Did you know that October is National Cybersecurity Awareness month?. Cyber threats are on the mind of everyone, whether in a business or personal context. For business owners, however, the first line of defense against cyberattacks is not a software – it’s their people. By training employees on cybersecurity awareness, many cyber threats can be prevented at the source.
Social engineering is the tactic of using employees within an organization to get through their cyber defenses and get access to information. You may have heard of phishing, the main form of social engineering – whether through a malicious email link, a phone call, text message, or other tactics, this method uses information about the end user to gain access to company information.
Two common examples:
- An employee gets a text message from an unfamiliar number, claiming it is the CEO. They ask the employee to buy gift cards for the whole company, but ask them to be discrete as it is a surprise.
- An employee gets an email from what looks like internal I.T., but is not the correct email address. This email says they must change their password by clicking a link that is actually malicious.
So how do we improve employee cybersecurity awareness to prevent these scenarios? Below are 5 top methods to increase cybersecurity awareness.
#1: Use complex passwords or passphrases
- Require employees to have passwords that are longer and more difficult to guess, and that do not have personal information that can be easily found online. Passphrases, which contain a phrase rather than a string of numbers or letters, are helpful in creating complex passwords. Additionally, do not use the same password for multiple company accounts and software. This can prevent a breach from spreading from one application to another if one password is compromised.
#2: Use multifactor authentication
- Multifactor authentication (MFA) is a great way to add an extra layer of protection against cyber threats. This tool creates multiple steps to log in to an account or application as the name suggests, typically through an authenticator app or text message on your mobile phone after you input your password on the computer. Even if a password is compromised, if it uses MFA, the hacker will not gain access to that information as long as they do not have your smart phone.
#3: Think before you click
- As seen in the above phishing email example, malicious links are everywhere, and are very often used in social engineering tactics to compromise company data. All employees should proceed with caution clicking any links or downloading any documents they were not expecting to receive, and should do the same when on the web for work purposes.
#4: Stranger Danger
- Everyone in the organization should be wary of contact from someone they do not know, especially if the person is attempting to access company information. It may feel excessive, but practices such as confirming the identity of the individual over the phone rather than through email can mean the difference between protection or a data breach.
#5: Social Awareness Training
- Make the above practices standard in your organization. Train every new employee on cybersecurity awareness in their onboarding, and refresh current employees on their cyber awareness skills. Your internal I.T. team can even send fake phishing emails to test how well your employees are trained.
It can feel overwhelming keeping up with the shifting cyber landscape, but employees are an organization’s first line of defense when it comes to protecting against cyber attacks. By increasing their cybersecurity awareness, you can help strengthen your security posture.
Learn more security tips from our webinar, FBI Insights on Fighting Cybercrime.