Inspiration strikes when we least expect it. Ideas don’t always come to us in the office. In a ‘Bring Your Own Device’ or ‘BYOD’ world, work devices move with us, and employees introduce personal devices to corporate networks.
October is the European Cyber Security Month, an annual campaign to raise awareness about the importance of cybersecurity. Every employee should play their role.
Breaches can cost corporations their reputations and cause devastating financial impact and humans may be the easiest way in. Criminals target people because we trust too easily. Hackers can infect employees’ personal and work devices with malware or other threats to launch attacks on corporate networks. Through employees, they can access, steal and even destroy valuable corporate information. Hackers are also exploiting security weaknesses in IoT devices according to the Cisco 2017 Midyear Cybersecurity Report.
Thisvideo explains the mind-set of the bad guy; it shows how personal and work lives are intertwined and how a breach that happened at home could potentially unfold in the workplace causing havoc.
Organizations should implement ‘BYOD’ policies and solutions in the workplace. In addition to that, they should also encourage their employees to protect their personal and work devices. Here are 6 tips that companies can share with their employees:
Tip 1: Home Wi-Fi network name and password:
The majority of connected devices at home require connection to a Wi-Fi network. If the network is not properly protected, attackers can gain access.
If the Wi-Fi’s network name contains the name of the manufacturer, a cybercriminal may know the vulnerabilities of that model and how to exploit them. They could gain access to connected devices and ultimately any data in that network. It’s recommended that the name of the network is changed so that it doesn’t include the manufacturer’s name.
If a Wi-Fi network is left open, without a password, anyone can get in, meaning that not only can neighbours use the connection, but that hackers can discover the devices on the network and potentially hack them.
Wireless routers come pre-set with a default password. But it’s fairly easy for hackers to guess it, especially if they know the manufacturer. The password should be changed. A strong wireless password should be long, containing up to 20 characters and include numbers, letters and various symbols.
Tip 2: Think before sharing on public websites or social media:
Companies should encourage their employees to think before revealing sensitive business or personal information on public websites or social media. They should:
- Get to know their social media privacy settings.
- Think about who can see their profiles and what kind of information they want others to know.
- Carefully consider friend requests and who’s asking to join their network.
Tip 3: Think before clicking:
Whether at home or at work, it’s important to use common sense before clicking links or opening attachments. Employees need to know that by clicking or downloading suspicious attachments they may also be installing threats or malware onto their devices and networks. They should ask:
- Do I know the sender?
- Do I really need to open that file or go to that link?
- Did I really order something from this company?
Hackers use a method called ‘phishing’ to try to collect personal data (such as passwords and credit card numbers) by means of fake apps, fake SMS or fake email messages that seem genuine. The attacker may either ask users to provide their data directly via replying to the e-mail or via visiting a web site that he/she proposes.
Tip 4: Patch regularly or update software:
It’s likely that organisations breached by ransomware ‘Wanna Cry’ did not patch their systems. Attackers frequently rely on people running outdated software with known vulnerabilities,which they can exploit. Companies should make a habit out of updating their software regularly, and so should employees on their personal devices. Most modern software has automatic patching programs. Users should turn them on, and say “yes” whenever they ask to update. If IT has any concerns about compatibility of updates and other applications, they should inform their users about it.
Tip 5: Use a virtual private network (VPN) for remote access:
Employees should use VPN to get access to all corporate resources when they are not physically in the office or when communicating any work remotely via email or instant messaging.
Tip 6: Use multiple account passwords:
Always using the same password for all accounts is a weak strategy even if this makes it easy to remember. If a hacker knows your employees’ Facebook password, he/she could then have access to all of their accounts including bank accounts or work passwords. Remind your employees to set up a different password for each service, not saving them in any file. If they need some help remembering, they can use a secure password management app. Furthermore, it is important to have strong passwords having adequate length, composed of both lower and upper case letters, as well as numbers and non-alphanumeric characters.
Tip 7: Back up data regularly:
Employees should back up personal or critical work data on a regular basis.
These are a few tips. No one’s 100% secure. Threats are constantly evolving and hackers are innovating but these tips will ensure companies improve security for all.
Awareness is key. Keeping up with the latest news about online threats, sometimes region specific, can help you take necessary actions to either prevent a compromise or to find solutions. There are many websites, blogs, and forums dedicated to each of the devices you use to get online. You can start by bookmarking or subscribing to the Cisco Talos blog, which is updated by the largest group of threat researchers worldwide.You can also learn more by visiting the Wolfpack website.