Cybersecurity is critical for protecting a company's sensitive information and data. Here are some recommendations regarding emails, sharing information, password security, and others:
1. Treat business information as personal information: Be exceptionally careful about what you are sharing, and be cautious of how you are sharing it, since business information typically includes a mix of personal and proprietary data, such as company credit accounts, for example, but can also include personally identifiable information.
2. Secure your home network: It’s important to secure your home Wi-Fi by setting the password to be something complex and personal that nobody could guess.
3. A cyber attack only needs to happen once: Do not click on unknown links, be wary of unusual sources, and delete suspicious messages after reporting or forwarding all phishing attacks to your IT department or the System Administrator.
4. Stop auto connecting: Make sure your device doesn’t automatically seek and connect to open wireless networks or Bluetooth devices. Disable these features and use methods that employ 2-factor authentication.
5. Avoid sensitive activities on public Wi-Fi: Do not trust any network without an access password, and consider using a VPN to keep your confidential data private when using public networks.
6. Never leave your computer and mobile devices unattended: Keep your mobile devices secured in taxis, at airports, on airplanes, and in your hotel room. Never leave your equipment unattended in a public place, and even in the office. Enable “automatic lock” functionality where available, and always use PIN, password, or biometric scanners. In Microsoft Windows, you can use the keyboard shortcut CTRL + L to lock the workstation, hide your screen, and require a password to re-login.
7. Watch out for phishing: If an email looks “phishy”, do not respond and do not click on any links or attachments found in that email. When available, select the option “Report phishing” in Gmail. Be always suspicious of unexpected or unsolicited emails. If you suspect that you're being 'phished', check with the alleged sender before taking any action. Common tipoffs include bad grammar, broken English, and the requests often go outside of your normal tasks.
8. Protect your devices with antivirus software: Make sure your device’s security software scans for viruses and malware. That includes your personal device too, if you have work related data on there. Be sure to periodically back up any data that cannot be recreated such as photos or personal documents.
9. Keep up with updates: By keeping our software up-to-date, we can protect ourselves against cyber-attacks. Security patches in software updates help close vulnerabilities that attackers may exploit.
10. Don’t tell anyone your passwords: Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen. Sometimes we share software between team members, so remember to delete any tracks of the shared info (chat history, emails, or Post-its).
11. Check for the “green lock”: Practice safe surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar when making financial transactions. It indicates a secure connection which has undergone extended validation, and that the business you are dealing with takes the security of your transaction seriously.
12. Be wary of communications that implore you to act immediately: Cybercriminals will always attempt to create a sense of urgency, causing the recipient to fear that their account or information is in jeopardy, or that they are about to miss out on something. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform.
13. Understand and follow company policies: In case you need to review them again in the Employee Handbook, check the following link.
14. If in doubt, report to your IT department: Report any incident to your IT department as soon as possible. Timing is everything with cyber security, so don't be afraid to report an incident.
