This blog was written by Grant Bourzikas, previous CISO at McAfee.
In a world where the lines between personal and corporate data and devices are increasingly blurred, companies benefit when they take the time to educate all staff about online safety. Both the volume and sophistication of cyber threats are growing, and we are more exposed than ever with the level of always-on connectivity constantly at our fingertips. Mobile devices and cloud applications make it seamless to stay on top of work-related emergencies while traveling or check personal email when at work. However, the amount of sensitive data associated with these devices and their vulnerability to hacking should prompt us to think twice about our online habits.
Creating a comprehensive culture of security in an organization reaches beyond the parameters of the business and into the realm of each employee’s personal life. There are simple steps everyone can take to better safeguard their devices and data, but the sad truth is all too often people just don’t. A recent Pew Research Study found that 54% of internet users regularly connect to public Wi-Fi, with as many as 20% using it to perform sensitive activities such as online banking. Similarly, about 40% of survey respondents said they only update their phone’s operating system when it’s convenient, with 14% indicating that they never update it.
Through prioritizing security as a corporate value, the business can take steps to educate their workforce and begin shifting the automatic online habits of employees to be more thoughtful and safe. It starts with building awareness of areas of vulnerability. Training employees to be on the lookout for socially engineered attacks, from phishing to ransomware, cultivates a healthy sense of skepticism and caution. Teaching them about entry points for cybercriminals, such as IoT and malicious sites, also increases their overall understanding of cybersecurity threats and what steps they can take to better protect themselves.
With a greater understanding of security and the risks posed by everyday actions, staff will be more willing to make changes that are likely to stick. Working together to provide education and supporting materials, IT and HR teams can motivate safer behavior by focusing on a few critical areas of impact.
Healthy password hygiene means a strong line of defense against cybercriminals. Unfortunately, ease and convenience are often prioritized over data security, and this is commonly the weakest entry point for hackers. Using the same credentials for multiple online sites and allowing login access to third party apps through networking platforms like Facebook means all of your data is at risk once a hacker gets past that first gate. Use separate, unique passwords across all accounts and change them regularly. If you have trouble remembering them, consider using a password manager.
We have become accustomed to being connected 24/7, and getting on free public Wi-Fi while out provides convenience and saves on data usage. We may feel safe logging on at our favorite coffee shop, but an unsecured network means anyone can see what you’re doing on your device, making it easy for cybercriminals to eavesdrop, steal information, or infect devices with malware. Gaining access to your sensitive data for a hacker only requires you visiting a spoofed website while on public Wi-Fi. The best defense against this is to limit your activity or avoid public Wi-Fi entirely, when possible. Consider using a virtual private network (VPN) or a personal/mobile hotspot to stay secure while on the go.
Information about you is collected by the apps you use, so educating yourself about who’s getting your data and what they’re doing with it will go a long way in protecting yourself. Before downloading a new app, read reviews to see if users have had problems and check the fine print. Never download apps from unknown sources, as they may be designed to mine your personal information. Review the privacy settings for your apps, and be aware of any personal information being accessed by third parties. Be thoughtful about which apps you allow to access geolocation data. Apps can add convenience, social connection, or increased productivity to our lives, but they also open the door to multiple risks. Taking a little time to review your apps settings and customize them for your use can reduce vulnerability.
Keeping your applications and operating system up to date is the best defense against threats. Out-of-date software has security vulnerabilities that make it easier for cybercriminals to access your system and personal data. Create instant peace of mind by scheduling updates to happen automatically. Delete apps you no longer use to keep your device free of clutter and outdated software.
These precautions might seem basic, but often the simplest steps are skipped and they can have a huge impact on security. Reinforce the importance of security on personal devices to help your staff build their own culture of security at home. With a little time and attention spent on device management, everyone can increase the security of their data significantly.
Creating a culture of security isn’t just something that needs to happen for businesses, especially in a world where lines between personal and professional data are blurred. By educating and training staff in safer online habits, companies build a stronger culture of security at work that extends to the home.