Cyber security threats come from everywhere, and with the growing number of connected devices, companies and individuals need to be more vigilant than ever.
It’s not enough to simply rely on your IT team or your anti-virus software to protect your company from attack. Employees at every level of an organization need to be aware that they are, in fact, a potential target for a would-be attacker—but they also have the power to head off threats by following a few simple best practices.
Here are five basic cyber security skills every employee needs to have to help protect businesses from cyber attacks.
1. Following password best practices
Password security is one of the most basic cyber security skills, but most people aren’t good at creating secure passwords or following password best practices. There is a "right way" to use passwords, or passphrases. Just as all employees might be required to wear an ID badge for security purposes, they should be required to follow password policies and understand the best practices, including:
- Creating passphrases instead of passwords
- Avoiding common words
- Sprinkling in numbers and special characters
- Changing passwords periodically
- Never writing down passwords
2. Avoiding malicious emails
Email is still one of the most common means of communication online, and attackers know it. They're also well aware that companies communicate primarily over email and their employees spend plenty of time in their inboxes.
Phishing emails trick employee into giving away information or even direct access. There are obvious red flags that signal a phishing email that employees need to know, including:
- Sender and subject line. Does the email address seem strange or inauthentic?
- Unsolicited attachments
- Strange links
- Poor grammar and spelling mistakes
3. Recognizing untrustworthy websites
Even if you restrict personal web browsing at work, your employees may still find themselves on malicious sites. Recognizing the signs of a potentially dangerous website is a skill any person who works with computers needs to have. From checking for https encryption to paying attention to security warnings in the browser, employees should be aware that not every website they may stumble upon will be reputable.
Web filtering offers a simple solution. It automatically sorts out problematic sites, so only useful ones remain. Your employees won't have the option of making costly errors, and you'll be able to filter content that interferes with productivity. It's a win-win that puts the control back in your hands.
4. Detecting social engineering techniques
Phishing emails are often mass mailings sent to a large number of people. However, sometimes hackers will intentionally and strategically target a company. They'll start by looking for employees that they can trick or easily steal information from. This process is called social engineering.
Your employees need to be on the lookout for social engineering techniques. You've already seen one common one, the phishing email. Other techniques tend to follow a similar pattern; someone outside the organization contacts an employee asking for information. It's usually nothing too overt. Maybe they'll ask about a schedule, when someone goes on lunch, or claim to be an employee that forgot the WiFi password. It doesn't take much, and these individuals can be clever.
Potential attackers are always on the lookout for information laying around. Make sure your employees have the skills to recognize a potential social engineering attempt and have the means to report it.
5. Being smart about smart devices
The "smarter" devices get, the more complex and connected they become. With BYOD culture (Bring Your Own Device) becoming even more prevalent, employees need to take responsibility for the devices they connect to the company’s network. Make sure every employee fully understands your company’s policy on using personal devices such as cell phones, laptops and tablets at work.
There are less obvious computers around the office. Multi-function printers (MFPs) are a perfect example. Every office has at least one printer that scans and copies in addition to printing. It's connected to your office network, and yes, it's a computer. Many offices put controls and passcodes on MFPs to limit and monitor access because it is possible for an attacker to gain access through a printer.
What Can You Do?
Education is always the best defense. Attackers are counting on employees being ill-prepared for the battery of techniques in their arsenal. A well-trained, well-educated workforce is the first and best line of defense against a host of cyber security threats.
Empower your employees to help protect your organization from cyber threats through IT security training and testing. Prepare employees to act in case of a breach by getting started today.