National Cybersecurity Awareness Month (NCAM) explores different cybersecurity-related themes each week. This year marks the 18th anniversary of NCAM and is expected to be one of the most comprehensive events yet. In celebration of Cybersecurity Awareness Month, take time to teach employees some cybersecurity best practices to protect against online threats. Inform staff about the latest penetration methods and techniques used by hackers, and the impact that a single data breach could have on the company and its stakeholders.
7 Important Takeaways From Cybersecurity Awareness Month For Employees
Approximately 95 percent of all cybersecurity breaches are caused by human error, according to Cybint. Providing employees with comprehensive and ongoing cybersecurity training and resources can help reduce the risk of costly mistakes and prevent cybercriminals from gaining access to sensitive information. During National Cybersecurity Awareness Month, ensure that employees walk away with the following critical reminders:
1. A Secure Remote Connection Does Not Guarantee Network Security
There is a common misconception that having a secure remote connection equals network security. In reality, no security measure on its own is enough to guarantee secure remote work. Businesses need to enforce to the use of multiple security measures to boost the effectiveness of security. Creating a cybersecurity policy for remote workers is a great place to start. Stipulate guidelines that comply with security protocols and use encryption whenever possible to secure remote data and connections.
2. Unsecure Devices On A Secure Network Can Create a Vulnerability
The use of unsecured devices, even on a secure network, can put businesses at risk for vulnerabilities. Attackers can easily target these devices and hack into the network to access personal information and financial details. Once a hacker gains control of the device remotely, sabotage can occur in an attempt to collect ransom. Express the importance of securing devices to employees and implement new guidelines to prevent vulnerabilities.
3. Suspicious Activity Or Network Use Should Always Be Reported
Employees should always promptly report suspicious activities to help prevent cybercrimes. Teach employees to share information regarding possible cyber events that could threaten the business or its staff and customers. With this information, an investigation should be performed to determine the claim’s validity and to block any further attempts of online scams or network intrusions. Provide employees with multiple options for communicating this information, such as email, telephone, or in-person.
4. Passwords Must Be Strong, Secure, And Frequently Changed
Password protection is a simple concept that many employees get wrong. It is good practice to change passwords frequently to prevent cybercriminals from gaining confidential systems and data access. Passwords should also be strong and include a series of uppercase and lowercase letters, and numbers and characters like percent signs, commas and exclamation points. The same password should never be used for more than two devices or it will be easy for a hacker to guess.
5. An Email from Your Employer Might Not Always Be Legitimate
With a sharp increase in phishing and social engineering scams, employees must use caution to avoid becoming a part of an online hacking attempt. Businesses should educate their employees about how business emails can be compromised and red flags to look for before opening a suspicious email. Unfamiliar tone or greeting, inconsistencies in email addresses, spelling errors, suspicious attachments, or a sense of urgency may dictate that something is amiss and the email is not actually from an employer.
6. Leaving Information On Your Desk Can Lead To Stolen Information
Making a simple mistake like leaving sensitive information on a computer screen while away from the desk can lead to stolen information. When confidential data falls into the wrong hands, it can lead to identity theft, fraud and other harmful outcomes. Businesses should consider implementing a clean desk policy that requires employees to clear their desks and computers at the end of the day or when leaving the desk for a certain amount of time.
7. Being Proactive Is More Important Than Being Reactive
Unfortunately cyberattacks are no longer a matter of ‘if’, but ‘when’. Don’t wait until an event occurs to take action. A proactive approach to cybersecurity is designed to identify weaknesses and add processes to identify potential threats before they can evolve. Compare this to a reactive approach which involves responding to incidents, such as data breaches or hacks, after they have already occurred.
Reach Out To Hartman To Improve Your Cybersecurity Posture
National Cybersecurity Awareness Month is the perfect excuse to remind employees about the importance of practicing good cyber hygiene to make online activities safer and more secure for everyone. To learn more about the importance of cybersecurity or to receive guidance from expert cybersecurity and IT consultants, contact Hartman Executive Advisors.