October is Cyber Security Awareness Month in Canada, making it the perfect time to talk to—and refresh—your employees on the rules around cyber security.
Phishing scams and data breaches have evolved into sophisticated threats that can easily affect the biggest companies around. Earlier this year, MasterCard experienced a massive data breach that affected 6 million people in Canada alone. The fact is, no one and no company—big or small—is immune to cyber attacks.
Cyber security is important, and although we’ve all heard these tips before, it’s critical to go over them once in awhile with staff to maintain secure protocol.
Strong Passwords Matter
One weak password has the power to compromise not only all of a company’s data, but that of its clients as well.
Despite being warned about the perils of a weak password, people continue to use them. A survey by the UK's National Cyber Security Centre (NCSC) earlier this year found the top three common passwords (that belong to accounts that had been hacked) continue to be, 123456, 12345678 and QWERTY.
Password protection should always be stressed in the workplace. Most companies require passwords to change every three or six months.
Add rules to the password’s employees use for business related technology, including laptops and emails. These rules should include:
- The use of numbers, symbols and upper and lowercase letters
- Make passwords non-sensical—no using a pet’s name or favourite food
- Give passwords weight with length. Passwords should be a minimum of 8 characters long
To help keep up with their passwords, employees can use a password manager, such as LastPass or Bitwarden. These encrypted digital vaults store the login information a person uses for different websites, keeping them safe and secure. Most password managers can also generate unique passwords you can use for new logins.
Don’t Click! Pop-Ups, Strange Links, Unknown Emails
Scammers and hackers love to lull their victims into a false sense of security. They often do this through phishing—sending emails that look as though they’ve been sent by a reputable company (think your bank, or Amazon).
Phishing scams have been around for a long time, and though we’ve all heard about them, they continue to be successful.
With improved techniques and sophistication, in 2019, phishing scams worldwide have been on the rise, with attacks hitting nearly 130 million in the second quarter of this year.
Educate your staff about phishing scams—what they are, how they work, and how to identify them:
- Check the domain the message was sent from. Your bank, the CRA or any one else of major import will not be emailing you from a Gmail account.
- Pay attention to spelling and even more attention to grammar. Is the domain name misspelled? Are there numerous grammatical errors in the email body? If so, it’s most likely a scam.
- The message is marked “urgent”. This is a particularly dangerous element of phishing scams. The sense of urgency the email creates will lead the receiver to act quickly.
If it seems suspect, it’s best to avoid clicking. Encourage employees to follow up with management if they suspect a link, pop-up or email to be fraudulent.
Embrace Application Updates
Yes, we know you’re busy. But it’s important to take the five minutes necessary to complete application updates. A big part of these updates is maintaining their security. Hackers and scammers look for vulnerabilities. If they know your staff isn’t keeping their applications up to date, they’ll be more likely to target them.
Use Secure WiFi Only
Many people work remotely, at least once or twice a week. Ensure your remote employees are using safe and secure WiFi, this means WiFi that’s encrypted, hidden and password protected. Public WiFi isn’t necessarily the most secure. Use a VPN for additional security.
Work with Your I.T. Department on Cyber Security Policies
Your best source of information when it comes to cyber security is your I.T. department. Work with them to create policies around cyber security. I.T. will have best practices for you to follow regarding security software and the best way to back up sensitive files and data.
With the support of your I.T. department, you can create well-defined policies for your employees to follow.
Vigilance is Imperative
Remaining vigilant when it comes to your company’s cyber security is the best way to keep your files and data safe and secure.
Taking the time to educate your staff on the importance of cyber security, including how to recognize common scams, the best types of passwords and application updates is the best way to fight against unwanted cyberattacks.
Using best-in-class technology to house your employees’ data is vital to keeping it safe.