17 Must-Know Cybersecurity Tips for Employees

Security in IT is like locking your house or car – it doesn’t stop the bad guys, but if it’s good enough they may move on to an easier target. - Paul Herbka

In a world where clicking a single malicious link can leak critical company data, being cyber-savvy is no longer just the IT department's job. Every employee has a part to play in keeping the digital workspace safe. 

Understanding and practicing basic cybersecurity principles is not just about protecting the company; it's about safeguarding your professional integrity. This blog post breaks down easy yet effective cybersecurity tips every employee should know and practice to help create a robust line of defense against potential cyber threats. 

Your awareness and action can significantly contribute to a safer and more secure working environment for all. Let’s dive in!

1. Educate Yourself and Stay Informed

In the constantly evolving world of cybersecurity, staying informed is not just beneficial, but crucial. The first step towards establishing a secure digital workspace begins with education. Here are some ways to bolster your knowledge and stay updated:

Enroll in Cybersecurity Training Programs

Many employers offer cybersecurity training programs to help their employees understand the basics of cybersecurity and the specific policies and tools used in their organization. Engage in these programs to learn about the common threats you may encounter and the best practices for dealing with them. For instance, tools like Wizer or KnowBe4 provide interactive security awareness training that can be very beneficial.

Stay Updated on Latest Cybersecurity Threats and Trends

Cybersecurity is fast-paced with new threats emerging almost daily. Subscribe to reputable cybersecurity blogs, follow industry experts on social media, listen to popular cybersecurity podcasts, and participate in relevant forums to learn current potential risks. Being informed about the latest threats and the evolving landscape of cybersecurity can equip you with the knowledge to recognize suspicious activities and prevent possible security breaches.

2. Use Strong and Unique Passwords

A strong password is a fundamental step towards securing your digital identity. Using the same password from high school for every account and saving your passwords in a notes app? That's a security risk waiting to happen.

• A strong password should include a mix of uppercase and lowercase letters, numbers, and special characters. 
• It should be at least 12 characters long to ensure complexity.
• Shared accounts cause vulnerabilities.

Consider using password management tools like LastPass or 1Password to keep track of your complex passwords. These tools help you generate and store complex passwords securely.

Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers. - Chris Pirillo

If it isn't already implemented in your workplace, consider recommending your employer to adopt an open directory platform such as JumpCloud, Okta, or OneLogin. These platforms facilitate secure management and connectivity for users to devices, applications, files, and networks all from a single dashboard, streamlining the process and enhancing the security framework.

3. Utilize Multi-factor Authentication (MFA)

• Multi-Factor Authentication (MFA) adds an additional layer of security by requiring more than just a password to access your account. This could include something you know (like a password), something you have (like a mobile device), or something you are (like a fingerprint).
• Follow your organization's guidelines for setting up MFA on your accounts to enhance account security significantly.

4. Be Cautious with Email and Phishing Scams

• Phishing attempts often come in the form of emails that seem legitimate but contain malicious links or attachments. Be cautious and avoid clicking on links or downloading attachments from unknown or suspicious sources.
• If you encounter a phishing attempt, it's essential to report it to your IT department immediately so that they can take necessary measures to prevent further attacks.

5. Use the SLAM Method to Spot Suspicious Emails

Phishing attacks are prevalent and can be highly personalized, making them quite deceptive. Utilize the SLAM method to identify potential phishing attempts:

• Sender: Verify the sender's email address to ensure it's from a legitimate source.
• Links: Hover over any links to see where they lead before clicking.
• Attachments: Avoid opening attachments from unfamiliar senders or unexpected attachments even from known senders.
• Message: Examine the message for poor grammar or misspellings, which can be red flags.

6. Use a SaaS Security Tool

Companies believe that about 70% of the apps they use are SaaS-based. That means 7 out of 10 apps used in a workplace are SaaS applications. These online applications can pose a significant SaaS security risk, especially if employees begin using unauthorized SaaS tools without the oversight of the IT department. This scenario, known as Shadow IT, can enlarge the attack surfaces, making the organization more vulnerable to cyber threats.

Avoidance of Shadow IT:

• Refrain from using unauthorized SaaS applications to prevent creating vulnerabilities in your organization's cyber defense.
• Encourage colleagues to adhere to the approved list of SaaS tools and report any unauthorized use they come across.

SaaS Security Solutions:

• Consider suggesting your company to implement a SaaS security and discovery solution like Resmo that provides visibility and control over the SaaS tools being used within the organization.
• These solutions can help in monitoring, managing, and securing all sanctioned SaaS applications, ensuring they adhere to the organizational security policies.

