Hub for Jobs | Find the Right Job Vacancies in Nigeria

Cyber Security Tips for the Workplace

Everyone that uses the internet is prone to cyberattacks. In the workplace, IT administrators will do all they can to make sure that your everyday use of the internet is cyber threat free and your information is secure. However, as an employee, it is up to you to follow the rules and policies they have put in place regarding data security, and practice safe computing in the workplace. Here are some of those safe computing practices you can do to keep cyber security threats and malware at bay. Cyber security tips for the workplace include:

1. Stay Away from the use of Shadow IT

Shadow IT is anything you use for work that is not approved by the company’s IT professionals. It can be a threat to cyber security because the technologies are not under necessary control and may not be adequately secured.

It is Shadow IT when you:
  • Transfer office data to a personal storage account or device
  • .Use your private device for office work and online data transactions, without formal approval from your company’s IT professionals.
  • Use unofficial communication tools for work conversations. Sensitive data can be leaked this way if these accounts get hacked.
  • Sign up for Software-as-a-Service accounts and applications without the necessary approval from the IT department.
Shadow IT Cyber Security Tips Include:
  • Use only approved and officially supported technology when you are at work.
  • Never install any applications or software on official company devices at your discretion. Always ask for the approval of the company’s IT department.
  • Report suspected usage of shadow IT to your manager or IT department.

2. Stay Away from Phishing Emails

Phishing is a type of cyber fraud that uses fake emails and messages to get you to click on a link that redirects you to fill a form and provide the scammer with sensitive information which can be used to track you or rob you of your money.

Cyber Security Tips to Guide against Phishing Include:
  • Beware of links that pop up unprovoked while you surf the internet.
  • Report every suspicious email and newsletter that you did not subscribe to as SPAM
  • Do not give divulge private and sensitive information to anyone by mail, unless you have verified that it is legitimate.
  • Report any email you suspect to be phishing to your company’s IT department.

3. Use Strong Passwords and Keep Them Confidential, Standardize MFA

Passwords were originally intended as a cybersecurity device. However, hackers have become better at cracking weak passcodes and accessing sensitive information. Generic passwords like your birthday, wedding anniversary, last four digits of your phone number, and so on, are very weak passwords and can be easily detected after a couple of tries. Cybersecurity experts advise that strong passwords should be unique, easy to remember without being easy to guess, and private.

Along with a strong password, cybersecurity experts also advise the use of Multi-Factor Authentication (MFA). The MFA erects a layered barrier to keep the cybercriminal out and away from sensitive data. The three credentials used by MFA are biometric verification, a security token, and a password. Make MFA the standard system to use in the protection of the company’s data.

Some examples of MFA are:
  • Swiping a card and proceeding to log in with a password for stronger security like at the ATM dispensing machine.
  • Logging into a website and being asked for an OTP (one-time-password) which was immediately sent as a text message to your phone or sent to your email message.
  • Signing in to access highly confidential company information by swiping a card, scanning your biometrics from thumb printing or face recognition, and answering a few security questions.
Cyber Security Tips as regards Passwords Include:
  • Never share your login credentials with anyone else, not even a trusted coworker.
  • Use a different password each time you create a new account. You can use authentication measures like a password manager to keep track of all different passwords.
  • Do not have your password written on a post-it or some other easily accessible spot like your diary. Use an encrypted file instead.
  • Passwords are stronger when they are written as phrases rather than words. An ideal password should contain capital letters, small letters, numbers, and symbols.

4. Beware of Social Engineering

Social engineering employs the use of psychological manipulation to trick people into giving out sensitive information. Cybercriminals that use this technique prey on a particular user for a long time, gently coaxing sensitive information out of the person little by little.

Cyber Security Tips regarding Social Engineering Include:
  • Send emails coming to you from an untrusted source straight to the SPAM folder.
  • Update your antivirus software as often as necessary.
  • Take note of grammar errors and spelling mistakes in emails. If it sounds wrong, there must be something wrong.
  • Pay attention to cloned domains. Cybercriminals may use a domain that looks strikingly similar to a legitimate one in an attempt to fool the user, for example, someone with malicious intent could use wordpr3ss.com to clone wordpress.com. Be observant, there is always a slight difference as no two websites can have the same domain.

5. Restrict Access to Sensitive Data

As an employer, you must restrict access to sensitive data by employees. When every member of staff can access any data, it gives room for hackers to obtain sensitive data easily should one employee’s account be compromised.

Instead of all employees being able to access sensitive data by default, give access to only those that need it, and retrieve it when the privileged employee no longer needs it.

Cyber Security Tips to Restrict Access to Sensitive Data include:
  • Keep an eye on privileged users, to ensure that they are only using their access to sensitive data for the growth of the company.
  • Encourage privileged users to encrypt their accounts using the MFA system, so it will be harder for hackers to gain access.
  • Monitor third-party access to confidential data by restricting them and keeping track of all user activity on the company’s site.

6. Avoid Using too many Cyber Security Software

Using too many cyber security tools can make it hard to identify security threats. Resource-demanding software can also slow down the work of other processes. Your best bet is to go with one option that can attend to all your cyber security needs. Software that has been integrated with centralized Security Information and Event Management (SIEM) plays this role beautifully.

Tips for Physical Information Security Include:

  • Do not leave electronic devices that contain valuable content unsupervised.
  • Never grant unauthorized access to anyone. It means you are abusing your privilege, and you can lose your job even if no sensitive data was leaked.
  • Only open a filing cabinet when you are immediately accessing the contents inside. Never leave the cabinet unlocked when unattended to.
  • Guard any access cards placed in your care with due diligence. If you enter a room using your access card, close the door securely behind you to discourage any unauthorized person who may want to, from tagging along.
  • Do not insert unapproved flash drives into the company’s systems. Any flash drives to be used for file transfer (if necessary) should be pre-screened for malware and certified free before use.
  • Official flash drives, USBs, and other devices for file transfer should not be taken home to be used with a personal computer, and vice versa. All company gadgets and devices should be locked securely in a cabinet at the close of work every day.

Pro Tips for Cyber Security

  • Always lock your device whenever you plan to step out. Never leave your device unlocked and unattended.
  • Be cautious of free software downloads, always run all downloads through antivirus and spyware programs.
  • Update your applications when needed. Out-of-date applications are more susceptible to hackers looking to steal sensitive information.
  • Stay off public Wi-Fi. Malware could easily be transferred from another user also connected to the same network as you, to your system. If you must work in a public space, use a VPN (Virtual Protection Network)
  • Secure sensitive data by regularly backing it up to prevent loss due to unplanned events.
  • Conduct audits and investigations on the company’s cyber security regularly. This way, you can effectively deal with any potential cyber threats and update your cyber security policies when due.
  • Do not visit high-risk websites on the company’s device. A good example of a high-risk website is a file-sharing site.
  • Portable devices like flash drives and hard disks are easily stolen or misplaced, so do not store sensitive information on them.

Take-Home

Although the IT department is responsible for creating cyber security policies to protect the company, for these policies to serve the purpose they are supposed to, all hands must be on deck; employers and employees alike.

There are a lot of data security threats that employees can help prevent. As an employee, report every suspicious e-mail or any inexplicable challenges you experience with your system to the IT professionals in your company.

For the employers: in addition to sharing these tips with your staff, audit your cybersecurity regularly and organize information security awareness programs from time to time.

I hope you find these tips helpful.

Spread the love

Leave a Comment