Organizations face increasingly sophisticated cyber threats every day. The disruption and damage caused by cyber attacks and breaches can destroy businesses – and ruin lives. What was earlier considered a concern for the business or employer, cyber security has now become a concern for employees as well. In other words, your employees, regardless of their role, should have a foundational knowledge of cybersecurity best practices to help protect themselves and your businesses from cyber attacks and breaches.

While this may seem obvious to those who have been in the workforce for years, the fact is that Millennials and Gen Zers are entering the workforce in record numbers, but with laissez-faire attitudes and approaches toward cybersecurity. For example, an NTT report on cybersecurity found that the Millennial generation is more frequently the victim of cyberattacks than older generations. A survey by Ernst & Young LLP found that Gen Z and Millennial workers are significantly more likely than older generations to use the same password for both a professional account and a personal account and to neglect mandatory IT updates. Similarly, an Atlas VPN study found that 52% of Millennials and Gen Zers have had their password stolen or know someone who has. By comparison, only 37% of Gen Xers and 12% of Baby Boomers say the same.

For these reasons – and given the uncertain state of the world these days – it is important for employees to have the following basic cybersecurity skills.

general awareness

Being aware of cybersecurity threats is a fundamental skill that employees should possess as a first line of defense against cyberattacks. For example, they should be able to identify and report suspicious emails, links or attachments, and be accustomed to questioning the legitimacy and origin of communications – especially if they include requests for sensitive information. By simply being aware of fraudulent or fraudulent emails or solicitations, employees can significantly reduce the risk of falling victim to phishing scams, social engineering or other attacks that put them or their employer at risk.

Browsing Caution

Malicious software, or malware, is a common tool that cyber criminals use to steal data and damage or destroy computers and systems. Malware can include viruses, worms, spyware, and more. Malware is often activated by unsafe browsing, downloading files from untrusted sources, or clicking on random pop-up advertisements. Employees should adopt safe browsing habits, especially on company-issued devices; Always keep your software and web browser up to date; And avoid opening anything that looks suspicious. If a communication seems disorganized, strange, or unexpected, it is best to avoid it and report it to IT or security.

reporting habits

Often a cyber incident will occur, or an employee will receive a suspicious email or file attachment for example, and instead of reporting it immediately, they will ignore it or brush it off as “no big deal.” Of course, this is not the way to maintain security vigilance. Rather, employees must not only become adept at identifying potential hazards but also develop the habit of reporting incidents promptly. Doing so can help eliminate threats or reduce the impact of an incident. Additionally, incident reporting helps companies gather intelligence about emerging threats and vulnerabilities.

password management

Most, if not all, employees today require passwords to log into work email or systems and so must be skilled at creating passwords that are hard to crack; Instead of using weak or easily guessed passwords, such as “PASSWORD” or “NAME123”, employees should create strong passwords that include a combination of upper and lowercase letters, numbers, and special characters and that have no connection to personal information. Don’t be. Password should also be changed frequently.

Additionally, reusing passwords across multiple accounts or systems should be avoided. Employees should also be encouraged to store their passwords in a secure location – not on Post-it notes on the side of their laptop – or use a secure password management tool. When an employee leaves the company, all user access and passwords must be immediately and permanently deleted.

mobile Security

Mobile devices are ubiquitous in the workplace. Whether company-issued or personal, employees often access corporate networks and data through smartphones, tablets and other devices, making the need for mobile security skills critical. Employees should implement strong PINs or passwords along with biometrics or other multifactor authentication on all their devices.

Also, it is important to understand the risks associated with it and avoid unsecured Wi-Fi or public networks. All employees with work-related information on their devices should stay up to date with the latest software, which often includes security patches. And never leave mobile devices unattended.

social media mindfulness

Like mobile devices, social media are now a permanent part of our everyday personal and professional lives. There are also increasing incidents of social engineering attacks, whereby a hacker contacts a target on a social networking site such as LinkedIn, X (formerly Twitter) or Instagram and prompts a conversation with the target. After gaining the trust of the target, the hacker requests and gains access to sensitive information such as passwords or banking details. For this reason, employees should exercise extreme caution when using social media, especially on work devices.

At a minimum, employees should review and update their privacy settings to limit the amount of personal information visible to the public. Many employers already limit access to social media sites on company networks and devices to prevent these types of exploits.

conclusion

Although these skills are not guaranteed to help prevent cyberattacks or prevent breaches, they can help mitigate incidents and the damage they cause. Cyber ​​security is no longer the job of IT professionals alone. Employees from sales, HR, marketing, accounting, and all departments must do their part to maintain the security of your company.

