4 Cybersecurity Awareness Month Tips That Improve Employee Cyber Hygiene

Security, Insights

Ransomware, data breaches, account compromise, phishing, and malware are on the minds of most business leaders. As many as 76% of Irish organisations state they have some level of worry about employees exposing them to digital security risks.

In today’s hybrid working world, the risk can be even greater. Employees working remotely may not have properly secured devices. There may also be data exposure issues due to lax cybersecurity hygiene.

October is Cybersecurity Awareness Month (CSAM). This designation began in 2004 in the United States, and since then has spread globally. It’s a month when a special emphasis is put on digital security best practices.

While the message of cybersecurity is needed all year, CSAM is a reminder of the importance of employee cybersecurity awareness and the need to keep training fresh and relevant.

This year’s theme is “See Yourself in Cyber,” and it highlights the importance of having everyone take personal responsibility for cybersecurity. This is a timely message in light of the fact that approximately 82% of data breaches are the result of human error.

Here are some examples of how employees play a role in data breaches:

  • Neglecting to properly secure devices
  • Using weak passwords
  • Falling for a phishing email and providing a “user assist” to a breach
  • Mishandling personally identifiable information
  • Sharing passwords with others
  • Not keeping software updated on their devices

Begin Creating a Culture of Cybersecurity with These Four Tactics

The Cybersecurity Awareness Month program is emphasising four main tactics to boost individual and company security. They may seem simple, but they are powerful, especially when used together.

These four tactics are also something everyone can do to improve cybersecurity at their home and office.

 

Enable Multi-Factor Authentication on All Accounts

Multi-factor authentication (MFA) involves enabling a secondary form of authentication before one can gain access to an account. Once the user enters their username and password, the next factor is requested.

This usually comes in the form of a one-time passcode (OTP) that is sent to a pre-registered device owned by the user. Once that code is entered, the user gains access.

Too many organisations don’t have MFA implemented because they find it inconvenient. Yet, it’s one of the most effective forms of protection against password compromise. According to Microsoft, MFA can block 99.9% of malicious sign-in attempts.

Enabling MFA is simple, inexpensive, and effective. To avoid user complaints that the extra step hurts their productivity, companies can implement a single sign-on (SSO) solution alongside MFA.

 

Use Strong Passwords & a Password Manager

In a world where most data is kept behind a username and password, credential compromise has become the main driver of data breaches. Employees continue to use weak passwords and reuse passwords because they simply have too many to juggle.

81% of data breaches are enabled by stolen passwords.

This tactic has two steps to better secure passwords and the accounts and data they are protecting. The first is to use strong passwords for every login.

A strong password has the following attributes:

  • Is at least 12 characters long.
  • Is unique (with no other account using that same password)
  • Includes a combination of upper-case and lower-case letters, symbols, and numbers

The way to solve the issue of employees having too many passwords to juggle is to use a password manager. Password management applications provide a secure place to store passwords. When employees need to retrieve passwords, they only need to enter and remember one. This gives them access to all the others.

Additionally, password managers will suggest strong passwords, so you’re not relying on employees to try to guess what is strong. When using a business account, you can have administrator access to all business-related accounts. This ensures you’re not locked out of an important interface should an employee be absent or leave the company unexpectedly.

 

Keep Device Software Updated

Keeping software updated is a core best practice of cybersecurity. Yet, many data breaches still happen because hackers exploited vulnerabilities for which a patch existed but wasn’t applied.

With the increase in devices used in a typical office, it can be complex to ensure all are updated. Organisations need to ensure that computers, smartphones, tablets, and IoT devices all stay current.

Further, each device will have three key types of software updates:

  • Operating system
  • Applications
  • Firmware

One of the easiest ways to ensure employee devices are staying current with required updates is to have this function handled through a managed IT services plan.

 

Learn How to Identify Phishing & Report It When Found

The fourth key tactic that can significantly improve cybersecurity is for employees to learn how to identify phishing and report it when they see it. Phishing continues to be the most popular delivery method for malware of all types. It’s also used widely for credential theft.

Phishing has become more sophisticated over the years, so users need to know to trust no message attachment or link that isn’t verified. They should also be aware that phishing via SMS is on the rise, and phishing can also show up on social media or via an old-fashioned phone call.

When phishing is identified, it needs to be reported. This allows the company to warn other employees and act to shut down the attack.

Schedule a Cybersecurity Check-up with FutureRange

Cybersecurity Awareness Month is a good benchmark for scheduling an annual cybersecurity check-up.

Contact us today to schedule a consultation. Call +353 1 2960 560 (Dublin) +353 6140 0230 (Limerick) +353 21 2427974 (Cork) or reach us online.

 

 

Some related posts

Strengthen Your Defences: Enterprise Ireland Grant and 6 Essential Steps to Boost Cybersecurity

The Importance of Penetration Testing

Understanding the Implications of the NIS2 Directive for Board Directors