Even if a company has strong security policies in place, it’s still up to each person to regulate their actions. It takes just one employee making a mistake for attackers to gain the advantage. The recent Twitter hack proved just how important employees are in a company’s overall security. Despite having advanced systems and specialists to ensure the its safety, hackers still managed to leverage employees to get into its systems.
So don’t just rely on company policy to stay protected – although listen to those too! Here are some proactive steps that employees can take to ensure their devices and accounts remain safe.
What Type of Threats Do Employees Face?
There are several major attacks that every employee, remote worker, and freelancer should be aware of. These are:
– Phishing Attacks: This is a common attack, where the attacker poses as someone else – usually to get the employee to click on a link or download something. There are several types of phishing attacks, and they come through various forms of communication.
– Network Attacks: Hackers have a few ways to get into people’s devices through unsecured networks. The most prominent threat is public WiFi networks such as those at cafes or restaurants.
– Account Takeovers: Whenever data is leaked in a data breach, hackers will use those credentials on a list of platforms to see where they can get in. So if someone reused the same password from a breached app on their work email account, that account now is at risk.
How Employees Can Protect Their Data in the Workplace
1. Use Strong Passwords and Activate 2FA
Weak passwords are one of the biggest reasons attackers get access to employees’ accounts or devices. Follow password security best practices for every account. This means creating a unique and strong password, never reusing a password, and enabling two-factor authentication. If necessary, use a password manager but never save passwords on a browser as this isn’t a reliable method of keeping them safe.
2. Listen to IT and Keep Software Updated
The company’s IT department will likely have policies regarding software updates. Even if they don’t, it’s a good idea to keep any software installed on the device updated. Software updates normally contain security patches that fix bugs and protect the software from new threats.
Outdated software poses a major risk to devices as attackers might have found new methods to exploit any vulnerabilities in that software.
3. Think About Devices That Are Brought in to Work
Almost everyone takes their mobile phones to work. Some also take laptops or other devices. Companies take great care to secure the devices and systems at work, but they don’t usually regulate personal devices. Hackers know that, and they’ll use that as a way in.
Make sure any personal devices that are also used at (or for) work are secured. This means they should be locked with a strong authentication method and connected to a secure network (otherwise, use a VPN). Also, be careful with the programs installed on them and keep them updated.
4. Be Wary of Unsolicited Emails and Avoid Links
Phishing emails (or messages) prey on people’s vulnerabilities, emotions, and ignorance. They’re very adept at creating believable websites and emails that look like real things to get people to click on links or open pop-ups. Be very wary of emails from strangers or friends or coworkers that were unwarranted and contain downloads or links. Contact IT about any suspicious emails or messages.
Some spear phishing attacks are based on a device’s IP address – attackers can potentially track it and link it to a person and their employer. So then the next concern becomes, “how do I hide my IP address?”. It might be prudent to invest in VPN software that encrypts and protects a network connection by replacing its IP address with a different one. That way, attackers can never link it back to a real person. Click here to find more information.
5. Manage Data Access
Keeping sensitive data out of the hands of attackers means also keeping it out of the hands of those who don’t need to use it. In cybersecurity terms, this is commonly referred to as the least privilege rule. It means only giving people access to the data that they need to do their work.
A key part of this concept is revoking access whenever someone no longer needs access to the data. For instance, when a coworker no longer works there or when a contractor has finished their job. Consult IT as well for ways to dispose of old data properly.
The Bottom Line
Remember, it’s up to every person to help protect their workplace from cyber attacks. It takes just one wrong move to give a hacker a way in. Yes, that’s a lot of pressure. Make sure to follow basic cybersecurity practices and company policies, and things should stay perfectly safe.