Whether you’re an employee of a business or you work out of your own home or run your own business, you’re on the front line of cyber security.
No matter the size of your business, cyber criminals do not discriminate. Whether you’re a sole trader or you work for a multi-national, everyone is a potential target.
Whilst companies should take every possible precaution to protect against the threat of cyber-attacks, there is much you, as an individual can and should be doing to help protect your company’s information as well as your own.
A cyber security policy is only as good as the workforce who are implementing it on the front line. It only takes one person’s mistake to lead to an entire company data breach so there are some steps you should be taking no matter where you work.
Here are 13 of our top tips for staying on top of cyber security threats at the workplace and on your home computer and devices:
1. Back up your data
Today, storage does not cost much so there is no excuse for not backing up your data, both at work and at home. Hackers are not always out to steal your data. Sometimes the end goal is to encrypt or erase it or threaten to do so. Regular backups mean you always have a recovery option.
Top tip: back up on a physical location and on the cloud for an extra layer of protection.
2. Keep your devices and apps up to date
Keeping your software and apps up to date is something that is often overlooked, especially on home computers and mobile devices. Software and app developers publish updates on a regular basis that provide security patches and more. It’s essential that you keep every device you own or work on up to date, including IoT devices like home assistants and wireless speakers. The next time you see a notification to update your software, don’t click ‘Later’.
Top tip: turn on automatic updates for your operating system and in your App store. That way, you will get notifications and your devices will update automatically.
3. Practice good password management
Good password management is essential for online security. It’s a crucial step in the battle to keep hackers out of your network and your data. There are some steps you should take in order to practice good password management. Some of these steps include:
- Choose passwords that are at least eight characters long and a maximum of 64
- Don’t use the same password twice
- Your passwords should contain at least one lowercase letter, one uppercase, one number and four symbols but not &%#@_
- Reset your password when you forget it and change them once a year as a general refresh
Top tip: if you want to make password management easier, use a password management tool or account vault such as LastPass or OnePassword.
4. Use two-factor authentication
Two-factor or multi-factor authentication is a service that adds an extra layer of security to the standard password method of online authentication. With two-factor authentication, instead of entering your username and password, you will instead be required to fill out one additional form of authentication. This could be as simple as a PIN or more complex like an authentication app on your phone. Most mobile devices today are fitted with the option for two-factor authentication using a biometric identifier such as a fingerprint of facial recognition. As we move forward, expect iris recognition to be an additional option on more devices.
Top tip: many password management tools include the option for two factor authentication – another strong argument for the use of password management tools.
5. Beware of phishing scams
Even as we head into 2020, it seems strange still to be talking about phishing scams. One of the oldest forms of cyber-attack, phishing scams have been around for a long time, however they are still as prominent today and according to Avanan, one in every 99 emails sent is a phishing scam. Email is still the go-to tactic for phishing scammers; however, phone calls and text messages should still be carefully monitored. Most phishing scams focus on trying to trick people to divulge personal information such as a login ID, password, banking or credit card information. In the workplace, providing sensitive information about the company can be extremely dangerous so treat every email, phone call and text message with caution.
Top tip: recognizing the common themes of a phishing attempt will help you to stay safe. Be wary of any communication claiming there is a problem with your account, asking for personal information or asking you for a payment.
6. Lock your devices when unattended
As simple as it sounds, locking your devices when unattended is a really good way of protecting yourself from the threat of cyber-crime. The physical security of your device is just as important as the technical – it only take 30 seconds for someone to access personal information from your device – less than the time it takes to make a cup of tea.
Whether it’s your laptop, desktop computer or mobile phone, if you leave them unattended for any length of time, make sure you lock the screen so no one can access your device.
Top tip: set your devices to automatically lock when they have not been used for a short period of time. Whilst it can be annoying, it can save you from a cyber-attack.
7. Install anti-virus protection and Firewall
Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.
Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device.
Top tip: both Windows and Mac OS X come with built in firewalls so take the time to invest in a trusted antivirus software for all your devices.
8. Be careful what you click
As simple as it sounds, we, the end-user, are often most responsible for triggering cyber attacks from the links that we click on. Before you click on any link or pop up, be sure you know where that link will take you and that it comes from a trusted source. Browsers have become more active in warning users about untrusted websites, but you still need to be careful about the links you are clicking.
Top tip: browser add-ons such as Click-to-Play and NoScript can help to prevent the automatic download of plug-in content such as Java or Flash that can harbour malicious code
9. Connect securely
We’ve all been there. You’re out and about and you need to look at something, but you have a poor data connection, so you hunt for the nearest public Wi-Fi. The problem is many public Wi-Fi connections are not secured and can leave your device open for hackers. Wherever possible, you should only connect to a secure Wi-Fi connection. If that’s not always possible because you travel a lot, install a VPN which provides powerful VPN protection that can help to keep your information private on public Wi-Fi.
Top tip: Norton is one of the world’s most trusted antivirus specialists and also offer a secure VPN service so you can package everything together and keep all your devices secure.
10. Be careful with removable media
Malware can easily be spread through infected flash drives, external hard drives and even smartphones. In the workplace, have policies in place to control all access to these removable media devices and make sure to scan any device for malware before plugging it into a computer. On particularly sensitive systems consider disabling removable media altogether. At home, also ensure that your antivirus software will scan any removable media before it connects to your device.
Top tip: Encrypt information held on removable media. If the use of removable media is required, the information on all devices should be encrypted. The level of encryption will depend on the sensitivity of the information stored on the device.
11. Monitor user accounts and privileges
This one applies more in the workplace than at home, however you should be aware of who has access to your device and network (including your home network) and ensure they are secure. In the workplace, employees should only be allowed access to the information they need in order to do their job. Limit the number of privileged user accounts and monitor user activity. Have a list of all accounts an employee has access to and remove their permissions when they leave the company.
Top tip: conduct a regular audit of your network to find out who has access to what. This should be part of your cyber security policy and be conducted on a regular basis.
12. Embrace training and education
In the workplace, cyber security training is an essential part in keeping your information and network secure. It should be a mandatory training session for every member of staff – from the CEO down to the cleaning staff and include anyone with access to the network. At home, you should try and educate yourself around the latest scams and phishing attacks – there is a lot of information out there and keeping on top of the latest threats will help to keep your devices secure.
Top tip: here in New Zealand CERT NZ, a government agency, helps to support local businesses and the public on all things relating to cyber security and protecting your devices.
13. Don’t think it won’t happen to you
Our final tip is just a reminder to everyone out there to remember that cyber crime is not just targeted at large corporations – it could happen to you. Cyber criminals do not discriminate. Often, smaller companies or individuals will offer a more attractive target for cyber criminals as they assume you won’t have the security measures in place that bigger organisations deploy.
Think that it will never happen to you is the first step down the rocky road towards a cyber attack so it’s important to stay vigilant and deploy as many defensive mechanisms as possible to stop potential cyber attacks to your business or to your personal devices.
Top tip: always assume you are a target. That way, you are much more likely to carry out the 12 steps listed above and stay ahead of the game.