Whether you know it or not, cyber criminals see you, the end user, as an easy target. But don’t worry, you don’t need the newest security technology to protect yourself from some of the most common threats. Follow these easy tips to eliminate many of the everyday security threats present in a workplace environment:
Do those security updates.
We mean it! “Update Available”? Click yes, no matter how much you want to hit “remind me later.”
Whether it’s for your Office applications, your web browser, or your whole device, make the time to download, install, and restart if necessary. Updates are the most critical components to keeping your computer safe. The developers of the software you use, the applications installed on your devices, and the devices themselves create new versions to resolve issues and improve security, so make sure that you keep things up-to-date to get rid of any vulnerabilities that a hacker could easily take advantage of.
Keep “Work” and “Home” (digitally) separated.
The easiest way to do this is to avoid connecting your personal devices to the corporate network. For example, if your company has a main wifi network and a guest wifi network, try to keep your personal devices on the guest network, even though you’re an employee.
The reason for this is simple: our personal devices are likely much less secure than our devices at work. Are there restrictions at your company that regulate what sites you can access or how you can use your computer? Do you have software restrictions, or certain security programs installed at work that you don’t have at home? If so, that’s a clear sign that your company is working to keep the corporate network secure. (And if not, that may be a problem…)
These are most likely some regulations that you don’t have to follow at home with your personal devices. That means your devices are exposed to some risks that your company network isn’t, so your phone or tablet can immediately introduce new risks to your company if it is connected to the network.
Another way to keep work and home digitally separated is to avoid checking personal email and social media while at work. We can hear the groans already, but hear us out:
People get a lot of spam and other bad things sent to them through social media or personal email accounts. It happens to all of us. We don’t know how we got signed up for that newsletter or how we got stuck on that mailing list, and we definitely don’t know any Nigerian princes. But the best thing you can do is keep these risks away from the workplace.
Of course, a lot of companies have what’s called a BYOD or bring your own device policy. While this is pretty convenient, we often see companies that fail to implement this correctly. If a personal device is used in the workplace, security regulations must also be applied to that device in order to keep both the end users and the company’s data protected.
Curb your curiosity.
In terms of phishing emails, we like to use the saying, “Think before you click!” But we’d like to expand that message here. Make sure you think before you click, open, and especially before you plug anything in.
One tactic that attackers can use when they are “onsite” is dropping malicious USBs in offices or other public places, hoping that you pick them up and plug them into your computer. All you have to do as the user (or victim) is simply plug in any sort of malicious USB into your computer. It only takes a matter of seconds for your computer to be completely compromised by doing this.
So remember to curb your curiosity when it comes to unknown objects or devices, and verify the legitimacy of any USB devices before plugging them in. You know what they say about curiosity and the cat…
Practice safe passwords.
Passwords are a huge deal. They seem frivolous, annoying, and overly complicated, but they have a purpose and it’s important to follow some password best practices. Our advice? Save them securely, make them complex, and never share them.
Our first big tip here is this:
Stop saving your passwords in your browser.
Now, this can seem very convenient to be able to quickly log into any website you typically access with a single click. The problem is, this is also very convenient for hackers who have unauthorized access to your computer. All they have to do is simply browse to those same websites that you go to and they have instant access to your accounts. Bad news.
So when a website asks you to save your password in your browser? Just say no.
Also try to avoid writing passwords down. We get it, passwords are complex and can be really hard to remember, but writing them down is not a good idea. There are lots of secure password management options out there that you can put on your computer or even your phone for free and keep your passwords out of the bad guys’ reach.
In addition to secure storage of passwords, also try creating complex passwords that are harder to crack. Weak passwords are much easier to guess than you want to believe as you type “Winter2018” into the Create Password box on yet another account. Our Penetration Testers can tell you firsthand that this is a bad idea. Many of the most common password combinations include simple words like “password,” the current season or current year, or familiar words based on region, interests, or personal connections like family names or pets. Also, reusing those common passwords, even with minor variations between accounts, can be pretty risky. So file “Password1” (and anything like it) away and don’t look back.
Finally, use caution when sharing passwords. We can’t advise you to never do it, because there are instances where they must be shared. But there are still risks to sharing passwords with coworkers or others. Anyone can take your password and share it with others, leaving it completely out of your hands. This would be especially risky if that password happens to be a combination you’ve used & reused for other accounts.
The best way to safely share passwords is to change the password to something specifically for sharing, and change the password after the account or service sharing has been completed and the other user no longer needs access. And, of course, make sure to use caution when trusting your accounts with others.
Lock your devices!
Our final tip seems like a simple one, but the impact can be huge. Leaving computers unlocked and unattended is probably one of the most notorious things that happens in workplace environments, and our penetration testers see it quite a bit. Leaving your computer unlocked and unattended for any length of time greatly exposes your computer to potential malicious activities (or pranks). The risk may not seem that bad, but keep in mind it only takes a couple of seconds for your computer to become completely compromised.
The best way to combat this risk is to make sure you have passwords or other lock features enabled on your devices, and make sure to engage those features when leaving your devices unattended. Whether you’re leaving for lunch or simply walking away from your desk for a second, it’s easy to pull up the lock screen before you walk away. It may seem like a hassle, but it will be worth it to stay secure.
So there you have it, these 5 easy tips can make a huge difference in your security as a user and the security at your company. If you want to learn more about promoting a stronger security culture in your organization from a regulatory standpoint, check out our e-book: