Why bother with cybersecurity if you are not the one responsible for it? Because even if you don’t work in IT, cybersecurity is still part of your job, and if something goes wrong because of you, you may be held accountable.
For those who work in large corporate environments, the best starter is to follow the plans in place from your IT department. If your company does not have an in-house IT team or consultants — for example, those in small office/home office shops — being a small target doesn’t mean you don’t have to worry about cybersecurity. We have some tips for small-business folks to bookmark and share with staff as well.
Don’t write down passwords
We know that everyone has a lot going on at work, and passwords — a different, strong password for every product and service — are hard to remember. However, sharing passwords or writing them on a sticky note for anyone to see is an easy way to compromise your company or your own personal data.
So, what can you do? Try a password manager that generates secure passwords and remembers them for you.
Use Wi-Fi right
No matter what industry you work in, you have probably done some work outside of your office. Today, Wi-Fi seems like a necessity of life — heck, places ranging from gas stations to coffee shops to airports all offer free Wi-Fi. Everyone loves free Wi-Fi, right?
Right. But with popularity comes trouble, and users of Wi-Fi hotspots need to take extra caution to avoid some common pitfalls.
If you enter a free Wi-Fi location, make sure that the network you are connecting to is the one provided. The provider may have a sign up on the wall, or you can ask someone who works there. Check the spelling carefully and don’t be fooled by near-dupes. Also, if you are connecting to Wi-Fi, use your company’s VPN and avoid doing sensitive work or making any financial transactions. Your company doesn’t have its own VPN?
On the flip side, your company’s Wi-Fi is also a target. Larger businesses with IT departments should have some expertise in deploying Wi-Fi securely, but here are a couple of tips for smaller ones:
- Secure your network with a strong password;
- Grant access only to people who need to be tied to the network;
- Set up a guest network if you have a lot of visitors, and limit its access to your critical infrastructure.
Don’t use random USB drives
What would you do if you found a USB thumb drive in your office parking lot?
Sadly, research has shown that most will plug it into their computers, which is bad news for companies. The reason a strange USB drive is enticing is that you never know what might be on that drive. It could be malware that could cause some serious damage to your corporate network or to your physical device.
Avoid phishing trips
One of the approaches criminals use to get into corporate networks is impersonating a legitimate e-mail sender. No company, large or small, is immune to phishing; it’s happened to some of the best.
At a small business, you may think that you are not a target, but your data and access to your customer files is a big deal. Criminals salivate at the thought of stealing the personally identifiable data held in your customer records. They sell and trade it on dark parts of the Internet. So, how can you avoid phishing? It’s deceptively simple: Think before you click.
What should you think about?
- Is the link good? Always check every link before clicking. Hover over it to preview the URL, and look carefully for any misspelling or other irregularity. If you’re unsure at all, simply open a new browser tab and enter the main URL of the site manually.
- Does the message include an attachment? Even if a message seems legitimate, treat links and attachments with suspicion — a colleague could have been hacked.
- Does the message seem reasonable and legitimate? Be cautious even with internal messages from your own office. It’s simply not that hard to fabricate a fake letter that looks like a real one — for example, authorizing a payment — although typically, odd syntax or other unexpected irregularities are present and should raise a red flag.
Back up important data
Ransomware continues to sweep across the Internet. Turns out, when a criminal blocks access to their data or entire computer, victims panic and pay ransom to get their files unlocked. Companies are not immune to this. Quite the contrary: Companies are a desired target because they are willing to pay significantly more than the average individual to get their files back. The recent WannaCry epidemic is a good example of that.
The great thing here is that you can immunize yourself against ransomware by doing something all companies should do anyway: back up data. If you don’t have regular backups and get hit by ransomware, you’ll be at cybercriminals’ mercy — or hoping for free decryption tools like those at the No More Ransom Project. But if you do have backups, you can simply restore your data and continue with business as usual.
So, are you backing up your data at the office? Start-ups and SOHOs, are you saving copies of your data? If not, it’s high time to start. Your business may depend on it.
Bonus tip: Physical security
If you work in a physical office, one piece of security that you always need to be aware of is the human factor — for example, the building perimeter. Building staff and employers do a lot to ensure safety in the workplace. However, everyone in the office has to have a commitment to one another’s safety. If you see someone you do not recognize in the office or trying to get in, don’t be afraid to ask them a question or to alert building security of a potential intruder.
It is not unheard of for criminals to try to gain access to offices to commit crimes, whether physical or cyber.
Stay vigilant and safe — and make sure to share these tips with your coworkers.