Every October since 2004 has been designated by the Cybersecurity & Infrastructure Security Agency (CISA) as Cybersecurity Awareness Month.
Cybersecurity has become one of the major risk factors that businesses of all sizes must consider. Just one ransomware attack can take a business out for days, and many smaller companies lack the resources to recover from an attack on their company network.
The online landscape keeps getting more dangerous as well. Statistics over the last 12 months show:
- An increase in cloud account breaches of 630%
- An increase in ransomware attacks of 485%
- An increase in phishing attacks of 440% in May 2021
It’s important to keep employees well-trained on threats because most of those threats are coming into their inboxes. Phishing is still the main delivery method for most online attacks of all types.
Have you been having a hard time coming up with new ways to train your employees on IT security? You’re in luck because CISA has multiple tip sheets and other free resources you can use that cover all types of cybersecurity best practices.
Tips to Use to Boost Employee Security Awareness
We’ve included a summary of helpful tips from the Cybersecurity Awareness Month site below. You can access all their free resources here.
Password Security Tips
Password compromise remains a big problem at companies. Users know they should use strong passwords, but often opt for those that are easy to remember instead.
Password compromise is now the #1 cause of data breaches.
Here are some tips for creating stronger passwords:
- Use a passphrase: Using a phrase (without spaces) for a password can keep it easy to remember, but also make it more secure. The longer the password, the harder it is to hack.
- Use Unique Spellings: Another trick for creating stronger passwords is to use unique spellings for words. For example, instead of using “engine” use “Ingin” to throw hackers off the track.
- Use a password manager: Password managers are a great way to ensure unique passwords are used for every login. They keep all passwords in an encrypted “vault,” and users only need to remember a single password to access all the others.
Phishing Security Tips
Phishing is something employees face in their inboxes daily. It’s important to continue reinforcing strong phishing identification and protection tactics.
- Think before you act: Just stopping and giving an email a further examination is often all it takes to identify a malicious fake. Avoid falling for emotional triggers of urgency or fear. If an email is using one of these, there’s a good chance it’s phishing.
- Double your login protection: Many phishing campaigns are designed to steal your login credentials and use links to convincing spoofed login pages. You can protect your accounts from being breached by using multi-factor authentication.
- Carefully inspect hyperlinks before clicking: Hyperlinks to malicious sites are used in a majority of phishing emails. It’s important to inspect these carefully, such as hovering over them without clicking. This often reveals a false website.
Home Digital Security Tips
More employees now work from home than ever before, and this is an environment that approximately 80% of surveyed organizations are planning to keep in place permanently. This means that home IT security needs to be a big priority and one that’s included in security awareness training.
- Secure your internet connection: Many employees working from home are on less secure Wi-Fi than when at an office. Use a strong router password and make sure to keep router firmware updated regularly.
- Put work devices on a guest Wi-Fi: It’s a good idea to separate your digital network traffic between your home devices and business devices. Set up a guest Wi-Fi on your router, and only connect business devices to it.
- Connect using a Virtual Private Network (VPN): Using a VPN on home and public Wi-Fi networks can ensure all traffic is encrypted and keep your connection secure.
Social Media Security Tips
Social media is becoming just as dangerous as your email inbox when it comes to phishing attacks. It’s important to make users aware of the dangers of social phishing and oversharing company or customer information.
- Remember, the internet has no “delete” button: People often get caught up feeling a need to post new content on their social media feeds, but it can pose a problem if they post sensitive company or customer data. Remember, there is no way to take back something once it’s been posted, even if you delete your post, it could have already been shared by others.
- Review your privacy settings: It’s a good idea to review privacy settings to restrict who can contact you and see your social media feed. Scammers often make fake friend requests just to gain access to your information and launch a phishing attack.
- Only connect with people you know and trust: Scammers of all types are on social media looking for victims. Don’t connect with people unless you know them from your work or personal life. And if you get a friend request from someone you know, contact them IRL (in real life) to ensure that it’s legitimate.
Need Help With Effective and Consistent Employee Training?
GEEK911 can help your Silicon Valley area business put a comprehensive employee security awareness training process in place to reduce the risk of falling victim to a cyberattack.
Schedule a consultation by calling 1-866-433-5411 or reach us online.