Companies wrestle with this question every day: How do you vigilantly protect your organization and your customers from a myriad of online threats—not to mention a slew of regulatory auditors—and still maintain a strong corporate image?
Building a strong security culture, for many companies, can seem insurmountable. But it doesn’t have to be. Begin by creating a culture of security awareness among your employees.
Our security team at Relativity, Calder7, is the force that defends our software—and the teachers who help our colleagues contribute to a smarter, safer culture of security across the board.
Here’s a top 10 list of best practices we’ve come up with along the way. They should be easy enough to implement in your organization, too.
1. If you see something, say something.
See something suspicious or unusual? Immediately contact your company’s security team to report it. Your timely reporting of an unusual email or event may be the difference between your company’s network and security infrastructure withstanding an attack rather than succumbing to a zero-day exploit.
2. Always do the right thing when it comes to cyber security at work.
Everyone has a part in keeping your company secure. Don’t try to bypass that security mechanism set up to stop certain actions from being executed.
3. Think before you click.
Did you know that more than 91 percent of all data breaches start with a phishing email? If something doesn’t look or feel right in an email, report it immediately to your security team. If it’s from someone you don’t know, be aware not everyone wants to be your friend—and you have the right to ignore strangers’ messages. As for the pressure to respond quickly, try to relax. If something looks off, you don’t have to reply right away—even if the email is supposed to be from your CEO. If they want to get in touch with you immediately, they will find a way—and if someone else is impersonating them to get insider information, they’ll be glad you acted cautiously before giving in to a random request.
4. Be aware of your surroundings while at work.
If your floor has restricted access, don’t assume people won’t sneak in behind other people through an open door. If your company has a badge that people should wear, and if you see someone without one, ask nicely for them to show it to you. Physical theft of equipment and intellectual property can happen anywhere, even in secure areas inside of a building.
5. Don’t socialize your professional life.
Like that your Facebook or LinkedIn profile gets so many views? In your personal social media, don’t post too much information about yourself or the work you do for your company. Hackers prowl social media sites to find more information about potential targets. They love to get the inside scoop of what’s going on inside your company.
6. When in public, don’t talk about your company’s sensitive information over the phone or in person.
Even if you are in a different city or country, you shouldn’t assume it’s safe. (Sensitive information refers to details about your company and projects you’re working on. Details of your visit to the dentist? That’s up to you.)
7. Create long, strong passwords.
Think 20+ characters—length is your friend. Do not be a creature of habit by reusing passwords, in whole or in part. And do not write them down, ever. Say no to yellow sticky notes! You should also use two-factor authentication to log in when you can—it will really knock your security up a notch. You may also consider using a password manager to store all your unique and completely different passwords.
Pro Tip: Keep your work passwords and your personal passwords different. This eliminates or at least reduces the chances your company will be compromised if your personal password is stolen.
8. Lock your screen when you step away from your machine.
This—in addition to keeping a clean desk free of all documents—keeps prying eyes out of your work and keeps your data secure. You don’t know who might be walking by your desk at night. Also, don’t rely on a locked office door to protect your data; cleaning staff, maintenance workers, and other strangers have keys to everywhere.
9. Keep your operating system, browser, and other critical software up-to-date.
Updates only take a few minutes and they help keep your equipment and software secure. There are dedicated, expert teams at some of the world’s most sophisticated software companies putting these updates out every day to help you keep your data safe. Don’t let that work go to waste.
10. Don’t assume you are not a target for hackers.
Everyone is a target. In many companies, people are given implied trust and access inside the network. Because of this, you must be careful. You don’t want to give a hacker a foothold into your network. Should you accidentally click on a link or give out information, contact your security team immediately. Early action can make a big difference—and your honesty will be greatly appreciated.
Linda McGlasson is the security awareness lead on the Calder7 security team at Relativity.