Cyber security is an essential element of trust within an organization. This is especially true now that mobile devices are the primary tools for doing business, remote and hybrid working have proliferated, and process digitization is underway in many companies. Because of this, enterprises, employees, and customers need reassurance that their sensitive data is adequately protected.
Unfortunately, according to the latest Verizon Mobile Security Index report, the human factor was involved in as many as 74% of all information security breaches in 2023. The Verizon Data Breach Investigations Report this year found that 19% of data leaks in organizations had an internal cause – in the form of employee inadvertent or accidental actions. No matter how specialized, any security system is only as secure as its weakest link.
Cyber hygiene in the company – prevention as simple as washing hands
With the rapid development of technology and increased scale and sophistication of attacks, cyber security breaches cannot be avoided entirely. Prevention is much cheaper than repairing the damages. And in the case of businesses, these can not only be costly but also irreversible, resulting in loss of trust and reputation. That’s why it’s worth taking every measure to minimize risk – you can increase the resilience of your company and yourself as an employee by implementing good practices known as cyber hygiene.
Cyber hygiene is defined as a set of rules, behaviors, and recommendations that, if followed, help increase the security of users, devices, networks, and data. This definition may sound daunting because it is associated with complicated and time-consuming activities that require technical knowledge. Meanwhile, for the average user who is not an IT administrator, cyber HSE is about simple, everyday habits, often compared to personal hygiene.
Cyber hygiene tips for every employee
Below are cyber hygiene tips that you can implement in a business environment and at the private level. To systematize your knowledge, they have been divided into several categories corresponding to the most critical threat areas.
Messages
- Do not open suspicious e-mails, SMS, MMS. Especially if they contain information about winning a contest, transferring money from a bank, hacking into an account.
- Check the sender’s ID (email address, phone number). If you are not sure, contact the sender by phone or in person.
- Pay attention to the linguistic and compositional correctness of the content. Trustworthy organizations usually verify their messages before sending them: do not make blatant spelling and stylistic errors, and do not use strange formatting.
- Don’t act if you feel that the sender is putting unnatural pressure on you or creating a sense of guilt while trying to get you to act urgently within a specific, very short deadline (for example, to make a money transfer or provide personal information).
- Watch out for links and attachments. Don’t open attached files without ascertaining their source. Preview without clicking (by pointing with your mouse cursor) the actual destination address of the page the link will take you to. Watch for errors and typos in the URL – for example, an uppercase I as a lowercase L or the number 0 instead of an uppercase O.
PRACTICAL USE CASE: find the differences between www.bankofamerica.com and www.bankofarnerica.oom.
Passwords and accesses
- Use strong passwords (length, upper and lower case letters, numbers, special characters). Create them unique for each account – 1 account = 1 password. Change them regularly; do so immediately when you suspect someone has figured them out or stolen them.
- Don’t share passwords with others. Don’t type them while someone looks over your shoulder, at your screen or keyboard. Also, don’t write them down on paper or in an unsecured file – a better option is to use a proven password manager or authentication data management program.
- Secure your devices with passwords. Lock them or log out when you pause or finish work.
- Use two-step verification to secure your accounts further. Enable this feature wherever you can.
Software and hardware
- Regularly update your system, programs and applications – if you use your own device for work. Otherwise, ask your administrator to do so.
- Only use software from legal sources. This is especially true for mobile applications.
- Don’t plug unknown data carriers into company devices.
- Try to avoid using public charging stations. They can become a tool for juice jacking – an attack that uses USB cables crafted by cybercriminals to infect your equipment or steal your data. If you must plug into a public USB station, assess the risks. You can use your own cables, preferably stripped of data transmission functions.
Network
- When working remotely, do not connect to public or unknown WiFi networks, especially when logging into accounts that contain sensitive data. However, if it’s really necessary, you can secure your online activity by enabling a VPN service. Ask your administrator to install and configure it.
- Protect your online privacy. Don’t share information whose publication could even potentially compromise your or your organization’s security and give cybercriminals grounds for blackmail. Follow the rule: the less, the better.
By applying the recommendations above, you will contribute to raising the level of cyber security in your company and increase the security of your daily activities, not just business. Pass this knowledge on to your colleagues.