The best security programs in the world cannot protect your company’s network from employees who are ignorant of cybersecurity practices.
Being aware of a few simple things about security in the workplace can help prevent attacks, which is not only important to the financial bottom line, but it’s also important to customer and employee privacy.
How to avoid cyberattacks at work
Build an awareness program
People are your best defense against data breaches and other cybercrimes, but you must educate them or they can be your greatest vulnerability. Security should be a part of the company culture with collaboration across teams – no one is in this alone. From the top down, attention to security should be emphasized and all employees should understand what the company’s most critical systems are and what the most important information consists of.
- Identify the risks at your company
- Create controls and communicate them across the company
- Set clear written policies on disposal of confidential documents and devices
StaySafeOnline has some good resources and topics to Train Your Employees.
Top 3 tips to help your employees keep computers, data, and network safe
1. Use strong passwords
One of the simplest security practices is to use strong, complex passwords and change them often. Even though it’s easy to remember, your dog’s name or your birth date are not strong enough.
Weak usernames and passwords are the main cause for data breaches. Studies show that 76% of attacks on corporate networks are due to weak passwords. Until websites have a better system, it is the individual’s responsibility to have a strong password. Remember what happened to Ashley Madison customers! The usual suggestions include
- Must be at least 8 characters long
- Must include both uppercase and lowercase letters
- Must contain at least one special character
- Must have at least one numeric character
As annoying as that is, at least you know that websites that demand those things has its users’ safety and security in mind. But, that doesn’t make it any easier to create or remember. One of the most useful tools we have is a password manager called Avast Passwords.
2. Avoid phishing sites
In February, a payroll employee at Snapchat was tricked by a phishing email that looked like it came from the CEO of the company. The email asked for employee information like Social Security numbers and W-2 forms.
A common phishing attack is an email that appears to be from your bank or another financial institution. These fake emails are very sophisticated and look like the real thing except for a small detail; they ask for account numbers and other personal information that a bank would never ask for in an email.
Because people tend to use the same password over and over again, once you fall for a phishing email and enter your information, a cybercrook will probably be able to get into multiple accounts.
Be on the lookout for bogus emails masquerading as a legitimate company. Be suspicious of anything asking for personal information. Do not open attachments; they often contain exploits that install malware to steal more information.
3. Practice safe surfing
Legitimate websites are sometimes plagued by advertising networks serving malware-infected ads. This is known as malvertising. It happened last year to the dating site Plenty of Fish. Cybercrooks hacked into the ad network which served banner ads on the Plenty of Fish dating site. Malicious code was embedded into those ads which then infected users.
This could be disastrous for a business network, so it’s very important to have up-to-date antivirus protection as well as keeping browsers and plug-ins up-to-date.
The same attacks threaten your home network, so make sure you have up-to-date antivirus installed there too. All Avast antivirus products come with a feature called Software Updater that will notify you when software or plugins need to be updated.
What to do if an employee unknowingly downloads viruses or malware
If you or your colleague suspect that malware has attacked your computer, disconnect from the network immediately and notify your system administrator or IT pro.