15 Must-Know Cybersecurity Tips for Employees

Security in IT is like locking your house or car – it doesn’t stop the bad guys, but if it’s good enough they may move on to an easier target.

Paul Herbka

1. Educate Yourself and Stay Informed

Cybersecurity evolves so quickly that staying informed is not just beneficial; it’s critical. The first step towards establishing a secure digital workspace begins with education. Here are some ways to stay updated:

Enroll in Cybersecurity Training Programs

Many employers offer cybersecurity training programs to help their employees understand the basics of cybersecurity and the organization’s policies and tools. Engage in these programs to learn about the common threats you may encounter and the best practices for dealing with them. For instance, tools like Wizer or KnowBe4 provide interactive security awareness training that can be very beneficial.

Stay Updated on Latest Cybersecurity Threats and Trends

Cybersecurity is fast-paced with new threats emerging almost daily. Subscribe to reputable cybersecurity blogs, follow industry experts on social media, listen to popular cybersecurity podcasts, and participate in relevant forums to learn current potential risks. Being informed about the latest threats and the evolving landscape of cybersecurity can equip you with the knowledge to recognize suspicious activities and prevent possible security breaches.

2. Use Strong and Unique Passwords

A strong password is fundamental to securing your digital identity. Using the same password from high school for every account and saving your passwords in a notes app? That’s a security risk waiting to happen.

A strong password should include a mix of uppercase and lowercase letters, numbers, and special characters.
It should be at least 12 characters long to ensure complexity.
Shared accounts cause vulnerabilities.

Learn more about password security best practices in our blog.

Consider using password management tools to keep track of your complex passwords. These tools help you generate and store complex passwords securely.

Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.

Chris Pirillo

If it isn’t already implemented in your workplace, consider recommending your employer to adopt an open directory platform. These platforms facilitate secure management and connectivity for users to devices, applications, files, and networks all from a single dashboard, streamlining the process and enhancing the security framework.

3. Utilize Multi-factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds a layer of security to the traditional password-based login by requiring an additional authentication factor to access your account. This could include something you know (like a password), something you have (like a mobile device), or something you are (like a fingerprint).

Ideally, MFA should be applied everywhere — an MFA-enabled single sign-on (SSO) solution can help you achieve this.

4. Be Cautious with Email and Phishing Scams

• Phishing attempts often come in the form of emails that seem legitimate but contain malicious links or attachments. Be cautious and avoid clicking on links or downloading attachments from unknown or suspicious sources.
• If you encounter a phishing attempt, it’s essential to report it to your IT department immediately so that they can take necessary measures to prevent further attacks.

5. Use the SLAM Method to Spot Suspicious Emails

Phishing attacks are prevalent and can be highly personalized, making them quite deceptive. Use the SLAM method to identify potential phishing attempts:

• Sender: Verify the sender’s email address to ensure it’s from a legitimate source.
• Links: Hover over any links to see where they lead before clicking.
• Attachments: Avoid opening attachments from unfamiliar senders or unexpected attachments even from known senders.
• Message: Examine the message for poor grammar or misspellings, which can be red flags.

6. Use a SaaS Security Tool

Companies believe that about 70% of the apps they use are SaaS-based. These online applications can pose a significant SaaS security risk, especially if employees begin using unauthorized SaaS tools without the oversight of the IT department. This scenario, known as shadow IT, widens the attack surfaces, making the organization more vulnerable to cyber threats.

How to avoid shadow IT:

• Refrain from using unauthorized SaaS applications.
• Encourage colleagues to adhere to the approved list of SaaS tools and report any unauthorized use they come across.

7. Ensure a Secure Connection

• When accessing company resources remotely, connecting to a Virtual Private Network (VPN) can help keep your connection secure. It encrypts the data traffic, keeping it safe from potential eavesdroppers. Check with your IT team for their policies on VPN use.
• Avoid using public Wi-Fi networks for accessing company resources. Public WiFi is often unsecured and can be a potential source of cyber threats.

8. Secure Your Home Network

Securing your home network can help protect both personal and corporate data – especially if you work from home. 

• Plug computers into your router, not your modem.
• Change the default password on your router and ensure firmware is updated.
• Disable remote router administration to eliminate an easy pathway for cyber attackers.

9. Regularly Update Software and Systems

• Keeping your software and systems updated is crucial as updates often contain patches for known security vulnerabilities. An unpatched system is an open door for cyber threats. Companies often use a patch manager to help automate updates. 
• Enable automatic updates whenever possible to ensure that your system stays updated without requiring manual intervention.

10. Practice Safe Browsing

• Avoid visiting suspicious or irrelevant websites during work hours as they may contain malicious software that can compromise your device.
• Utilize browser security features and consider installing reputable security extensions to keep your browsing activity safe.
• Avoid saving passwords in your browser; use a password manager instead.

11. Be Cautious with Social Engineering Attacks

Social engineering attacks trick individuals into revealing sensitive information through deceitful tactics. Familiarize yourself with some common social engineering methods, like phishing, to better recognize deceitful requests.

• Engage in available training and stay informed on latest scams to better identify social engineering attempts.
• Verify suspicious requests through a separate channel, maintain skepticism with unexpected communications, and report suspicious activity to your IT department.
• Follow your organization’s security guidelines to fortify against these deceptive attacks.

“Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an email claiming you have won an iPad or received a FedEx package — is this probably real? Would it happen to me walking down the street? Scams today aren’t all identifiable by poor grammar and spelling mistakes, as they once were.”

James Lyne

12. Secure Physical Devices

• Lock your computers and mobile devices when not in use to prevent unauthorized access.
• Adhere to your company’s protocols for securing hardware, including using lock screens, strong device passwords, and reporting lost or stolen devices promptly.

13. Report Suspected Cybersecurity Incidents Promptly

Vigilance is a key player in maintaining a secure environment, both online and offline. Stay alert to suspicious activities, be it odd emails, texts, unauthorized visitors, or unexpected digital communications.

Should you encounter something unusual or fall prey to a phishing attempt, promptly inform your supervisor or the IT department. Swift reporting allows for quick remediation, minimizing potential damage and enhancing overall security.

• Familiarize yourself with the process of reporting cybersecurity incidents within your organization to ensure timely reporting.
• If something suspicious occurs, report it quickly. Quickly reporting suspected cybersecurity incidents can significantly reduce the impact and prevent further damage, thus playing a crucial role in your organization’s overall cybersecurity posture.
• When reporting an incident, document all relevant information. This includes what you observed, the date and time of the incident, and any other pertinent details. Clear documentation helps in understanding the extent of the incident and in formulating a response strategy.

14. Maintain the Latest Software on Your Smart Devices

Keeping your smart devices updated is crucial for security:

• Regularly update the software on phones, tablets, TVs, speakers, thermostats, etc.
• Enable the Auto-Update feature if available.
• Use screen unlock password capabilities and consider mobile device management solutions for added security.

15. Be Careful Sharing Online

Sharing personal experiences on social media can be enjoyable, but it can also inadvertently supply attackers with useful information.

• Regularly review and update your privacy settings to control who can see your posts.
• Purge old and unused social media accounts to reduce your online footprint.
• Before posting images or videos, scrutinize the content including the background for any sensitive or identifiable information.
• Ask yourself if the information you’re sharing could be weaponized against you or your organization.

By being cautious and mindful, you can enjoy social networking while keeping personal and professional information secure.

Empower Employees to Keep Your Organization Secure

The responsibility of security falls on everyone — not just IT. For more information on educating employees on security best practices, check out Security Training 101: Employee Education Essentials.