The Top 4 Tips to Help Everyone Become More Cybersecurity Savvy
Good reminders to protect your organization this month and all year long
The importance of cyber risks cannot be overstated in this digital age. This year, the Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the theme “Secure Our World,” emphasizing simple yet crucial steps to enhance online safety for individuals and organizations alike.
In a work setting, everyone within your organization needs to be proactive and scrutinize their personal security practices. This ensures they align with your organization’s protocols to help prevent a major data leak, or worse (think: ransomware attack). More and more business operations are moving to digital technology, and as you transform your own operations, it’s essential to make sure they’re secure from bad actors. Fact is, there’s a new scam every day. Educate everyone so that your users – and your organization – don’t become victims.
At IT Weapons, The IT Services Division of Konica Minolta Canada, we align with the Cybersecurity and Infrastructure Security Agency (CISA) to help raise awareness of the attacks that threaten every organization, big or small. They (and we) recommend that everyone adhere to these top four (+1 bonus) tips:
- Use multifactor authentication – also known as two-factor authentication (MFA or 2FA), this requires each user to opt in to an extra step that confirms they are who they say they are before accessing a trusted website or application. Instead of requiring just a password, users are asked for another piece of information, such as a PIN number or special word. In some cases, such as with Apple products, this second step could involve a fingerprint or face ID. Using MFA makes it a lot tougher for bad actors to access your information. Note that it’s just as important to use MFA for your personal accounts, too – whether it’s banking, shopping online or your social media accounts. According to the FBI’s Internet Crime Report, cybercrime losses stemming from identify theft, data breaches and extortion amounted to $12.5B in 2023, which is up 22 percent from 2022. These statistics once again are alarming and prove that cybercrime has been on a steady climb for years.
- Create strong passwords – Totally in line with using MFA is to create better passwords in the first place. Too often, users are creating passwords that can easily be figured out by hackers, such as a spouse or child’s name and birthdate. These also include (believe it or not) the word “password” as a password, followed by consecutive numbers. But there is light at the end of the tunnel. According to the same FBI report, losses from identity theft have significantly decreased from $278.3M in 2021 to $126.2M in 2023. This notable decline indicates that awareness efforts are bearing fruit, and individuals, including you and me, who are making informed decisions and implementing small changes, are collectively reducing the overall impact of identity theft.
The CSI recommends that users create passwords as least 15 characters long and that each password be unique to each application. Too often, people recycle the same passwords across websites and software applications, making them easy to hack and create major damage. A good way to keep each password unique is to use a randomly generated password for each application, and then store all of them in a password manager. However, if you use a password manager, it’s critical to make sure your master password is A) strong and B) memorable – and to use MFA to protect it.
- Turn on automatic updates for software – It’s surprising how often hacks happen because cyber criminals manage to sneak into software that doesn’t have the latest updates and security patches. To save time and make it easier to stay safer, be proactive – have every user change their settings to automatic updates for their software applications. It’s especially important keep the operating systems updated on users’ devices, including mobile phones, tablets and laptops, in addition to their desktop systems.
- Recognize and Report Phishing – The simplest way to recognize a ‘red flag’ in any form of digital communication is if someone is rushing you or asking for personal and/or financial information. Resist the urge to click on suspicious links or attachments and report the message to your IT team to prevent further harm. Once you’ve reported a suspicious email, remember to delete that email, text, etc., from your device. Promptly reporting phishing attempts can help protect not only yourself but also others from falling victim to cyber threat from a same or similar attempt.
We also have a bonus tip for you. Keep reading …
- Stop, look, and think before clicking – This is a big one, because when you’re working, you’re too often multitasking, interrupted or distracted, and it’s very easy to see an email, link in an email or a URL that looks legit – but it’s a phishing attempt to gain your security information and/or install malware on your computer system for network. Business email compromise (BEC) scams are extremely common these days, and threat actors will often impersonate someone higher up on your org chart, such as C-level members of your organization.
Tell everyone to stay aware and speak up
Whether it’s a phishing attempt or a new person in the vicinity, it pays to maintain a strong security posture during every business day. This includes everyone’s physical space and devices. Encourage your employees to get in touch with your security or IT team if they spot something (or someone) suspicious.
As part of cyber and security awareness from both a personal and organizational standpoint, remind your users to keep basic measures in mind. These include:
- Making sure everyone who is in your building or department is properly identified and has permission to be there.
- Removing and securing any sensitive or proprietary information from your workspace or on your computer screen.
- Never leaving your mobile phone, laptop or tablet out in the open or unattended, where someone could steal it and potentially access valuable information on it.
- Avoid talking about sensitive work information and projects in public spaces.
- Establishing rules for conduct on social media that strictly prohibits posting or discussing sensitive company information online.
- Using secure shredding methods to destroy sensitive information, including that of your customers and suppliers.
At IT Weapons, we’re here to help.
It’s important to establish a comprehensive cybersecurity plan to ensure the success of your business. Without this plan, everyone in your organization is at risk of today’s ever-increasing security threats and risks. Not only is a data breach or ransomware attack expensive, but it can even cause a smaller business to fail completely. However, we recognize that it’s not easy to achieve a security plan without help. You may not have enough IT resources, your departments may have different security requirements, you may need safeguards to maintain compliance in your industry, and there are always demands on your time to manage daily operations.
Konica Minolta’s IT Services division, IT Weapons, could be the solution to your security challenges. We offer best-in-class measures to develop a comprehensive security strategy that meets the needs of your particular organization. Our services encompass cybersecurity, mobile protection, cloud backup and recovery, and Managed Security Awareness Training. Because no organization is immune to a cyberattack – and it’s unrealistic to think you’ll never experience one – it’s time to make your company as secure as it can be as you move into 2023.
Find out more about our cybersecurity services here.
Cybersecurity, From Our Experts, Security