As an employee you are a valuable target for attackers. Follow these cyber security tips and best practices for employees to protect your workplace against the most common cyber security risks.
Looking for more safe computing tips? Check out these related articles.
As an employee you are your company’s first line of defense against cyber security threats. While IT administrators will do everything they can to make your day-to-day work experience as secure as possible, it is ultimately your responsibility to practice safe computing in the workplace.
By reading this article with cyber security tips for employees you’re taking the first critical step to doing your part to keep data safe against threat actors.
The 2020 Verizon Data Breach Investigations Report found that 30% of all data breaches involved internal actors. 37% of these breaches were caused by stolen or compromised credentials, 22% by errors, and 8% by misuse of authorized users.
By learning all you can, following corporate security policies, and following our safe computing tips you can help protect your organization against IT security vulnerabilities.
Shadow IT – also known as Stealth IT, Client IT, or Fake IT – is any system, solution, or software you use for work without the knowledge and approval of your IT department.
Shadow IT poses a unique threat to cyber security as the technologies are not under the control of the IT department. These applications, Software-as-a-Service (SaaS) products, and other shadow technologies put corporate data at risk because they are not being appropriately secured.
Examples of Shadow IT
These shadow IT safe computing tips do not just apply to software with viruses and other malware, either. The shadow technologies themselves may not even be inherently insecure. Platforms, services, and applications that are widely used in business settings may simply become insecure due to the lack of visibility and control the corporate IT department has over them.
A personal cloud storage account, for example, could be used to transfer work-related files to a coworker. However, if that data falls under a protected class such as personally identifiable information (PII) then your ability to access that data outside of work would be a violation of corporate and regulatory data security compliance standards.
These phishing safe computing tips are absolutely essential for any employee with internet access. According to the Verizon report a vast majority of malware is delivered via email. Business email compromise (BEC) is a pervasive threat that you need to be aware of to use computers safely.
A report from Tessian found that a staggering 1 in 4 employees have admitted to clicking on a phishing email at work. According to a report from PhishMe employees who have opened a phishing email in the past are 67% more likely to fall for a future phishing attempt.
Phishing is a type of fraud that uses fake emails, text messages, or social media messages to convince you to click a link, fill out a form, provide sensitive information, transfer funds, or take other actions that benefit the attacker.
Phishing is a constant threat to data security. It is responsible for 22% of the data breaches studied in the Verizon report. Cybercriminals use phishing attacks to compromise accounts, steal company funds, and breach sensitive data.
Social Engineering is an advanced form of social manipulation where an attacker convinces an employee to provide confidential information or unauthorized access to corporate systems.
Social engineering can be as simple as pretending to be a contractor in order to gain physical access to the office or as advanced as impersonating an executive to trick you into providing them with confidential information.
Following these password hygiene computing tips is essential for protecting data. Unfortunately poor password hygiene is far too prevalent – a shocking 59% of users surveyed in the LastPass Psychology of Passwords Report admit to reusing passwords!
Your passwords must be unique, private, and easy for you to remember without being easy for an attacker to guess. Along with a strong password you should use multi-factor authentication (MFA) wherever possible; this forces a would-be attacker to bypass multiple authentication measures (a password + biometrics, a PIN number, etc) before they can breach an account.
Browsing social media or accessing your personal email from a work computer might seem benign, but it can actually be a potential source of danger for sensitive data. The websites you visit for leisure may potentially be not as secure as the ones that are normally accessed during the workday.
Personal email accounts are especially dangerous as they are not protected by enterprise-grade secure email gateways. This means that it is far more likely for you to receive dangerous phishing emails and malicious attachments in your personal email inbox than your work-only inbox.
In terms of personal privacy, if your employer monitors computer activity on work devices they may also inadvertently capture your sensitive personal information. If you must use company devices for personal use, ensure that it follows any guidelines provided by your employer.
Any workplace that takes cyber security seriously will force you to use a unique login to access company property. To prevent unauthorized users from accessing your account (and anything your account can access), lock out your workstation any time that you will not be physically present.
On a Windows computer you can quickly lock your computer by pressing the Windows Key + L at the same time. On a Macintosh computer you will use Control-Shift-Power to lock your screen; on older MacBooks with an optical drive you will use Control-Shift-Eject.
A Ponemon Institute USB security study found that 72% of employees used USB flash drives that were given to them at events such as conferences and tradeshows. Rogue USB devices are incredibly dangerous as they can be programmed to stealthily execute malicious payloads that spy on employee computer activity, infiltrate the network, and steal sensitive data.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
This is one of the most important cyber security tips for employees. The cyber threat landscape is constantly evolving and your IT team works hard to balance the security and productivity of your company.
As new threats and vulnerabilities emerge your IT team will work with HR and management to develop and enforce policies and procedures that maintain information security while giving you the tools you need to complete your tasks.
These policies may include a work from home policy, acceptable use policy, or data security policy. If you are uncertain about your employer’s data security expectations you can request clarification from your employer or rereview these policies at any time.
Free Sample Template:
Employee Internet Usage Policy
Download this FREE acceptable use policy, customize it,
and distribute it to your employees to set a precedent for the acceptable use of the internet in the workplace.
Social networking tools have changed the way we interact both at the professional and personal level. With their increasing popularity, they also bring tremendous opportunities for network threats and scammers.
Be prudent about not sharing personal or company information on social media platforms. The more information you share, the more likely it is that someone could impersonate you and entice your circle of friends/associates to share personal information, download malware or gain access to restricted assets.
If you’re travelling for work or you want a change of scenery you may be tempted to use one of many publicly available Wi-Fi hotspots.
These convenient wireless internet connections are provided by places such as hotels, coffee shops, and airports. These may be fine for low-risk personal browsing but there are dangers you should be aware of.
Ideally you will have access to your own private mobile hotspot that you can use to connect to the internet while working remotely.
Data protection is not the sole responsibility of the IT department; as an employee you must do your part to ensure that adequate information security practices are being followed by yourself and your coworkers.
There are many data security risks that employees can help prevent. By following these employee cyber security awareness tips you can do your part to keep sensitive data safe and protect your workplace against malicious hackers.
Did you enjoy this article? These computing tips are just a start. Click the links below to learn more employee cyber security awareness tips and keep sensitive data safe.
Fill out the form to sign up for Catching Up With CurrentWare, a monthly newsletter with our latest articles, resources, and news.
| Thank you for Signing Up |
Download this FREE removable media policy template to help protect the sensitive data in your custody.
👉 Set data security standards for portable storage
👉 Define the acceptable use of removable media
👉 Inform your users about their security responsibilities
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |