Cyber Security has dominated the headlines in 2018. The continual stream of cyber-attacks and the implementation of the GDPR has driven home the importance of data security in the workplace.
The Cyber Security nightmares of 2018 highlight the need for a greater awareness of the threats faced and the need to improve security practices to reduce the chance of being attacked.
Worryingly, over 90% of all successful cyber-attacks are a result of information unknowingly provided by employees. As networks become harder to breach, cybercriminals are increasingly targeting employees as they are the easiest way to break into a network and steal sensitive data.
To reduce the chance of cybercriminals gaining access to sensitive company data, employees should adopt the below Cyber Security new year resolutions:
Cyber Security New Year Resolutions
1. Never click on suspicious links or download attachments from unknown sources
Phishing continues to be one of the most popular ways for hackers to steal your personal information and install malicious software on your computer. The most common type of phishing scam involves tricking people into opening emails or clicking on a link which may appear to come from a legitimate business or reputable source.
These emails often create a sense of urgency, so the user feels compelled to click on the link or open an accompanying attachment. The link may direct you to a fake website where you are prompted to enter your personal details or take you to a website that directly infects your computer with malware.
Red flags to look out for on a suspicious email include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information.
2. Use strong passwords
One of the easiest ways for hackers to gain access to sensitive company data is to guess passwords. 59% of people use the same username and password for all their accounts so if hackers are able to gain access to one account, they can potentially access them all.
A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, a passphrase can be created which is a password composed of a sentence or combination of words. The first letter of each word will form the basis of the password and letters can be substituted with numbers and symbols to add a further line of defence.
When choosing a passphrase, avoid the use of:
- Your name in any form or any abbreviations
- The name of close relatives or pets
- Your username
- Birth dates or anniversaries
- Famous quotes
3. Avoid using public Wi-Fi
Using free public Wi-Fi is a risky business that can pose a real threat to the security of your organisation. Public Wi-Fi requires no authentication to establish a network connection, allowing hackers direct access to unsecured devices on the same unencrypted open network. Hackers can then steal valuable info such as login passwords, credit card information, personal information or they may install malware to spy on your online activity.
One of the most important ways to protect yourself while using a public Wi-Fi network is to use a VPN. A VPN encrypts your internet connection making it secure and protecting your privacy. Other safety measures include turning off sharing, sticking to secure sites and switching off Wi-Fi when not in use.
4. Keep a clean desk and clear screen
Keeping a clean desk at work is vital in preventing against information theft and security breaches. It reduces the chance of sensitive information being viewed or taken by someone who doesn’t have permission.
There is an increased risk of theft or a security breach when confidential information is in full view, whether it’s on a screen, notepad or even on a post-it note.
To ensure you remain safe, move papers off your desk, lock away any sensitive documents, shred any information you no longer need and always lock your computer when you leave your workspace.
5. Keep Laptops and Mobile Devices Secure
Mobile devices are highly vulnerable to being lost or stolen, providing criminals with easy access to sensitive company information. It may seem obvious, but one of the most important ways to protect mobile devices is to ensure they remain with you, and in sight at all times.
If you’re working in a public space, never leave your device unattended and be aware of shoulder surfers, someone who may be looking over your shoulder at confidential information that is displayed on your screen.
6. Ensure only authorised personnel enter the workplace
Tailgating involves someone following an employee into a restricted area. It’s often innocently carried out by an employee holding a door open for someone, a visitor without a badge or someone in a uniform appearing to be a worker. It may seem like a harmless gesture, however these lapses in security have the potential to cause great damage to the security of your organisation.
If a fraudster gains access to the building, their intent is usually to steal hardware or information by gaining access to the company’s internal systems. It’s important that you don’t let anyone into the building who doesn’t have authorised access by remaining alert and reporting any suspicious behaviour to the relevant personnel.
7. Regularly update Anti-Virus software
One of the most important ways to protect yourself against cyber-attacks is through the installation of up to date anti-virus software. Anti-virus software is the first line of defence in detecting threats on your computer and blocking unauthorised users from gaining access.
In addition to installing anti-virus software, it’s vital to ensure that your software is regularly updated to ensure hackers are unable to gain access to your computer through vulnerabilities in older and outdated systems.
MetaCompliance specialises in creating the best eLearning and cyber security awareness training available on the market. We’ve taken the most up to date research on eLearning methods and combined this with creativity, expert knowledge and innovative software to deliver effective and engaging content that helps businesses stay cybersecure and compliant. Contact us for further information on our extensive range of cyber security awareness courses.