Your company’s IT department does their best to prevent hackers from breaching your network, malware from infecting your computer, and ensuring that your company’s confidential information is kept secret. Despite their diligent efforts, there will always be a cybersecurity risk. As an employee, there are numerous things that you can do to ensure you don’t accidentally circumvent your IT department’s security protections. Here are five things you can routinely do to ensure that you are not the cause of the next security breach at your company.
Use a Password Manager
If you aren’t using a password manager – you should be a commonly used password manager frequently states that they are the last password you’ll ever need. There are many popular password managersbut the premise of these software applications is that they manage your passwords for you. You simply remember an incredibly complex master password you create and let them keep track of all your day-to-day passwords.
It sounds complex, but it makes your life considerably easier. You can use insanely long and complex passwords and because they support all desktop and mobile platforms, when you go to a website or a mobile application it will automatically fill in your username and password. It also makes placing orders online significantly easier as it auto-fills your shipping address and credit card information. There are even ways to separate your work and home passwords. The only downside of adopting a password manager is that you now have to go back and change all your passwords from that one password you were using for all websites!
Use Multi-Factor Authentication
Multi-Factor Authentication (MFA) or Two-Factor (2FA) is what you need to prevent your accounts on many websites or systems from being hacked. It is an added layer of security that does make it slightly more difficult for you to login to websites or systems, but it can keep the hackers at bay. Many common websites like support this additional method of authentication. You can simply install the Google Authenticator or alternatives on your smartphone and enable MFA or 2FA on the websites you use to make it almost impossible for your accounts to be hacked.
Look Before You Click
The “human firewall” is a commonly used industry term that reinforces cybersecurity and is not just an IT administrator’s problem but an employee’s as well. A significant amount of computer infections are the result of an employee clicking on an attachment or hyperlink in a malicious email. They inadvertently either download and run the malicious attachment or click a hyperlink that brings them to an imposter website where the employee enters their login information, and it’s captured and used to do bad things.
Imagine what would happen if you accidentally entered your Office365 login credentials on a malicious website. They could harvest all your contacts, send emails with malicious attachments to your co-workers and customers and read all your emails that may contain confidential company information. Don’t download any attachments unless you were expecting them and don’t click a link unless you mouse-over it first and see where it leads too.
Watch App Permissions
Many people don’t read the licensing agreements when installing software and they don’t pay close attention to the permissions required for the smartphone applications they install either. I suspect there are more malicious flashlight applications than ones that are legitimate. When installing any application on your smartphone, you need to pay close attention to what permissions it requires. If a flashlight application, for example, is asking to have access to your contacts and your file system you know something is wrong.
Always Use Passwords and PIN Codes
The most complaints we get from employees is that their passwords are too difficult to remember. They prefer easy to remember passwords instead. We understand that complex passwords are harder to remember and take longer to type, but they are a necessity. The harder the password the harder it is to hack. Some people go even further and don’t have any passwords set on their computers or PIN codes on their smartphones for convenience. Every device you use should have some form of authentication to gain access. It’s not fun losing your laptop or smartphone as they are exepensive to replace, but it can become significantly more costly if they gain access to your personal or financial information.
Unfortunately, there is a mindset with many people that we work with is that there is no data on their computer or smartphone worth backing up – until they lose that data. When their hard disk fails, or they are infected with ransomware, only then do they realize they lost that massive spreadsheet that took a week to create or all their children’s photos and videos from the last decade. Their mindset quickly changes and panic starts to set in.
There are many online backup services that are inexpensive and easy to set-up on your computer. Both Android and iPhone have built-in backup utilities. Use them. It will make a recovery from a lost smartphone or tablet much easier. No one likes paying for “insurance” but this is inexpensive, and you’ll be happy to have it when you need it.
Cybersecurity is about risk mitigation. It’s about reducing your risk to online threats. We don’t make cybersecurity recommendations where the cost outweighs the benefit. These best-practice recommendations are inexpensive and layer your security defenses in such a way to drastically reduce the possibility of bad things happing to you or your company. We strongly suggest you implement them all immediately. You’ll be helping secure your data and company information, as well as joining your IT department in the war against cyber-criminals.