The greatest IT security risk to any business does not lurk around in the shadows, pick locks at night or stare at the matrix scrolling across a screen in a dark basement. They have a parking pass, a key fob, and a desk. You welcome them in (or see them on Zoom) every day and have coffee talks or go to lunch together. Users are the target, and failure to educate them on how to be a better and safer user is critical to mitigate this risk.
While there may be specific training for job roles or different industries, there are several key steps that all users, regardless of title, location or company should follow to be a steward of IT security for their company.
1. Be Wary
Keeping your head on a swivel when interacting with your computer is a must these days. Bad actors craft emails that look convincingly like those from Microsoft, your clients, vendors or even your boss. If someone requests information or a change to payment information, for example, it may be best to call their known contact number to confirm before giving them anything. Found a flash drive in the parking lot? Maybe don’t plug it in.
2. Learn to Recognize Phishing Attempts
Does the email look a little weird? Does the email address match the one you normally see from the sender? Is the grammar or greeting weird sounding? Strange, urgent request? All signs of a phishing email. Be wary. Ask for help. DON’T CLICK ON IT!
3. Practice Good IT Hygiene
Just like we wash and sanitize our hands a lot these days, keeping our data and information safe and clean is very important. Do not store passwords on post it notes or in an excel document. Do not share your credentials with other users. Don’t use the same password for every login you have.
4. Multi-Factor Authentication
Multi-factor authentication is everywhere, and you should use it. If you use an online banking platform, access your HR or benefits information or sign into iCloud on a new account, you are prompted for a code that comes to you via email, phone call or text. This adds a layer of security into your login so that someone who steals or guesses your password cannot just log in.
5. If You See Something, Say Something
Just like if you saw a leaking pipe or smoke in the building, you should report suspicious emails, behavior or things that do not seem right. It is better to be cautious and wrong than ignore something and have a catastrophe on your hands.
6. Be Wary of Free Wi-Fi
If you are traveling or out and about, there are likely many restaurants, airports, cafes, or other businesses that offer free Wi-Fi. You have no way of knowing who else might be connected to that network, what they are doing with your traffic or if there is any security in place. Stick to trusted networks, or tether to your mobile phone’s hotspot to be more secure.
7. Act Fast When Disaster Strikes
If something bad happens, don’t try to cover it up. Clicked a bad link? Call your service desk ASAP. Lost a laptop? Report it right away. Got a spooky email? Ask for validation and help to assess it before acting. Bad news does not get better with age, and the earlier an issue is detected, the easier it can be to mitigate damage.
8. Seek Training
If your employer offers IT security and awareness training, take advantage. If they do not, ask them to consider it. Not only does this help protect the business, but the lessons can also be carried home to help keep your private data safe and sound.
Are you a business leader who needs help getting your users trained? Calyx can help. We have a partnership with KnowBe4, a leader in user education and awareness training that is simple to deploy, easy to understand and helps to identify your security posture. If you are interested in learning more, take the next step and contact us to get started.