Suggested reading: ChatGPT Security Risks

7. Ensure a Secure Connection

• When accessing company resources remotely, ensure to connect via a Virtual Private Network (VPN) to keep your connection secure. It encrypts the data traffic, keeping it safe from potential eavesdroppers.
• Avoid using public Wi-Fi networks for accessing company resources as they are often unsecured and could be a potential source of cyber threats.

8. Secure Your Home Network

Ensure the security of your home network to protect both personal and corporate data:

• Plug computers into your router, not your modem.
• Change the default password on your router and ensure firmware is updated.
• Disable remote router administration to eliminate an easy pathway for cyber attackers.

If you are working remotely, be mindful of remote working security risks.

9. Regularly Update Software and Systems

• Keeping your software and systems updated is crucial as updates often contain patches for known security vulnerabilities. An unpatched system is an open door for cyber threats.
• Enable automatic updates whenever possible to ensure that your system stays updated without requiring manual intervention.

10. Practice Safe Browsing

• Avoid visiting suspicious or irrelevant websites during work hours as they may contain malicious software that can compromise your device.
• Utilize browser security features and consider installing reputable security extensions to keep your browsing activity safe.

11. Be Cautious with Social Engineering Attacks

Social engineering attacks trick individuals into revealing sensitive information through deceitful tactics: Pretexting, Phishing, and Baiting. Familiarize yourself with these methods to better recognize deceitful requests.

• Engage in available training and stay informed on latest scams to better identify social engineering attempts.
• Verify suspicious requests through a separate channel, maintain skepticism with unexpected communications, and report suspicious activity to your IT department.
• Follow your organization’s security guidelines to fortify against these deceptive attacks.

“Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an email claiming you have won an iPad or received a FedEx package — is this probably real? Would it happen to me walking down the street? Scams today aren’t all identifiable by poor grammar and spelling mistakes, as they once were.” - James Lyne

12. Secure Physical Devices

• Ensure to lock your computers and mobile devices when not in use to prevent unauthorized access.
• Adhere to your company’s protocols for securing hardware, including using lock screens, strong device passwords, and reporting lost or stolen devices promptly.

13. Report Suspected Cybersecurity Incidents Promptly

• Familiarize yourself with the process of reporting cybersecurity incidents within your organization to ensure timely reporting.
• Quick reporting of suspected cybersecurity incidents can significantly reduce the impact and prevent further damage, thus playing a crucial role in your organization’s overall cybersecurity posture.

Documenting the Incident:

When reporting an incident, document all relevant information. This includes what you observed, the date and time of the incident, and any other pertinent details. Clear documentation helps in understanding the extent of the incident and in formulating a response strategy.

Encouraging a Reporting Culture:

Promote a culture within your organization where all employees feel comfortable reporting cybersecurity incidents without fear of retribution. This collective vigilance significantly contributes to your organization's overall cybersecurity posture

14. Secure Your Web Browser

Web browsers are frequent targets for cyber attackers. Here’s how to secure yours:

• Configure automatic updates to ensure the latest security patches are applied.
• Avoid saving passwords in your browser; use a password manager instead.
• Install trusted web browser plug-ins from official web browser app stores and limit security settings to essential configurations.

15. Maintain the Latest Software on Your Smart Devices

Keeping your smart devices updated is crucial for security:

• Regularly update the software on phones, tablets, TVs, speakers, thermostats, etc.
• Enable the Auto-Update feature if available.
• Use screen unlock password capabilities and consider mobile device management solutions for added security.

16. Be Careful Sharing Online

Sharing personal experiences on social media can be enjoyable, but it can also inadvertently supply attackers with useful information.

• Regularly review and update your privacy settings to control who can see your posts.
• Purge old and unused social media accounts to reduce your online footprint.
• Before posting images or videos, scrutinize the content including the background for any sensitive or identifiable information.
• Ask yourself if the information you’re sharing could be weaponized against you or your organization.
• By being cautious and mindful, you can enjoy social networking while keeping personal and professional information secure.

Also read: File Sharing Security Tips

17. If you see an anomaly, report immediately

Vigilance is a key player in maintaining a secure environment, both online and offline.Stay alert to suspicious activities, be it odd emails, texts, unauthorized visitors, or unexpected digital communications.

Should you encounter something unusual or fall prey to a phishing attempt, promptly inform your supervisor or the IT department. Swift reporting allows for quick remediation, minimizing potential damage and enhancing overall security.

Keep on learning:

• What is SaaS Security?
• Learn Shadow IT Discovery Methods
• How to Track SaaS Adoption without Privacy Invasion