Whether you’re working for a large enterprise or a small start-up, it’s important to ensure cyber security is embedded into your working processes. Everyone has a part to play and as October is National Cyber Security Awareness Month, we’ve put together best practice ideas you can embed to #BeCyberSmart in both your workplace and home environment.
Download our free infographic to share around your teams with 10 easy steps to cyber security that everyone can implement.
It may seem like an obvious one, but your password is your weakest link. Stolen credentials are one of the most common causes of a data breach.
Best practice is to:
Multi-factor authentication is becoming more common and you’re probably using it for at least one of your accounts, such as online banking where it is required. But best practice is to enable multi-factor authentication on all accounts where you can.
Authentication factors classically fall into three categories:
Often organisations have strict own device policies, and rightly so. If your device isn’t updated with the latest protection you could put your organisation’s data at risk. Ensure you apply all security measures outlined by your company’s policy and ask the IT team if you’re unsure.
It can be tempting when you’re busy to schedule new updates for your hardware to a later date, but it’s important to action these as soon as they’re available. Whilst often they take some time and you may be required to reboot your device, it’s a good opportunity to work off-screen for a while or take a coffee break to ensure that security patches and fixes are updated as soon as possible. By ensuring your devices are up to date you can be confident you’re reducing your risk of a hack.
Clicking links in emails or on unknown sites is a risky habit. Even if the content looks legitimate, a safer habit is to manually type out URLs. This way you’re not inadvertently putting your organisation or even your own data at risk. Always check the URLs and email domains of unknown senders too to see if they look genuine when receiving an email from someone you don’t know.
Backups are key and ensure if something happens to your data for example hardware failures, ransomware attacks and even physical theft, you can retrieve your data. It’s important to store backups in a secure location separate from the original files, such as on a cloud system or physical hard drive. Make sure you’re aware of any actions required by your organisation so you can play your part in keeping all files secure.
When searching for websites via a search engine, keep an eye on the URL to see if it looks legitimate and matches the company intended (with no typos). Look into the address bar for the padlock icon, this indicates an encrypted connection and identifies the information on the site as safe. This is especially important if you’re required to enter sensitive information such as PII or financial information.
If you’re out and about working, it may be tempting to use free public networks, but this is a red flag in terms of cyber security. Free WIFI networks are one of the easiest ways cyber criminals can target your device. If you must log in to a free public network, we’d advise not using it for accessing sensitive information and always use a VPN. A VPN improves security and enables users to access a public network as though it was connected directly to the private network.
Convenience is one of the downfalls of cyber security, whilst you may think it’s easier to stay remembered on your most used sites to save time, it increases your risk of a hacker accessing your data. Using a password management system is good practice allowing you to create different complex passwords for each site without having to remember them.
If you do suspect a fraudulent website or a phishing scam, notify your colleagues and log within your organisation. Information is key and ensuring all colleagues are aware of potential scams will reduce the risk of them falling victim too.
Whatever your organisation’s size or sector, it is important to remain vigilant when it comes to cyber security. Embedding cyber security practices into your organisation so that it becomes second nature and is at the forefront of employees minds is key to a cyber-safe environment. If you’re looking for additional guidance, CertiKit’s toolkits for ISO27001 – Information Security Management System and Cyber Essentials are written by a CISSP-qualified specialist and are a great way of embedding extra controls into your organisation.