Did Fred from accounting get phished? Again? Then it’s time to teach your employees better cyber hygiene.
Empowering your colleagues to protect both themselves and your company is an important foundational step in improving network security. With security-savvy employees doing their part to block sophisticated exploits, you can focus on smart security enhancements that shrink the attack surface and slam the door shut on potential cyber attacks.
With that in mind, here are three cyber hygiene pro tips to help your colleagues stay safe online.
1. Use caution with your social media and shopping accounts
As HR Technologist points out, social media is a godsend for cyber criminals because they can use it to scrape tidbits of information—like where you went to school or the names of your family members—to determine in just a few minutes whether you’re a ripe target. They can then use this credible intel to open a credit card account in your name or dupe you into divulging even more sensitive information with a phishing attack. For this reason, consider shutting down your social media presence or at least encouraging employees to take great care as they decide what to post and how to engage with other social media users online.
Cyber criminals also send phishing emails to Amazon and eBay users, tempting them with deals around Black Friday and the holiday shopping season. According to Krebs on Security, they even sell fake copies of software for ridiculously low prices and follow up via email to request that the purchaser activate their account using a special web portal. Once they’ve nabbed your credentials, the attackers can wreak havoc as they see fit, so use caution with any shopping-related emails you receive or purchases you make online.
2. Scrub your online presence
CEO fraud and other clever phishing methods exploit targeted employees by name, harvest information about them that they think is private, and then leverage it to win their trust in an email or message exchange.
As ZDNet notes, sites like Have I Been Pwned? can help you figure out how much of your personal information is available online via search engines, web archives, or the dark web. If you discover something you don’t want out there for anyone to peruse on the open internet, contact Google or the site owner for their assistance in removing it.
3. Use secure, encrypted connections
Do you work at coffee shops where the java is strong and the Wi-Fi is plentiful? One way you can and absolutely should protect yourself and your organization is to use secure internet connections. For example, VPN implementation can be especially useful because it masks your IP address with encryption to shield your internet session from prying eyes. Some VPNs can even protect you from malware attacks, adding a further layer of protection.
Tor allows you to browse the internet with nearly perfect anonymity, offering another appealing option for the privacy-conscious. According to CSO, installing the free Tor browser on your device enables you to go online without having to worry if someone is spying on you. While VPN service providers typically have access to some personally identifying information about you and could conceivably cough it up if pressured or compromised in some way, Tor’s distributed server network ensures privacy by design, making it nearly impossible for anyone to trace your online activity.
Secure your network environment
Of course, as the IT manager, one powerful strategy for improving network security involves automatically securing the environments where your employees work. VPN implementation is low-hanging fruit, but you could also take advantage of smart printer security controls that help printers automatically detect and self-heal against attacks to ward off dangerous and often underestimated threats. With the peace of mind and productivity you gain from deputizing printers to shut down attacks in progress, you can turn your focus to other initiatives that strengthen your overall security posture, like improving IoT security.
Your colleagues may not realize it, but they are more vulnerable to cyber threats at this point than they ever have been. They may well have unintentionally revealed information about themselves on the internet that malicious actors could use to perpetrate identity fraud or even stage a phishing attack. This would put your entire organization at grave risk of a major data breach, but forewarned can mean forearmed. By educating your employees on the importance of proper cyber hygiene, you can help them protect themselves and empower your company to fend off sophisticated cyber assaults.