Cybersecurity Tips for Employees – Educating Staff on Secure Online and Offline Behaviour – Part I

The need to educate employees on cybersecurity

When developing cybersecurity strategies and programs such as Essential Eight strategies, many businesses focus on protecting their infrastructure perimeter and device endpoints. But it’s also important to consider what happens when a threat bypasses perimeter defences and targets an employee in the form of a malicious email or text. 

Stronger cybersecurity has become a global priority as hackers penetrate IT infrastructures with increasing frequency and sophistication.  

Coupled with the Internet of Things (IoT) and the explosive growth of mobile devices, the potential for data leaks is even more significant. Educating employees on what it takes to protect proprietary documents and data is critical. Any data leaks—whether intentional or unintentional—could potentially damage your bottom line and your industry reputation. It only takes one incident to destroy the goodwill you worked so hard to establish. 

Physical Security Precautions – The Importance of Keeping a Clean Desk 

It sounds simple, but keeping a clean desk is often overlooked when talking about data security. A messy desk makes it difficult to realise something is missing, such as a folder containing printouts with customer data. A cluttered desk also leads to the discovery of any theft likely being delayed. 

Encouraging employees to maintain a neat desk pays off in two ways. In addition to making paper assets more secure, employees with clean desks are more apt to be productive because they can quickly—and safely—access the tools and resources they need to do their jobs. 

Common Messy Desk Mistakes 

• Leaving computer screens on without password protection 

• Leaving documents, mobile phones, USB drives and personal items out in the open 

• Neglecting to shred documents before they go into the trash or recycling bin 

• Failing to close and lock file cabinets 

• Writing usernames and passwords on visible slips of paper or sticky notes 

• Displaying calendars for all to see 

messy cluttered office desk

Email Threats 

Social engineering is a non-technical, malicious activity that exploits human interactions to obtain information with the intent to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities. 

An example of social engineering is an email where an employee is asked to contact a tech support hotline and is tricked into giving up credential information. 

Phishing Email Compromises  

One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is a key threat to employees. Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way.  

Common Phishing Techniques 

The scope of phishing attacks is constantly expanding, but frequent attackers tend to utilise one of these email tactics: 

• Embedding links that redirect users to an unsecured website requesting sensitive information 

• Installing Trojans via a malicious attachment 

• Spoofing the sender’s address to appear as a reputable source and requesting sensitive information 

How to Block Phishing Attacks 

  1. Don’t reveal sensitive information – As a general rule, never give out your personal and financial information via email. 
  1. Check the security of websites – “http” indicates the site has not applied any security measures while “https” means it has. 
  1. Pay attention to website URLs – Look for variations in spellings or a different domain (for example: .com versus .net). 
  1. Verify suspicious email requests – Beware of emails requesting information. Reach out directly to the business through other means. 
  1. Keep a clean machine – Utilise the latest operating system, software and web browsers, as well as antivirus and malware protection. 

A Managed Security Service Provider Can Help Ensure Employee Cybersecurity

You can strengthen your cybersecurity defences by partnering with a Managed Services Provider (MSP) that specialises in IT security solutions. This is especially important when it comes to employee training. No matter how many tools or solutions you use, your business is not immune to human error.

Information can also be seriously damaged by viruses, so find an IT provider that can manage your endpoints effectively. By scanning downloaded apps and devices for malware, endpoint technology provides a heads-up immediately in case the malicious activity is detected.

Your employees are the first line of defence in building up your company’s cybersecurity posture. Making sure sensitive information does not end up in the wrong hands can be made easier by utilising the tips provided within this article. In today’s world of advanced hackers, your confidential information is at risk, but a comprehensive cybersecurity defence can stack the odds in your favour.

Let’s discuss your needs and how we can help! Fill out the form below and book a 30-minute free consultation session with one of our IT Specialists.

Enquire about our IT services today.