As a security professional, one of your responsibilities is to ensure that the personnel in your company are aware of cyber threats and how they can be avoided. It's important for you to provide awareness training on a regular basis, but when it comes down to it, people will need reminders throughout the year. There are many ways you can do this: posters on walls or screensavers on computers are just two ideas. Companies often send out emails with tips and reminders as well, which is another effective way to get employees thinking about cyber safety all year long.
Here is a list of 10 best practices you should use in your security awareness training:
1. Follow Instructions from your IT Department
Follow the instructions your IT department gives you. If there's a new app or process you need to follow, do it. They have your best interest in mind and are giving you the best tools to stay connected and secure.
2. Update your Apps and OS
New vulnerabilities are always being found in applications and operating systems. Usually, updates come out that patch these vulnerabilities, but cyber criminals look to exploit those systems that aren’t updated. So it’s important to regularly update everything installed on any device that you use for work.
3. Use a VPN
If you’re using a Wi-Fi connection that isn’t your home network, such as public Wi-Fi, be extra careful. These connections are often not encrypted and can leave you vulnerable to hackers. To prevent others connected to this Wi-Fi network from spying on you, use a virtual private network. When you’re connected through a VPN, all of your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.
4. Lock your Devices
Stepping away from your desk even for a moment could lead to disastrous consequences. Devices should remain locked if left unattended. Setting up a password on your computer or mobile devices is important. Even if you have a password on your device, that won't protect you if you walk away from your device leaving it unlocked and easily accessible
5. Be Aware of Phishing Attacks
A Phishing email is a kind of cyber attack in which an attacker tries to get sensitive information from you by disguising themselves as someone else. The point of phishing emails is for you to click on a link or to download a file. When successfully done, phishing emails gain what we call the big three: Access, Information and Data.
6. Be Aware of Vishing Scams
A vishing attack is a specific type of Cyber Attack that uses a phone to steal your personal confidential information. While this may sound like a good old fashioned spam call, vishing is much more high tech than just an automated message saying “you’ve won a free vacation.” Vishing scams are not only common, they are extremely dangerous.Most vishing calls that occur already have some sort of information on you. However, always ask questions and never divulge sensitive information over the phone.
7. Use Strong Passwords
Passwords are not only a great way to keep your information safe, it is also completely necessary for almost every site you will need to get your work done and access your personal data. Simple passwords can leave you very vulnerable to threat actors ready to steal your most important data, access and information. Make your password unique & complex. Avoid personal info. Try using a passphrase instead of a password.
8. Be Aware of Physical Threats
Physical security flaws can put your personal information and your companies data at risk just as much as a cyber attack. When it comes to Physical Security there are lots of dangers to be aware of. The most common are tailgating and shoulder surfing. Tailgating is a real security issue that happens when someone follows you into your building without proper access. Never allow someone access to your office unless they can show proof they should be there. Shoulder surfing can be difficult to spot. You never know who is peering over your shoulder while you are entering sensitive information on your device. Whether you are at your desk or in a coffee shop, always be aware of your surroundings.
9. Ensure your Mobile Devices are Secure
While we know having a mobile device has changed the way we work and even the way we play, being aware of the dangers that come along with having a mobile device is the only way to help stop attacks. In order to keep your devices as secure as possible, we recommend always locking your devices, keeping them updated, staying away from unsecured Wi-Fi, and keeping your devices close to avoid physical theft. Awareness from the owner is the best defense against all mobile device attacks.
10. Practice proper Incident Response
Reporting incidents allows the necessary IT heroes to take action and respond to security issues that arise. Having a proper incident response plan in place can help you spot, avoid and report cyber security incidents that are threatening your company.