October 03, 2022
Top 3 Fundamentals of Being a Smart Digital Citizen
How employee cyber hygiene can make or break an organization’s security posture.
1. Make sure networks are secure
The most robust cybersecurity hygiene begins by proofing day-to-day activities. In fact, our Rooting out Risks report on penetration testing found that 49 percent of Canadian IT professionals believe the shift to a hybrid/remote work model has heightened their organization’s security risks. As the lines between work and home continue to be blurred, situational awareness is key. Be wary of public Wi-Fi networks, such as ones at local coffee shops or in airports and trains. In these instances, it’s safer to use a mobile hotspot to keep your work and employer secure.
2. Keep your devices up to date
For cybercriminals, finding new ways to avoid detection while they derail an organization’s business operations is a full-time job. To keep hackers out, it is critical for employees to stay up to date on device updates and schedule regular reminders to reset passwords. Better yet, activating multi-factor authentication systems across all devices – both personal and professional – is recommended to further strengthen identity and access management.
3. Know who to call for recovery
Ransomware as a Service has become an industry of its own, and phishing has expanded to install undetected backdoors to allow repeat attacks. Phishing emails are one of the most common and successful cyberattacks, as they often imitate real and familiar emails such as delivery notifications, invoices, or even requests from a manager or CEO. These scams can be hard to detect and are easy to engage with by mistake. With just one click on a link, hackers not only gain access to the employee’s information, but also the information of anyone else connected to that email - such as customers, partners, suppliers and coworkers.
While preventative measures are key, it is equally important for employees to understand the protocol for recovery in the event of an incident. If an employee does fall victim to a suspicious link or phishing email, it is critical to:
- Have help on speed dial. When in doubt, employees should be able to pick up the phone and know who to call. Addressing the issue in real time is critical to minimizing risk and the spread of impact.
- Don’t be shy – be safe. Create a culture where employees are not embarrassed about making mistakes and asking for help. Rather than blaming or shaming them, help find a safe solution and empower employees with the education and resources to be better equipped moving forward.