company’s chances of going unscathed. For instance, if every employee in a company is trained to spot phishing emails, it’s hard for hackers to get a malware payload through – they have to be more creative than expect an absent-minded worker to download the malware by clicking on a random link.
When employees maintain a steady level of cybersecurity awareness
- They’re less likely to download malware by clicking on foreign links
- There is better password hygiene across the company
- People are less prone to sharing credentials and sensitive data over phishing emails or calls
- Employees can identify social engineering attacks
- No one makes panicky decisions when faced with a potential cybercrime
- Everyone takes good care of personal security-health
- The company is more likely to stay compliant with security regulations
Cyber Security Tips for Employees and Everyone
The most common misconception about information security is that it is meant only for the information technology department to understand. The truth is, that every person who logs into an online account that holds some valuable information is at risk of being exploited through a cyberattack; hence, it is logical that everyone is security-aware and responsible for their personal cybersecurity health. The good thing is that building good security habits is not very hard.
1. Make sure passwords are always encrypted
That sounds like a hard thing to do for non-technical personnel, doesn’t it? Well, it is not. If you think about it, a password stored in an application’s directory is encrypted by default(if it is not, you may want to stop using that app). In a way, you are in charge of the plaintext version of a password, and through a series of good choices, you can ensure that it is never exposed – at least not from your end.
- Use a password manager to store, and fill in credentials
- Create and reset unique passwords using a password manager (it’s better if you don’t remember the passwords)
- Use an end-to-end encrypted email server or a password-sharing feature offered by a password manager to share passwords – never write them in plaintext
Creating strong passwords or long passphrases by yourself is surely an option but why tax your brain when you can have a tool do it for you? Also, careful password management ensures you never use the same password twice.
2. Use multi-factor authentication for all accounts
As the name suggests, two-factor or multi-factor authentication, or MFA, is a system where verifying a person’s identity depends on more than just a password. A combination of factors – a password, a device, a biometric signature, etc. – is used to verify the authenticity of a user’s identity in MFA. That means your account isn’t exposed if your password is compromised.
Employees should enable MFA wherever available and lean towards applications where MFA is available. For instance, all Google accounts are by default, protected by a 2-factor authentication.
3. Use anti-virus and anti-malware on personal devices
It is more common now than ever for employees to log into business accounts with personal devices. While it brings up efficiency and flexibility, it also pushes cyber security into a red zone. It is important to always protect personal devices against viruses and malware. Employees should also install a good firewall to block questionable inbound traffic.
4. Keep all software up-to-date
Software updates come with security patches. When you do not install software updates as soon as they’re available, you risk exposure to security risks and vulnerabilities.
- Keep your desktop and mobile operating systems updated
- Make sure all applications are updated
- Keep the browsers and browser extensions up-to-date
5. Do not use unreliable network connections
It is a bad idea to connect to public Wi-Fi. Using an insecure connection, your data packets can be intercepted, stolen, or spied upon. Security professionals also recommend using virtual private networks to keep your data safe. Even when using a personal Wi-Fi connection at home, it is better to ensure it is secure. Change the password for the Wi-Fi router – don’t use the one assigned by the broadband provider.
6. Do not share login credentials with anyone
If you get an email from a senior at your office asking for your credentials for a certain application because they have lost theirs, chances are that it’s a trap. Do not share the information. Give them a call, and ask them if it was them. Even if the email were true, remember you are not allowed to share sensitive information over email, not even for the sake of helping others. Use a secure password-sharing system to share the login details.
7. Learn to identify social engineering
Social engineering is a way to hack into the human behaviour instilled in you and manipulate you into divulging confidential information such as credit card information or performing a task that supports malicious intent. Employees need to learn about different types of social engineering and how to steer clear of them.
💡Here’s a guide to detecting and preventing social engineering attacks.
8. Backup your data
Keeping a backup of data important for work can be a good way of getting away unharmed from a ransomware attack. Ransomware attacks encrypt your systems or files and trade the decryption key for money. If you have all the important data, including system data, backed up in an external hard drive or the cloud, you can avoid being bullied by the attackers.
9. Use a password management tool
A password management tool like Uniqkey helps employees log into accounts without ever requiring them to remember or type their passwords. It helps them keep personal passwords separate from professional passwords.
The access management aspect of the tool allows security admins to assume full control of the access enjoyed by employees. Employees can share time-bound access with colleagues without sharing the passwords.
It just takes the hassle out of authentication and the anxiety out of password security. The best part is that all the passwords are secured in a vault behind military-grade encryption, the key not accessible to the service provider, not even in a hashed form.
10. Be alert: at home and the workplace
Cybercrime may take many different forms and no security tips will safeguard you unless you are alert in your physical and virtual environments.
- Do not use flash drives, data cables, or other hardware components found in public places.
- Always keep your system password-protected and locked when not using it, even when you go out for a quick break.
- Look at what you are clicking. When you hover over a link, keep an eye on the bar that appears towards the bottom-left corner of your screen.
- Ensure the URL starts with https and not http
- Check if the URL matches the intended destination of the link
Cybersecurity Tips for Remote Workers
The prevalence of a hybrid work culture in 2023 demands that substantial thought be put into securing home offices. Here are some tips to prioritise cybersecurity at remote workplaces without losing efficiency.
- Keep your work computer separate from your personal computer. If that is not feasible, at least ensure you use a different user profile for each. Even while using browsers, ensure your work account stays away from your personal account. This segmentation will save you from a professional tragedy if you ever face a personal security incident and vice versa.
- Change the password for the Wi-Fi router every few days and do not make it easily guessable.
- Enable automatic locking so that when you step away from your laptop for a while, it locks itself.
- Use a VPN while accessing critical business data.
Most cyber-attacks are conducted by casting wide, untargeted nets. Employees will escape that net most of the time if they are aware of security flaws that are common among people. Instead of being the easiest targets, humans can add additional security layers by applying security awareness and following some cybersecurity tips. They can be responsible for strengthening data security instead of being the leading cause of security breaches.