Skip to main content
  1. Learn center
  2. Project management
  3. Posts
  4. Up your cybersecurity awareness for better team safety online

Up your cybersecurity awareness for better team safety online

PostsProject management
Brandi Gratis

Brandi Gratis

January 29, 2021

October is National Cyber Security Awareness Month (NCSAM), and there’s no better time to discuss the importance of cybersecurity awareness for your team.

That’s right; cybersecurity isn’t just for your IT manager or company executives to worry about — cybersecurity is a team sport.

Cybersecurity awareness tips for teams

Hardly a day goes by that we don’t see another high-profile security breach breaking in the news. And the truth is that most of the time, we can avoid these breaches with some basic anti-hacking protocols in place, along with a little employee education on web safety best practices.

From LinkedIn and Dropbox to Yahoo and Ashley Madison, no company is too big to fall for a well-timed hack. How can your team protect themselves? Follow these tips, and you’ll reduce your risk significantly.

1. Don’t use the same password for everything

Over the years, you’ve probably made dozens of accounts. Some you still use, many you’re no longer active on. If you’ve been using the same password for every account since high school, it’s probably time to mix things up. The second you get hacked on any one of these accounts, all a hacker has to do is use the same credentials to log in to a few popular websites to see if you have an account, giving them access to your email, social media, banking information, and more.

I know; who can memorize 50 different passwords of jumbled letters, numbers, and characters? No one. Except maybe this guy. But luckily, you don’t need to.

Password management services like LastPass or Dashlane will not only keep track of all of your passwords but also generate highly secure passwords each time you set up a new account online. This means you only really have to remember one password: the one to get into your password management service.

2. Create strong passwords, and change them regularly

According to data compiled by Bloomberg, it only takes 10 minutes for a hacker to crack a six-character password that’s all lowercase letters. Add uppercase letters and some symbols, and you’ve extended that time to 18 days. Extend your password to 9 characters, and it would take over a lifetime for a hacker’s computer to guess the right answer.

Remember, all it takes is that one guy who still uses “password1234” to ruin things for everyone. Don’t be that guy.

Start with strong passwords, and change them every few months. A strong password should:

  • consist of at least nine characters
  • contain a combination of letters, numbers, and symbols
  • combine uppercase and lowercase letters
  • not match any previous passwords.

3. Use authentication systems

Nowadays, we need to go beyond just usernames and passwords when logging into our accounts online. According to data compiled by the White House, as many as 62% of successful data breaches could have been prevented by using authentication systems such as biometrics or dual-factor authentication.

For every account that allows it, make sure to set up dual-factor authentication. Also, add a backup email and phone number, so that if a hack does occur, you can regain access to your account as quickly as possible.

4. Keep all software up to date

Any device connected to the Internet is inherently vulnerable. Update your operating system and computer software as soon as new updates are released. This will ensure that you have the best protection available against any discovered weaknesses the company operating the product/service may have found.

5. Be smart about email

It seems like people should have the cybersecurity awareness to know how to use email safely by now, but many of us still fall for some pretty basic tricks.

First, don’t click on any links or attachments unless you recognize the sender. Even then, don’t click links directly in your email. Instead, copy/paste the URL into your browser. This will prevent any involuntary redirects to unsafe websites.

Hackers usually start out with common techniques such as phishing/spear-phishing, targeting employees, partners, contractors, or even customers in an effort to gain access to the system. If you see an email or text from an otherwise trusted source (like Apple or Google) asking for your username or password, take this as a red flag, and don’t oblige. And if you’re ever unsure about an email, contact the real company directly. The extra effort could save you and your place of employment a lot of time and money.

6. Always encrypt data, including on-premise, in the cloud, and via email

Using encryption can help to prevent some of the most common types of security breaches. Encryption provides an extra layer of protection that makes it unreadable to anyone without the encryption key.

7. Create strict access policies

Employees should only have access to the systems and data they need when they need them. Protocols should be put in place to grant and revoke access in a timely manner. It’s far too easy for employees to compromise data accidentally. Cached copies of sensitive information get saved to their personal workstations, important files get moved or deleted, and people end up emailing something they shouldn’t have. Plus, the fewer people that have access, the easier it is to pinpoint a breach.

Your system admin should create and enforce a strict access policy and make folders inaccessible by default until the employee requests and is approved permission. While this may not be the most convenient solution for your employees, it’s worth the hassle to avoid an enterprise data security breach.

8. Avoid public computers and Wi-Fi

Hotels, airports, libraries, etc., offer public computers for people to use on the go, and coffee shops, bars, and restaurants are increasingly offering Wi-Fi to patrons. Unfortunately, when you sign into a public computer or Wi-Fi network, you have no way of knowing how strictly someone monitors them or what users before you may have done to compromise the system.

Hold off on checking your work email until you get to a protected device and network. And especially avoid open wi-fi, where your data undergoes no encryption whatsoever before sending. Your username/password can easily be “sniffed” by anyone else using the same access point.

9. Keep track of all on-premise visitors

Another common hacking method is social engineering, in which hackers dress up like maintenance persons, guests, or visitors, slip past your front desk, and plug a thumb drive into an empty workstation.

Make sure you establish protocols for allowing visitors, clients, interviewees, and maintenance crews in and out of your building. Make sure each guest is checked in, verified, and kept in a designated reception area with a receptionist or office manager watching nearby until they are met by the appropriate employee.

10. Pay attention to breaches in the news

When you hear that there’s been a security breach of LinkedIn or Dropbox and you know you own an account with them, be sure to log in and change your password immediately. Notify your IT administrator if you’ve been accessing the account on your company computer to ensure they are aware of any potential threat to security.

Cybersecurity awareness during COVID-19

The confusion of information and added stress of figuring out how to work from home may leave many extra vulnerable to security breaches. Stay on high alert if anyone should contact you about needing passwords, banking information, social security numbers, credit card numbers, or anything else unsolicited. They are undoubtedly a scam. The government will not contact you directly about stimulus check deposits nor about setting up an appointment for a vaccination. Many, especially the elderly, have fallen victim to scams like this, taking advantage of people when confusion is in the air. Now, more than ever, it’s necessary to stay diligent about protecting your personal information and up to date in your cybersecurity awareness.

Cybersecurity and your tools

Once a hack occurs, there’s no telling how much damage it will do. The best tactic when dealing with the potential of cyber threats is a good defense (i.e., cybersecurity awareness and best practices.) Put safety plans in place, update them regularly, make sure the tools you use are doing the same, and keep your employees educated about web best practices. It takes a village to keep your company’s data secure.

This post was originally published on October 12, 2016, and updated most recently on January 29, 2021.

Keywords

Related

Subscribe to our newsletter

Learn with Nulab to bring your best ideas to life