The weakest link in any security system is always the same — people. No matter how comprehensive, effective, or expensive your security tools are, it can all come crashing down if a single careless user makes one simple mistake. Every time someone decides to click on an unfamiliar link or open a suspicious email attachment, their organization could be facing massive data loss and significant disruption to their business.
Most IT professionals know how to stay safe online, but most users aren’t experts. To help you stay protected, we’ve compiled a list of things everyone should be thinking about whenever they’re using the Internet.
To help strengthen your organization’s cybersecurity practices, you can share this blog post with your users, or use these tips as a starting point for a security refresher training. You’ve probably heard many or all of these tips before, but repetition doesn’t hurt.
Top 10 cybersecurity tips
Here is our list of top 10 cybersecurity tips for anyone on the Internet (hint: that means you!).
1.Realize that you are an attractive target to attackers.
And it can happen to anyone, anytime, anywhere, on any device. Don’t ever say “It won’t happen to me.”
2. Practice good password management.
Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others and don’t write it down — no post-it note attached to your monitor! If you have trouble remembering your passwords, consider using a secure password vault. Then you only have to remember one (very strong) password.
3. Never leave your devices unattended.
If you need to leave your computer, phone, or tablet for any length of time — no matter how short — lock the screen so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock those up as well.
4. Always be careful when clicking on attachments or links in email.
If an email is unexpected or suspicious for any reason, don’t click on it. Even if it seems like it’s from your company CEO! Scammers can look up that information online and use it to target individuals in your company. Double check the URL of the website to see if it looks legitimate. Bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
5. Do any sensitive online activity on your own device and on a trusted network.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether you’re using a friend’s phone, a public computer, or free Wi-Fi at a coffee shop — your data could be copied or stolen.
6. Back up your data regularly.
Make sure your antivirus software is always turned on and up to date.
7. Be conscientious of what you plug in to your computer.
Malware can be spread through infected flash drives, external hard drives, and even smartphones. You might want to help someone find their lost item, but end up falling into a trap.
8. Watch what you’re sharing on social networks.
Criminals can find you and easily gain access to a shocking amount of information — where you go to school, where you work, when you’re on vacation — that could help them gain access to more valuable data.
9. Beware of social engineering.
Social engineering is when someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information like login information or passwords, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
10. Be sure to monitor your accounts for any suspicious activity.
If you see something unfamiliar, it could be a sign that you’ve been compromised. Don’t be afraid to speak up and tell your IT team if you notice anything unusual. Remember, you’re the victim of the attack, and you’re not in trouble!
Share this list with your users and help them understand what IT teams already do — that cybersecurity is a team sport.
Of course, it’s important to have strong security tools to protect your users too. But how do you know if your current set of tools is enough? Check out our ebook to learn about security for remote workers.
There’s no substitute for educating your users, but defense matters too. Nothing is more important than your first line of defense. Because it’s built into the foundation of the internet, Cisco Umbrella can protect your network from malware, ransomware, malicious cryptomining, and other advanced threats by blocking connections using DNS-layer security.
Your users may never thank you, but your security operations team will!