“Be Cyber Smart” The New Year Resolution & CAN’T-MISS Bonus Tips to Make Cyber Hygiene Part of Your Routine
The increased demand for robust cybersecurity is impossible to ignore heading into 2022. There has never been a better time for any connected business to update its plans and policies to ensure it stays as safe as possible in the face of rising threats.
Make increased cyber protection your New Year’s Resolution, starting with these essential tips:
1. Fight the Phish
Phishing is one of the oldest and most established forms of cyberattack, and it won’t be going away in 2022. Defending against these attacks involves a combination of technology and awareness, so don’t underestimate the need to keep employees up to date on the latest techniques. Remind them that if something appears too good to be true, it probably is, and there’s no better defence against phishing than an educated recipient.
2. Old Attacks, New Targets
Cyberthreats are on the rise, but not due to some revolutionary new form of attack. Phishing is still a critical concern, as outlined above, and neither ransomware nor malware will go anywhere any time soon.
The recent rise can be pinned, in part, on more significant numbers of mobile devices and the increased number of remote employees. Of course, the same defences work against the same kinds of attacks as ever before, but it’s vital to head into 2022 with a clear plan for how to defend phones and tablets, especially with their corporate usage on the rise.
3. Familiarize Yourself with Shadow IT and BYOD (Bring Your Own Device)
Remote work poses all sorts of challenges for those accustomed to an office base for all employees. However, shadow IT and BYOD policies can shape how your business tackles the latest cyberthreats as they develop.
Many companies no longer have the luxury of constant network and hardware supervision from a centralized IT team. Indeed, shadow IT refers explicitly to devices, systems, and software deployed outside the control of the IT department.
Once again, education and awareness play critical roles in maintaining secure infrastructure. Of course, there is nothing inherently wrong with enabling employees to use their own devices and tools for work purposes. Still, they should receive thorough, dedicated training on what is and isn’t acceptable when carrying out business-sensitive tasks or accessing sensitive information.
4. Refresh Your Focus on the Basics
Virtually every business, regardless of size or industry, can potentially benefit from a security-first culture heading into 2022. Most companies are aware of the threats cybersecurity can pose to operations, and many will have heard the statistics surrounding how many businesses fail altogether following a high-level attack.
However, that doesn’t make it acceptable to assume that employees understand these risks equally well. If a business hasn’t done so already, 2022 is the perfect time to add basic cybersecurity training and awareness to the employee handbook. Then, take the initiative when ensuring that employees have access to the information and resources they need to protect the business and make the right decisions should the company come under online attack.
Bonus Cyber Hygiene Tips Heading Into 2022
Cyber hygiene has recently become one of the business world’s hottest topics, but it’s far more than a buzzword. Instead, it’s a habit that ensures that every employee understands a typical routine that will enable them always to protect the company’s digital integrity.
One-off security training isn’t enough. Cyberthreats don’t disappear, and they often get stronger. It’s imperative to provide workers with specific advice and guidance on how they should approach cybersecurity on an ongoing basis. In addition, they need to be cyber aware and resilient because it’s impossible to tell where or when the next threat to a business might arise.
Make cyber hygiene part of your routine by making every employee aware of these everyday requirements:
1. Only Download Apps from Trusted Sites
Employees have greater control over their devices while working than ever before. Previously, systems and software may have controlled access to suspicious sites and blocked dangerous downloads on their behalf. However, the rise of Shadow IT and BYOD policies means that they can theoretically download anything.
Remind them that it’s vital only to use full, legal versions of the app in question when getting software, and they should only ever be obtained from reputable sources.
2. Be Careful About Sharing Personal Information Online
A business’s weakest link in cybersecurity is often its people. Unfortunately, there’s no shortage of malicious actors looking to capitalize on any opportunity for social engineering. Virtually every employee knows not to share passwords and login credentials. However, it’s worth ensuring they understand the implications of sharing additional information, such as anything that could be used as a password reset question.
Social media also attracts more than its fair share of scammers. In business terms, they may look to trick employees into sharing credentials or sensitive information, so remind them all to be on their guard.
3. Go Beyond Strong Passwords
Passwords have been criticized for their effectiveness for over a decade, but the rise in cyber threats to businesses has brought this consideration firmly to the fore. While they’re not going anywhere any time soon, and there’s every reason to use passwords that are as strong as possible, there’s no need to be entirely dependent on them.
Perhaps the best way to reinforce an existing password strategy is to deploy two-factor authentication. Passwords become less critical, as they become one of two required credentials for access. Naturally, doubling the amount of security instantly makes it at least twice as difficult for an attacker to gain access.
4. Think Before You Click
Employees and anyone who uses email need to stop and think before clicking links they receive. Doing so has become easier, with most email platforms identifying suspicious links and attachments and warning people before interacting. Nevertheless, they’re no match for intuition and common sense, and 2022 isn’t the year in which workers should forget to think about whether to click something that could be dangerous.
5. Keep Software Up to Date
It’s always nice to find new features and design choices in software through updates. However, most updates across desktops and mobile devices are deployed with security in mind. Even the most prominent companies can’t avoid bugs, and they often only become a problem when someone finds them. However, they can quickly become a valuable hacking tool. The onus is on the developer to fix their software with an update, which then transfers to the end-user.
Most software will alert users when a new update is available, and, in virtually every case, downloading and applying it should be a priority before using that software again.
6. Backups are Everyone’s Responsibility
It’s impossible to have too many backups. So, while you wouldn’t want every employee to have complete and unrestricted access to all internal data, there’s no harm in encouraging them to back up their own work. Provide facilities for them to do so on company systems, but also encourage them to keep additional copies of anything business-critical wherever suits them best.
As a rule, get them to consider the impact on the business if something they’re responsible for was lost, damaged, or stolen. If such an occurrence would be in any way significant, it’s worth keeping multiple copies.
7. Prioritize Remote Workers
Remote work is the standard in most businesses today, and numbers will continue to rise. These employees are often the most vulnerable from a cybersecurity perspective, but they don’t need to be IT experts to stay safe. Instead, remote workers that follow the basics can go a long way to protecting themselves and the business:
- Always use a VPN when accessing internal systems and sensitive information
- Try to restrict access to emails and other information to devices issued by the company
- Don’t enable anyone else to access company devices, including friends and family
- Lock the device or log out entirely when leaving it unattended, especially in public
Cyberattacks are becoming more commonplace and increasingly sophisticated. However, that’s absolutely no reason to forget the basics as part of your business defences. Your people can be the weakest link in your protection plan, but they can also be the most valuable asset with the proper ongoing support and training.
Virtually every employee is invested in a company’s success, and it’s not difficult to justify cybersecurity awareness as a vital part of achieving those goals. Invest in your people, and you’ll have every chance of staying protected, no matter how they work. And, of course, if you need assistance on the technical side or with keeping your employees on the forefront, we’re here to help!