We’ve just completed Cybersecurity Awareness Month and it’s the perfect time to take that reminder of the importance of IT security and infuse it into the rest of the year.
Keeping your business from suffering a data breach, ransomware infection, or another type of online attack is becoming more difficult every year. Phishing campaigns get more sophisticated, and ransomware has now become like a software business for large criminal organizations.
We’ve still got two months left in 2021, and the number of data breaches this year has already exceeded the total for 2020, putting this year on track to be a record-breaker in a bad way.
Having a layered cybersecurity strategy is vital to keeping your business from suffering a devastating attack that could hurt you financially for years. One of the most important layers in that strategy is employee awareness training.
Having employees that are well-trained in IT security awareness can reduce a company’s risk of falling victim to an attack by up to 70%.
One of the great things about Cybersecurity Awareness Month is that it brings with it tons of tips that you can use throughout the year to keep your staff well-trained in all the different areas of security awareness.
We’ve picked out several tips that we’ll share below, and you can find more resources to use for your employee training sessions here.
Phishing Awareness Tips
- Think Before You Take Action: Phishing emails are designed to get you to react quickly before thinking. They’ll often warn you of something bad happening if you don’t click a link to do something. Always stop and stay when you get an unexpected email, especially if it’s using this tactic. Often those few extra seconds of reflection will give you enough time to spot a fake:
- Don’t Trust Hyperlinks: Hyperlinks are now used more than file attachments in phishing emails. Many employees may not realize how dangerous a link can be. They will lead to sites that do “drive-by” injections of malware or that spoof real sites and serve up fake login forms. Don’t trust a hyperlink, always fully examine the email and hover over links to see where they’re going.
- Use Protective Software (Antivirus, DNS Filtering, etc.): It’s important to have a good antivirus installed on every device (mobile too!), as well as other protective apps like a DNS filter, which protects against malicious links. Keep software updated regularly to ensure it can catch the most recent threats.
Stay Cyber Secure at Work
- Secure Your Meetings: Online meetings have taken the place of most in-person meetings since the pandemic. Make sure you use safety protocols to keep unauthorized people out of your meetings and that the documents shared via these types of interfaces are being shared securely and only with those you mean to have them.
- Treat Business Information Like Personal Information: Employees will often protect their own personal information like a dragon protecting its gold but will think nothing of emailing a work username and password in a non-encrypted message. Staff should protect business data just as much as they do their own personal data.
- Keep Devices Up To Date: Many data breaches happen through exploits that are taking advantage of code vulnerabilities that were already patched by the developer. It’s vital to keep all work devices (PCs, servers, routers, IoT, etc.) up to date with the installation of patches and ongoing app and OS updates.
Keeping Your Digital Home Secure
- Secure Your Home Wi-Fi: Many employees are working from home, and this can put business data security at higher risk if the networks they’re using aren’t properly secured. Make sure to use a strong router password and keep your router updated with any firmware updates. It’s also a good idea to create a guest network and put only business devices on that.
- Double Login Protection with MFA: Remote employees are logging into multiple cloud apps and interfaces a day, and those passwords can be breached if not protected. Multi-factor authentication (MFA) should be applied to all logins because it’s so effective at keeping accounts secure, even if the credentials have been breached.
- Only Use Approved Business Apps: Employees may mean well by finding a cool app to help them do their work but using cloud apps for business data without approval can lead to data leakage and potential compliance issues. It’s important to have a cloud use policy in place that instructs employees as to the applications they can use for their work and the dangers of using unauthorized applications for business data.
Get Help Building the Security & Phishing Detection Skills of Your Team
Connect2Geek can help your Treasure Valley area business decrease your risk of a cyberattack by strengthening your team’s IT security awareness.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.