Employees are without a doubt the most unpredictable resource within your business. Nothing can be more catastrophic to data security than a careless or untrained worker. Enforcing safe practices and policies doesn’t have to feel like a chore, if training is handled properly. In fact, employees typically become eager to learn how to avoid the latest and greatest cyber-related threats. These threats plague not just our work lives, but our everyday lives as well. Today, we will discuss what you and your employees should be aware of in today’s connected world.
Hook Your Employees to Phishing Prevention
Chances are your inbox receives a large number of emails each and every day. How many of these emails provide beneficial data, and how much of it are spam or cyberthreats? If on a daily basis your email is littered with unimportant, unrequested, non-work-related inbound messages, your filtering needs to be improved. This also means that the chance you have been selected to hopefully (in the eyes of the cybercriminal) become victim to a phishing email is quite high. Whether you took the bait or not, these emails plague most of our inboxes from time-to-time. Falling for this avoidable attack is in the hands of none other than your employees. Here are a few tips to recognize and avoid these harmful attacks:
- Review messages in detail. Phishing attacks are one of the few cybercrimes that its success rate depends entirely on victim gullibility. Understanding how to review a potentially suspicious link determines the success rate of the phishing attack. If something says Read More or Click Here to Learn More, users should check which page this will bring you to. There are a couple different ways to accomplish this task, but the easiest ways can be achieved by doing the following:
- Right click the link and select the Copy link address option. From there, you can paste it into WordPad or other notation applications. Users can review the link to determine the legitimacy of the page the email is trying to direct them to.
- Hover over the link, and a preview will appear with the URL displayed. This method does not always work in certain applications, and links can often be cut short in the preview. Additionally, habits often lead users to click the link as soon as they hover over it. The first method is a much more reliable, accurate means to reviewing links.
- Moderate website privileges. Work computers are meant to be used for work. Navigating random or untrusted websites leaves users more susceptible to receiving threats. The chance of entering your username and password on the wrong website is also greater. Firewalls and content filtering should be used to keep unwanted content off of your network, and off of your business’ computers.
- Stop accepting things. Most of us have never fully read the terms and conditions we have been presented with when installing something. Scrolling through to find the accept and download button is a hazardous and careless action which can lead to disaster. If you or your employees are prompted with an update or download and the program name is unfamiliar, reach out to your IT provider. You hire them for scenarios such as this, so use them!
Encourage Strong Password Practices
All personal accounts to applications or websites require a login. This leads to the average user having quite a large inventory of passwords, which, at first glance, can seem a bit daunting. There are many practices and tools available to maximize account security for both you and your staff. Some practices include:
- Don’t reuse the same passwords! - One of the poorest password practices a user can partake in is recycling and reusing old passwords. Even if an email two-step verification is set up, what’s the sense if the email the code is sent to uses the same password?
- Use passphrases to enhance password strength - Using a passphrase not only makes a password easier for an individual to remember, it also makes it harder to breach. Pick your favorite sport or hobby and turn it into a phrase using custom characters. For example, if you are a big Formula One fan, make one of your passwords F0rmul@0n3$(hum@(h3R. Just remember not to use the same password for your multiple accounts. If you recycle passwords and one account is breached, an attacker can easily breach additional accounts.
Backup Your Data
Securing your business means preparing for the worst. If your business would be unable to recover from a breach, whether the origin of the breach was poor password practices or a phishing email, you need to establish a recovery plan before it’s too late.
Natural disasters, equipment failure, or other disasters are just a few of the business security preparations we can help you with at Citara Systems. Talk to one of our experts by calling (508) 532-0837 today.