In this guide we explore 10 cyber security tips to help protect employees online
Businesses need a well-maintained cyber security solution that keeps them one step ahead of cyber criminals.
Device hacking, phishing scams and malware have become a daily threat for employees. These risks are now amplified with the increasing number of smartphones, tablets and internet-connected appliances.
10 Cyber security tips for employees
The good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these risks and threats.
Here is our selection of the top 10 cyber security tips to help protect employees to get you started…
1. Protect your passwords
It’s surprising how many people are still using the same password for ALL of their online web apps and services. Yes, they may be easier to remember… but you need to be mindful that if they are easy for you to remember, they are probably easier for hackers to crack too!
2. Always lock your computer
When you leave your desk, even for a moment, you need to make sure you lock your computer.
Not only will this safeguard you against someone installing malware onto your device, it could also be a serious breach of GDPR. As a result you could be facing a huge financial cost to fix the problem.
3. Store data safely and securely
Where possible use a shared drive or secure cloud storage to store important and sensitive data.
Always make sure you save your work to a central storage point that’s backed up or a cloud based service that will protect critical business data being lost in the event of a cyber attack.
4. Stop and think about links
Never click on links in emails and messages from senders you don’t recognise. You should also take care with emails from people you know especially if it looks or sounds suspicious.
Phishing emails often have links that lead to websites that can trick you into giving personal information or download malware. Criminals can quickly and easily create a malicious email that looks like it came from your colleagues email account.
The amount of effort that goes into mimicking a legitimate person or company with the purpose of obtaining money and / or sensitive business data is huge.
How many times have you received emails and messages from national companies and banks asking you to log on to your account? Often these emails are phishing emails designed only to cause fear, uncertainty and doubt.
If you receive an email that you’re not sure about, have a look at where the email was really sent from, you can do this in Outlook and many other email applications by hovering over the ‘from’ field in the email header.
If we look at the example above, fraudteam257@gma… is unlikely to be sending emails from your email provider. In general, if something does not appear to be legitimate, it probably isn’t.
5. Software & device updates
Software updates and patches are often as result of companies responding to recently identified cyber threats. The importance of installing critical updates shouldn’t be overlooked.
It’s worth mentioning here that not all patches are security related. Software vendors often find bugs in a program or required to enable software enhancements. These updates help improve the performance of the software and can help boost your productivity.
Software updates and the installation of security patches can easily be automated by your IT support provider. If they aren’t already, we recommend contacting them to find out why.
6. Protect your data, zero trust
You should never give out any financial information like bank details and payment information over the telephone.
Banks and other organisations are now taking extra steps to remind us that there is certain information which they would never ask for, so when you next get a call that sounds suspicious, its best to hang up and call them back on a legitimate phone number.
7. Stay away from public networks
Public wireless networks can be extremely dangerous. They may seem convenient, but they can also present a huge threat to your online safety.
Private networks are usually secured by firewalls and isolation features, making it much harder for hackers.
Without this protection, and with the right software cyber criminals can see:
- Which sites you have visited
- Every keystroke you type on the keyboard
- Access login information for websites and apps you accessed
It’s really not hard for hackers to do this with little more than a smartphone.
Please tell your employees about the dangers of public networks. Doing so will provide an extra layer of protection for your business.
8. Tidy desk, tidy mind?
When it comes to your business, it’s been said that messy desks are dangerous desks.
Anything that is written on paper, including passwords are easy to steal, and hackers are just dying to get their hands on it. Limiting the amount of information on desks will ensure that you are protecting against a possible data breach.
9. Multi-Factor Authentication
Multi-factor authentication is critical for providing a further layer of security to your business. Quite simply, it’s another method of protection that works in addition to passwords, providing an online account with a second layer of security. Taking this approach will ensure the security of company documents, financial records, and client information. It would be detrimental to a small business if this was stolen or hacked.
10. Get help and advice
It is always better to be safe than sorry, so if you see or hear of any activity that you feel could be suspect, always report it to your IT support team. Their job is to make sure that your company is protected online, so no information is trivial to them. It might just make all the difference to your business.
Further Guidance
Other resources
- Hixon Group – Employee cyber security awareness training
- Hixon Group – Online safety resources & guidance
Useful links
National Cyber Security Centre (UK GOV)
- NCSC – Main Webiste
- NCSC – Guidance for SME’s