Safe cyber practices for employees in the work environment

The latest #cybersecurity statistics show that about 50% of #cybersecurity breaches worldwide are due to human errors. These errors can come from employees at various levels, including regular staff, managers, and even executive directors.

The most common causes of cyber threats and intrusions related to the human factor in the workplace include:

• Lack of cybersecurity awareness among employees
• Neglecting cybersecurity procedures
• Failing to understand the importance of the information they handle and their responsibility to protect it
• Mistakes made while handling data, which can lead to unintentional leaks
• Misuse of access privileges
• Not following #cybersecurity best practices
• Falling victim to #social_engineering and phishing attacks

To adhere to #cybersecurity best practices, employees should:

Follow Cybersecurity Procedures Diligently

Employees need to carefully follow cybersecurity protocols. If there are restrictions on access to certain facilities, they should not feel pressured to bypass these controls, even if it causes embarrassment in front of guests or clients. For instance, if asked to open a door using #smartcards or fingerprints, they should decline and, if necessary, request alternative procedures from the appropriate departments.

Adhere to Security Policies and Controls

Security policies and controls are designed to minimize #cyberrisks. Employees must strictly follow these rules and avoid circumventing them, which could create security vulnerabilities. For example, employees should never connect work devices to external networks, as this could expose the organization to significant risks, potentially allowing hackers to bypass internal security systems.

Protect User Account Data and Passwords

Employees should use strong passwords for all devices, email accounts, and work systems, and avoid sharing them with others. Passwords can be securely stored in encrypted applications, aligned with the organization’s policies. It’s also recommended to enable two-factor authentication (2FA) by using verification messages sent to an email or phone number, which helps maintain the #confidentiality of both personal and organizational data.

Safe Use of the Internet and Social Media

Employees should avoid using social media to share work-related data or files, regardless of their importance. They should also refrain from posting sensitive, personal, or work-related information online or on #social_media_sites. This includes personal identifiers like civil registry numbers, copies of national IDs, job numbers, birth dates, or official documents like work cards, driver’s licenses, or medical data, which could be exploited by cybercriminals.

Beware of #Phishing and Social Engineering Campaigns

Employees must be cautious of phishing emails and suspicious links. They should not trust every message they receive, as sophisticated hacking campaigns often begin with the compromise of a colleague’s device, social media, or email account. If a suspicious message is received from someone known, employees should confirm its legitimacy by contacting the sender directly.

Protect Work Email

Avoid using work email for personal matters and secure it with two-factor authentication. Employees should refrain from entering their work email into online forms to prevent it from being leaked and potentially used for malicious purposes.

Download Original Programs and Update Systems Regularly

Employees should not install suspicious, pirated, cracked, or free software on work or personal devices connected to the organization’s network. Such software may contain spyware that could compromise both the employee’s device and the organization’s network. It’s essential to ensure a security program is installed and regularly updated, along with keeping the operating system current.

Categorize and Share Files Properly

Proper classification of files, documents, and emails should be established before sharing, using protocols like the TLP protocol to maintain security.

Back Up Data Regularly

To protect information, regular backups should be made. If external storage devices are used, it’s crucial to encrypt the data to prevent unauthorized access, especially if the device is lost or stolen. Additionally, avoid connecting unsecured storage devices to work devices.

Use Approved Cloud Services

Employees should not store important files in cloud storage services not approved by the organization. Instead, they should use trusted services, and if unavailable, choose providers that meet required security standards.

Secure Meetings and Remote Work Environments

When using remote work and meeting platforms, employees should review visible backgrounds when their camera is on to prevent accidental exposure of sensitive information. It’s also important to use strong passwords and enable two-factor authentication for these platforms, as well as coordinate with relevant departments to ensure the use of approved systems and applications, such as VPNs.

Protect Work Devices When Traveling

Employees should avoid connecting to the Internet via free networks in public places like airports, hotels, and cafes. If they must use these networks, they should activate a VPN before transferring any data or starting work. Additionally, avoid charging #smart_devices at free public charging stations via USB; if necessary, use USB connections only for charging, not for data transfer.

Safe Use of Wireless Printers and IoT Devices

Disable WIFI or Bluetooth printing features if they are not needed, as these can be exploited by #hackers. With #IoT devices, which are increasingly targeted by cyberattacks, it’s important to change default settings immediately after purchase and set new passwords, while also following cybersecurity guidelines and advice.

Office Security

Ensure that electronic devices and accounts are not left accessible to others, activate a screen saver when not in use, and set it to turn on automatically after one minute of inactivity. Follow the #clean_office policy by not leaving any work-related information or personal details, such as passwords or official documents, in plain sight.

Monitor for Signs of #Cyberrisk

Employees should be aware of signs indicating that a device may have been compromised, including:

• The device overheating unusually
• Rapid battery depletion
• Strange or unexpected messages requesting suspicious updates
• Unexplained changes in programs or settings
• New, unfamiliar tools appearing in the internet browser toolbar
• Internet searches being redirected to unintended sites
• An acquaintance receiving a message the employee did not send
• Invalid passwords
• Sudden failure of the device’s security software
• The device restarting automatically without user intervention
• Device accessories like a camera or mouse activating automatically without user action

Report Breaches and Suspicious Activity

Quick action is necessary in the event of a security breach to minimize its impact. Signs to look for include:

• System malfunctions or decreased performance
• Receiving suspicious questions, messages, or communications
• Presence of unauthorized individuals or unfamiliar devices connected to the network

By following these guidelines, employees can significantly reduce the risk of cybersecurity incidents and help protect their organization from potential threats.