More companies are turning to remote workforces in light of the COVID-19 pandemic, adding an extra strain to companies’ cybersecurity defenses. With teams lacking cybersecurity knowledge and an increase in phishing scams, it’s more important than ever to educate employees on cybersecurity best practices.
10 Cybersecurity Best Practices
Tip 1: Don’t Click Unknown Links
Clicking on links in emails from unknown senders is the easiest way for a hacker to access company data. If you don't know the sender, you don't click on the link. Employees shouldn’t click on links unless they are absolutely sure they know who the sender is, and even then, act with caution. Links requesting sensitive information are never valid.
Tip 2: Don’t Overshare on Social Media
Social media is a continuing trend across all generations and though it may seem like a harmless pastime, sharing personal details on these accounts can provide hackers with valuable information. Often, your location, birthday, and kids’ names are shared, which are often used as answers to security questions, and ammunition for phishing attacks.
Tip 3: Don’t Move Communication Off Designated Site
When working on a designated site, taking communication to an email thread, social media message, or other form of communication could put you at risk. Most sites that allow for communication have protections in place for all involved parties, which are lost once that communication is removed. These sites also tend to keep records of communication in case you need it in the future.
Tip 4: Follow Password Best Practices
It should come as no surprise that adhering to password best practices can protect you and your organization from many potential cybersecurity threats. Simple actions such as always creating a new password, never sharing passwords, and implementing two-factor authentication can save a lot of time and headaches.
Tip 5: Be Skeptical of Unexpected Invoices and Payment Requests
Monitor your invoices and payment requests and make sure they align with your records. If you receive an unexpected invoice or payment request, contact the sender to confirm the request is legitimate. Also be wary of requests to purchase services or equipment using gift cards.
Tip 6: Don't Use Real Answers for Authentication Recovery Questions
Many sites implement security questions as a second line of defense to authenticate your identity when logging into accounts. However, many of these questions involve information that's easy for anyone to find online, such as the location of your first job, your mother's maiden name, your birthday, and others. Using fake answers safeguards against hackers finding the answers elsewhere.
Tip 7: Verify Suspicious Emails and Requests With the Sender
Though many email platforms can detect spam email messages and divert them from your inbox, from time to time they still occur. If you aren't sure about the legitimacy of the email or request, talk to the sender directly via a separate email thread, or better yet, over the phone or in person. Chances are, they'll thank you for your tenacity, especially if it turns out their email has been hacked.
Tip 8: Report Suspicious Emails
This tip goes along with the previous tip, but takes it a step further. If you receive a suspicious email, report it immediately.
Employers should make it easy for employees to report suspicious emails by setting up a clear system and training employees on how to report the suspicious behavior.
Tip 9: Utilize a Password Management Tool
Modern employees utilize many different online accounts in order to accomplish their work, resulting in multiple unique passwords that can (and should) be difficult to remember. Offering employees a password management tool will help them access these different accounts while mitigating the chance they’ll fall into bad password habits such as writing down passwords, or using the same password for multiple accounts.
Tip 10: Don’t Overlook SMS and Text Messages
Think you can't have problems through SMS and text messages? Think again. Be wary of texts from people or organizations you don't know, or unusual requests. Secure organizations will never ask for sensitive information such as bank account numbers, login information, or social security numbers through text message.
Tip No. 1 also applies to SMS and text messages; never click on an unknown link or a link sent from an unknown sender.
Implementing Strong Cyber Security
Cybersecurity is no trivial matter, and when proper planning and awareness is put in place, can save employees and organizations from severe consequences. Keep your organization and employees protected from potential threats by partnering with trained cybersecurity experts.
