In our increasingly Internet-connected world, all businesses now need to ensure their sensitive data and networks are secure. Human error is the biggest weakness that cyberattacks exploit, which means every person in the workplace has a role to play in security. Here are basic cybersecurity tips any employee should follow all the time and advice for protecting sensitive information in situations you may not have thought about before.
Safe Habits to Practice All the Time
Here are some tips for safe habits that any employee can start practicing today:
- Use strong passwords (longer is better!) and change them regularly.
- Keep your sensitive login credentials private.
- Be very wary of opening emails and attachments from sources that you don’t recognize.
- Don’t install software or connect hardware to your business’s network without permission.
- When working from home, make sure your Internet connection is secure.
Be Wary of Insider Threats to Security
A lot of basic cybersecurity tips and advice focuses on habits to protect against external threats – which is a necessary foundation – but not all security threats come from outside. Human beings in organizations are often threats as well, from accidents to negligence to malicious behavior.
How can employees pose a risk? Any user with network permissions can inadvertently delete or compromise data. This behavior is accidental, rather than malicious, but it can be just as bad. Then there’s negligence: sometimes employees violate security policies or best practices through well-intentioned but harmful actions or inattention.
And lastly, there are malicious insiders. The classic example is the fired employee who absconds with sensitive data to sell or who uses still-active login credentials to access and harm business accounts.
Any organization should take these sort of insider threats into account and plan security procedures accordingly.
Non-Technical Practices on the Go
Strong security isn’t just about the cyber domain of strong passwords, blocking malware, and managing permissions. You also safeguard sensitive information with physical security and cautious behavior. Here are some non-technical security tips:
- Keep an eye on your devices and never leave them with strangers.
- Look for privacy in places like airports and coffee shops. Sit where no one can see over your shoulder.
- Dim the screen on your device or get a privacy filter so it’s harder for strangers to see what’s on your device.
- Don’t discuss sensitive information in public areas or where people can eavesdrop on your conversation.
- Get a case to protect your devices. A sturdy case can cushion your device if dropped or protect it if something is spilled on it.
Sensitive Data on the Move
We live in a connected world where we must share sensitive, identifying information regularly in exchange for services. If you’re accessing government or medical services, you’ll be sharing your PII (Personally Identifying Information). If you’re shopping, you’re sharing your credit card number. And so on! Safely transferring and storing sensitive data affects us all.
How can you verify that you’re sharing and transferring sensitive data well? Follow these three steps:
- Verify the recipient. Don’t send to the wrong person! Take a minute to double-check the recipient before you hit “Send”.
- Verify the data. You don’t want to send the wrong data, even if it’s to the right person. Glance over your attached document one last time (did you attach the version with the least necessary sensitive information, for example?) and reread your email.
- Verify the method. Transfer data according to best practice or in line with your organization’s policies. Are you required to encrypt emails with PII? Make sure you’re doing that.