Cybersecurity Awareness Month is a collaboration between government and private industry to
raise awareness about cybersecurity and empower everyone to protect their data from digital forms of crime. In the spirit of Cybersecurity Awareness Month, we thought we’d share 10 simple tips we all can use to protect ourselves from security risks while at work. By following these tips for personal cybersecurity, we hope to help you increase your ability to protect yourself against sophisticated hackers and stay safe online.

10 Personal Cybersecurity Tips & Best Practices

Tip #1: Understand Your Companies Policies and Procedures
As a remote worker or someone who travels for their job, it is essential that you follow your company’s policies and procedures for working remotely. Ask your manager for your organization’s Work From Home (WFH) or Remote Work Policies. It is your responsibility to acquaint yourself with your employer’s policies and procedures for working remotely.

Tip #2: Protect Your Passwords
Password safes are very abundant and many good password vaults are free. Download one on your phone and your workstation. Some password vaults can sync between your phone and workstation. Think of a passphrase that is 14 characters long and includes letters, numbers, and characters. If you can use multi-factor authentication, use it for sensitive web-based portals, bank accounts, or anything that may cause harm to you if exposed.

Once you get used to your password vault, it will become second nature and may save you a long battle reclaiming your identity.

Tip #3: Keep your Devices and Software up to Date
Adversaries are very aware of new vulnerabilities and pounce when an exploitable vulnerability is identified and released to the public. Advanced adversaries continuously attempt to identify zero-day vulnerabilities, meaning they have identified a weakness in firmware or software before the vendor has released a patch. Most vendors prompt you or auto-update software. Either way, make sure you’re up to date.

Tip #4: Use a Secure Wireless Network
Avoid using public WiFi whenever possible. Hotels, airports, and coffee shops are a common playground for the bad guys. Your phone may have personal hotspot capabilities so it’s advisable to set it up using a strong password. When setting up your home WiFi, be sure to configure strong encryption like WPA2 or WPA3. Turn off the SSID broadcast to make it a little more difficult to detect, and use strong passwords.

Tip #5: Utilize Video Conferencing Security Practices
Video conferencing tools are a remote worker’s lifeline. Secure your meetings by establishing a password, creating a waiting room, and locking down your meetings once they’ve started. Also, be sure to check your surroundings for any disclosure of sensitive information that may be within your camera’s view.

Tip #6: Practice Responsible Social Media Use
While social media has its benefits, it can also pose risks as employees’ online behavior can have serious consequences.
• Take the time to review your employer’s Social Media Security Policy.
• Be wary of fake ads and suspicious links.
• Refrain from posting private details about your employer or your location.

Adversaries glean information from social media, Google searches, address lookups, next of kin, friends, bosses, you name it. They do this to be as convincing as possible when phishing for your password to break into your accounts, perform SIM swapping for SMS MFA tokens, spoofing emails to send to your friends making it look like you’re asking for a favor, sending you a web link laced with malware. The list goes on, so be careful what you post and who you connect with.

Tip #7: Build a Secure Workspace
Take security precautions to protect your organization’s information, network, and devices just as you would in the office. Be sure to lock your computer when you step away and use a locked file cabinet to secure confidential documents.

Antivirus/Malware software is abundant and most come with a workstation antivirus, malware, and ransomware protection, desktop firewall, account protection, and browser safety controls. If the cost seems excessive, consider how much you could potentially lose without it.

Tip #8: Be Aware of Social Engineering Scams and Tactics
Hackers will exploit your trust to trick you into giving up valuable information via email scams (or phishing), phone scams (or vishing), and malware-infected flash drives.
• Don’t click on unknown links and downloads.
• Never share personal information such as your birthday, social security number, and bank information.
• If you think you’ve been socially engineered, report it right away.

Tip #9: Be Vigilant When Working in Public Places
Never leave valuables such as computers, mobile phones, thumb drives, and other storage devices unattended.

Never pick a USB drive up off the ground and insert it into your computer. This is a common tactic among data thieves. Once you plug it in, malware quickly jumps from the drive to your computer. From there it’s game on. The bad guys have the keys to your kingdom. If using a personal USB device, put some anti-malware and encryption software on it and password protect it. That way, if you lose it, the bad guys won’t be able to look at your sensitive data.

Tip #10: Backup your Important Data
USB backup drives are relatively cheap nowadays so you may consider purchasing one as a backup device. Back up your data once a week, unplug it, and stick it in a safe or your desk drawer. If you’re at work, your data is likely being backed up to a cloud storage service. If it will cause you distress if it suddenly vanishes, then keep a backup.

We hope that by reading these tips, you’ve become more cyber aware. At the end of the day, it’s our responsibility to proactively protect our online security.

Conclusion:

If recent breaches tell us anything, it’s that an organization is only as strong as its weakest link. That is why security awareness is critical in protecting both you and your business. Encouraging your workforce to be vigilant about cybersecurity makes a huge contribution towards keeping your cyber risk low.

AccessIT Group can help your organization manage human risk with custom-built security awareness and training programs. Our information security specialists stay up to date on cybersecurity best practices and help our clients mature their security awareness programs. Our programs help employees to understand the risks, and periodically review strategies, processes, and policies to give them the resources they need to support a secure working environment.

By: Brett Price – Lead Cybersecurity Consultant – C|CISO, CISSP, CISM, CISA

Contact us for more information about our cybersecurity solutions.

Brett is the Leader of AccessIT's Virtual CISO program and holds the following industry recognized certifications: C|CISO, CISSP, CISM, CISA | Brett's Cybersecurity journey spans over two decades in the mid to large Enterprise space, where he seamlessly transitioned from systems administrator and network architect roles into esteemed cybersecurity leadership positions. His tenure in the IT and cybersecurity realms has equipped him with not only technical acumen but has molded him into a strategic visionary. Through his deep-rooted understanding of business risk and governance frameworks such as NIST CSF, NIST 800-53, NIST 800-30/37, ISO/IEC 27001/27005, COBIT, and CISv8, Brett has sculpted cybersecurity narratives for enterprises, always placing an emphasis on confidentiality, integrity, and assurance.

More Blog