Stranger Danger and Other Kindergarten Rules For a More Secure Workplace

Expert Cybersecurity Advice for Non-IT People, from a Non-IT Person

Throughout National Cybersecurity Awareness Month (NCSAM), people all over the world are taking steps to raise awareness, learn to better defend themselves, and make the internet a safer place for individuals and organizations.

Yes, there are headlines about new cyberattacks every day. And the reality is, it’s going to keep happening. However, there is good news. There are simple and essential steps you can take to minimize potential damage. Whether you’re a retiree, a college student, a doctor, a system administrator or a security engineer, NCSAM is a great opportunity to get back to basics. You already know that cybersecurity must be a year-round focus. But use this October to focus on the little things you can do to make your workplace more secure.

Speaking of getting back to basics, you can start by sharing, posting or forwarding this blog! It’s a 30-second task that you can do to raise awareness internally at your organization, or even with your family and friends.

The Biggest Threat Comes from Within But So Do the Biggest Allies

Cybercrime is evolving at light speed. However, it’s important to remember that cyberattacks are people attacking people, not machines attacking machines. In fact, 80 percent of enterprise security professionals surveyed in ESG and ISSA’s 2016 research report said that “lack of user knowledge of cybersecurity risks” is the primary threat to their organization’s cybersecurity.

Understanding how to protect your own data will, by extension, help you protect your organization’s data and assets. Best practices become second nature as you adopt them in both your personal and professional life.

Cybersecurity Is Everyone’s Business

We all have to do our part to make the internet safer for ourselves and our organization. Nobody is exempt.

So what do you know about cybersecurity? Sure, you probably can’t escape the flashy headlines about recent attacks. But did you know there is a massive cybersecurity skills shortage and that’s only going to get worse? Frost & Sullivan has forecasted a cybersecurity workforce shortage of 1.8 million people worldwide by 2022. There simply aren’t enough security soldiers at your organization — making it even more urgent that we all take responsibility for securing our homes and workplaces. Even those of us who aren’t in IT can and should join the cyber war effort.

Cybersecurity awareness training once a year is not enough — we can all use continual reminders. That’s why we put together easy rules that you can learn and apply today. It’s easier to get in the habit if we keep things simple, right? Written by non-IT people for non-IT people, these are the basics according to advice from our cybersecurity training experts. Make these best practices a part of your day-to-day life and you’ll be a much less attractive target.

Kindergarten Rules for Basic Cyber Hygiene


Clean Up Your Own Mess.

  • Do your software updates on time, don’t keep hitting the snooze button. Those updates often include patches for known vulnerabilities.
  • Clean up: Use a document retention policy and delete old documents that are no longer needed. You should also delete old accounts no longer in use.
  • Backup your data on a scheduled basis. If you don’t have a regular backup cadence set by your organization, schedule an Outlook reminder. Also, test your backups to make sure they’re working and archiving all needed files. The damage from WannaCry and other ransomware attacks can be minimized if you have backups of your critical files.

Stranger Danger. Don’t Talk to Strangers and If It’s Not Yours Don’t Touch It (Or Trust It).

  • Be careful what you click on and beware of emailed attachments and links.
  • Check the privacy settings on your social media apps and check your posts to confirm that you aren’t displaying personal information.
  • Don’t trust USB memory sticks (flash drives or thumb drives) from others, especially strangers.
  • Don’t trust free games — they are often Trojans.
  • Don’t join unknown Wi-Fi hotspots because your credentials can be stolen. You should also use your VPN according to your organization’s policies.

Wash Your Hands Before You Eat.

  • Use a reputable virus software and keep it up to date.
  • Use ad blockers.
  • Follow password rules and recommended steps. Complex passwords are good but long passwords are even better. Don’t use the same password for different accounts and change your passwords frequently. Lastly, make your passwords something you can remember without writing them down.
    Quick Tip: If your organization has a cadenced reminder for changing your passwords, change your personal passwords at the same time.

Play Fair. Don’t Hit People.

  • In the event that you have to work with the personal identifiable information (PII) of others, be very careful.
  • Don’t post on social media or internal sites about others.
  • Don’t spread viruses.

Say You’re Sorry When You Hurt Somebody. Hold Hands and Stick Together.

  • Communicate! If you think you may have been infected, contact your IT team as soon as possible according to your organization’s security policy. Don’t wait or procrastinate.
  • Report cyberattacks to ic3.gov.

Unlike forest fires and cavities, you can’t necessarily prevent data breaches but you can minimize their effects. It doesn’t have to be complex and it’s not about shifting the blame from IT people to end users. Proper data security is about working together, building smart habits, and making cyber hygiene part of your everyday life.

Ready to dig deeper?

Every organization should have a plan to raise and maintain cybersecurity awareness and we can help your organization create the perfect training plan. Plus, we also have a full cybersecurity curriculum that can help IT professionals on the front lines keep their cybersecurity skills up to date.

Recommended Courses
CompTIA CyberSecure
Cybersecurity Foundations
Fundamentals of Information Systems Security

Subscribe
Never miss another article. Sign up for our newsletter.

 

In this article

Join the Conversation

2 comments

  1. Harry Reply

    This recommendation that you use passwords that are long and you can remember without writing them down isn’t practical unless you are Lieutenant Commander Data. Bear in mind you have to change them every so often, sometimes as frequently as every 2 months. I can remember:
    1. My very first bank account number
    2. My National Health Service number
    3. My British Army (Reserves) number.
    4. My Social Security Number.
    5. My Permanent Resident Card number.
    Of these, only the last two are ever needed.

    I know they keep offering “password vaults” etc., but where do you keep them? How do you know they can’t be hacked?
    I prefer to keep a paper notebook.

    1. Zane Reply

      It can be challenging, but we have good news! The National Institute of Standards and Technology (NIST) recently recommended that pass “phrases” (think song lyrics, movie quotes, sports stats) are actually better and easier to remember because of the additional character count. One of our subject matter experts explains this in more detail here if you want more info. Thanks, Harry.