Your coworkers on the IT team are not the only ones who should feel responsible for cybersecurity in the workplace. All employees, whether in the office or at home, should feel accountable for the security of their networks and devices.
The unfortunate drawback of an increasingly interconnected world, is the constant and countless opportunities for cyber attacks. It is important to understand how to take proactive steps towards your cybersecurity so you don’t find yourself in a position where your personal information, or the information of your fellow employees, is at stake.
Cybercriminals or “the bad guys,” are getting much smarter and more creative. In cybercrime, however, they don’t even necessarily have to be especially proficient in order to be successful. Threats from years ago still exist today, while new ones appear every day. Increase your awareness of the most common cybersecurity threats in the workplace, and you will actively help put an end to the basic tricks hackers have been successfully using for years.
Investigate to Ensure Legitimacy
Phishingattacks are the most common cause of cybersecurity breaches. It’s crucial to always critically evaluate emails and links before opening them.
Realize that even though an email could appear to be sent from within the confines of your office, that’s not always the case. Modern hackers have the technology to generate phishing emails from what look to be familiar email addresses.
If something seems too good to be true, or if you have a gut feeling that something isn’t right, trust it! For example, let’s say you receive an email from your HR department asking you to reply online and disclose salary information. Do you think that the HR department would actually ask for personal information via email? If it were that important, wouldn’t they mail the information or set up a meeting in person to discuss it? If it doesn’t feel right, there’s no harm in seeking further explanation or confirming it’s legitimacy before disclosing your personal information online. As the STOP. THINK. CONNECT. campaign says, when in doubt, throw it out.
Would You Want Your Boss to See That?
Remember that anything you do on work-provided or personal technology and devices can be seen by your organization while you’re on their network. Avoid downloading unnecessary files, illegally obtaining music or films or accessing inappropriate websites, even after office hours or off-site.
Don’t make the false assumption of thinking that the work-provided technology is yours when you’re connected at home or off the clock. Your employers have the right to look at all of your communications and everything you’re doing.
You wouldn’t let your toddler use your work calendar as a coloring book. Use the same guidelines with your work technology. Refrain from letting your children play games or download apps on your work computer or phone.
Try to get in the habit of keeping your home technology and work technology completely separate. That way, you can rest assured that whatever you or your family is doing on personal equipment will not impact the security of others at work.
Do Not DIY
Work with your IT department instead of against it. If you’re having a hard time doing something online at work, ask the IT team to help you before you go searching for other ways to manage it. IT staff can help you get what you need while remaining secure. They’ll be happy you asked instead of opening up the entire company to risks by trying to find your own solution.
This is one of the more creative attacks hackers have come up with to intrude in the government sector. Hackers will put a USB drive with malware in the parking lot of an office in hopes that an employee will find it and want to investigate. Unfortunately, employees will sometimes pick up these devices, wonder whose they are and plug them in to their computers to find out. Once a malicious USB drive is plugged in, a virus can be activated and hackers could then have access to their computer and network.
Again, the IT department at your workplace is there for a reason! Let the IT team do the detective work and don’t plug anything into your work computer without knowing the origin. The IT team has specific tools they can use to find out what the hardware is, where it came from and whether it is safe of not – all without introducing vulnerabilities.
Every Employee Plays a Role
No matter who you are, it’s important to make cybersecurity a top priority in the workplace. Everyone within a corporate network has the responsibility to be on the lookout for attacks on their devices and report any unusual behavior. When all employees actively secure their individual channels, the entire network benefits from a stronger security infrastructure.
About the Author
Greg Kushto is the director of Force 3’s Security Practice. In this role, he is responsible for creating comprehensive security solutions for Force 3’s client base within both the public and private sectors and ensuring that customers properly align their security profiles to meet the needs of an increasingly complex security environment. Greg has more than 15 years of IT experience, having specialized in IT security for more than 12 years.