Your cybersecurity strategy is only as strong as your least informed employee. As a result, your entire organization, ranging from contractors to interns to the C-suite, need to understand and abide by certain cybersecurity standards. When designing a cybersecurity awareness plan, make sure your employees are aware of the following vulnerabilities:
Social engineering exploits human psychology to gain access to restricted information or areas. For example, a skilled social engineer may comb through your employee’s social media to learn more about them, and then leverage that information to convince an employee to give them secret information – like logins, important emails, building passcodes, and more. They could then use that information to launch an attack on your business.
Teach your employees to always watch the URLs of the websites they access – if a website’s URL is “http://” the connection is not secured with encryption and cybercriminals can intercept data. Therefore, employees should avoid conducting business over these channels, completing transactions, inputting passwords, or otherwise transmitting sensitive data. Instead, they should use sites with “https://” in the URL as these provide encrypted data transfer.
Employees should ensure they use strong passwords. Remind employees that they shouldn’t use personal information, like only the street they were born on or the name of their cat, as a password. Employees should even avoid using real words in their passwords. Instead, ask employees to create a passphrase with a long string of letters and numbers (minimum 12 characters) they can easily remember – like “MyHouse;isNew-20” or “I.Love.Photography$.5D4”.
Even if an employee creates a strong password, hackers can still access their accounts if they are not secretive with them. Employees should avoid writing down their passwords on sticky notes or in notebooks and should not send passwords to coworkers through email. Additionally, don’t input passwords on networks or devices you don’t control as there may be keyloggers or spyware present.
Employees need to use different passwords on each of their accounts – especially if those accounts contain sensitive information. Otherwise, if a hacker manages to learn one of the passwords, they may be able to access most of their online accounts. Keep in mind it can be difficult for your employees to remember 20, 50, or even hundreds of passwords – it’s strongly recommended to give them access to a password manager to ensure compliance.
When employees work in public areas, like airports, train stations, or busy cafés – there’s a chance they could be watched by a malicious individual. If this person watches your employee take out a credit card, type in a PIN, or read a sensitive document, they could use this information against your company at a later time. To prevent shoulder surfing, ask your employees to avoid working in crowded public areas. If that’s difficult for certain roles – such as traveling salespeople – then outfit their computer and/or mobile device with a privacy screen.