24 Nov 2021

We hear it all the time: ‘Keep your data secure’, ‘Be Cyber Smart’, ‘stay safe online’. 

 But, what does it mean in an employee’s day to day life, how can they ensure adherence to your Cyber Security policy? Fortunately, we have put together five tangible things employees can do to protect themselves and company data.

One: Familiarise yourself with company security policies.

Whatever the size of the business you work for, it’s essential to understand why you might be vulnerable to cyber-attack and how to defend yourself. Your company’s cyber security policies and practices are the first lines of defence when it comes to keeping data secure. So it is an excellent plan to familiarise yourself with what is already in place.

  • Email security policy 
  • Data Protection Policy 
  • IT Access policy 
  • Security Awareness and Training Guidelines policy 
  • Work From Home policy

Knowing what is expected of you as an employee in line with these policies will provide the tools you need to be a cyber smart ambassador for your company!

 Two: Protect against phishing attacks.

Phishing emails appear genuine but try to trick you into revealing sensitive information. They might contain links to a malicious website or ask you to open an infected attachment. Spotting a phishing email can sometimes be challenging. Arm yourself with knowledge about how they operate so that you won’t be caught out.

  • Phishers use your publicly available information to make their emails appear convincing. Think about what data you post on the internet about yourself and review your privacy settings.
  • Find out about the techniques that phishers use in emails. These can include urgency or authority cues that pressurise you to act.
  • Phishers often seek to exploit everyday business communications and processes. When you know your organisation’s policies and procedures, it makes it easier to spot unusual activity.
    Check out our infographic on detecting a phishing attack here

 Three: Get your devices secure. 

Smartphones, tablets, laptops or desktop computers can all be vulnerable to both remote and physical attacks, but here is how you can protect from common attacks.

  • Install software updates – they contain patches that keep your device secure. Your organisation may manage updates but if you are prompted to install any, make sure that you do.
  • Lock your device when you are not using it. Using a PIN, password, or fingerprint/face ID will make it harder for attackers to gain access if a device is lost, stolen, or left unlocked. 
  • Don’t download dodgy apps. Instead, use official app stores (like Google Play ) as these protect from most viruses. Never download apps from unknown sources.

 Four: Always set strong Passwords.

Attackers will first try the most common passwords (e.g.123456) or use publicly available information to try and access your accounts. If successful, they can use the same password to access your other accounts.

  • Create a secure password for important accounts, such as by using three random words. Avoid using easily guessed passwords, such as dates, family and pet names.
  • Use a separate password for your work account. If an online account gets compromised, you don’t want the attacker to know your work password.
  • Use a Password Manager, such as Keeper, for protection against password-related breaches and cyber threats. There will be no need to write your passwords down when stored securely.
  • Use two-factor authentication 2FA for important websites like banking and email. If you have the option, 2FA provides a way of double-checking that you are the person you are claiming to be when you’re using online services.
    For more information about creating a robust password policy, see our infographic

 Five: Call it out!

Reporting incidents promptly, usually to your IT team or line manager, can massively reduce the potential harm caused by cyber incidents.

  • Cyber-attacks can be hard to spot, so don’t hesitate to ask for further guidance or support when something feels suspicious or unusual.
  • Report attacks as soon as possible. Please don’t assume that someone else will do it. Even if you’ve done something (such as clicked on a bad link), always report what’s happened.
  • Don’t be afraid to challenge policies or processes that make your job difficult; security that gets in the way of people doing their jobs doesn’t work.

There you have it. Five simple controls that each and every employee can implement immediately to contribute to a more cyber aware, cyber secure workforce.

 If you would like to know more about Keeper Password Manager, or cybersecurity for your whole business, fill out a form on our website, give us a call on 03332401824, or email sales@soconnect.co.uk.