Every year, new cybersecurity threats emerge. And every year, it gets harder to keep hackers at bay. Even corporations with the most locked-down internet security protocols can face significant dangers as employees innocently log in, click, and share their ways through their workdays—often unaware that they’re putting company data at risk. So it’s easy to understand the rationale behind this week’s theme for National Cybersecurity Awareness Month: Cybersecurity in the Workplace is Everyone’s Business. That mantra is a good reminder that creating a company culture of cybersecurity is the responsibility of all employees. And while many may know to click with caution and look for “https” in URLs, turning these and other critical habits into organization-wide daily practices can be surprisingly tough. To help, we’ve pulled together a quick-reference list of essential steps every organization should use to protect against common cybersecurity threats. Bookmark it, distribute it, and rely on it regularly to strengthen your digital defenses:
1. Always Take Advantage of Two-Factor Authentication
For years, countless cybersecurity experts have encouraged people to use 2FA all day, every day. This authentication method is considered so crucial that it became the central theme of this year’s World Password Day. Two-factor authentication provides a second layer of verification for online accounts, often through pins and passcodes that are sent via text or email and must be entered any time a new device is used for the first time.Yet despite the ubiquity of multi-factor authentication—these days, it can be used to help secure everything from smartphones to email accounts to online forms—studies show that just 25% of people use 2FA for every possible device and service.
Takeaway: Remind your workforce of the importance of two-factor authentication, and encourage EVERY employee to use it at EVERY opportunity.
2. Get Back to the (Password) Basics
While two-factor authentication is a must, it’s important to note that vendors offering this method vary greatly in how well they safeguard accounts. The real foundation for online security is still strong passwords. Yet more than 80% of people are using the same, simple passwords to gate multiple accounts. The reason? Let’s face it: Remembering is no easy feat. Tack on ten other variations at the same level of difficulty, and it becomes downright impossible.That’s where password meters and managers come in. Many cybersecurity experts recommend these tools as ideal solutions for helping a workforce navigate online accounts with confidence and security.
Takeaway: Encourage employees to pay attention to password meters when creating new passwords, and consider offering a robust password management solution (such as those suggested here and here).
3. Encrypt, Encrypt, Encrypt
Whether it’s employee data or highly sensitive electronic protected health information (ePHI), your data should always be encrypted. Why? For a quick, compelling answer, head over to Google News and type in these three words: unencrypted data breach. If that doesn’t convince you of the cruciality of encryption, I’m not sure what will. When hackers get their hands on 143 million credit card numbers at what should be an ultra-secure credit reporting giant—either through unencrypted databases or access to data in an unencrypted state—that’s a sure sign that no company is immune to the dangers of data encryption oversight.
Takeaway: Any time a vendor or service does NOT make data file encryption mandatory for sensitive data, don’t use it.
4. Habitualize Software Updates
They’re easy to overlook: those notifications that pop up from time to time, alerting employees to the availability of new software updates. But the “remind me later” option, which is highly convenient when these opportunities present themselves in the middle of an important task or meeting, can also be highly perilous. Those updates deliver a multitude of critical revisions to operating systems, software, and apps. Without them, devices can very quickly fall prey to cybercrime by way of outdated features, bugs, missing protections, and more.
Takeaway: Take a moment this week to remind employees how critical software updates are, and communicate specific updates to employees as you become aware of them.
5. Protect Mobile Devices, Too
As more work is done on the go, mobile devices are regularly used to conduct work. Whether it’s collaborating with coworkers, editing documents, or managing online forms, smartphone apps are finding their ways into more and more workdays. The problem? People tend to use smartphones as, well…phones. But these devices are actually small computers that need many of the same safeguards used to secure large desktop PCs to protect against cybercrime. McAfee Labs’ most recent Threat Predictions report notes a steady increase in malicious malware formatted specifically for mobile devices, much of it designed to target Android phones.
Takeaway: Make sure your employees are aware that they should be using the same protections on smartphones and tablets that they implement on laptops and desktops.
Final Thoughts
These are far from the only security measures that will help keep your business safe online, but they are some of the most important. Take time during National Cybersecurity Awareness Month to strengthen your digital defenses and get everyone at your organization on board.
Formstack can help you and your business strengthen data security, click here to learn more.
