Top 10 Safe Computing Tips for Employees

Safe Computing Tip #1 – Understand Your Role in Corporate Cybersecurity‍

As an employee, you are your company's first line of defense against cybersecurity threats. While IT administrators will do everything they can to make your day-to-day work experience as secure as possible, it is ultimately your responsibility to practice safe computing in the workplace.

‍
The 2020 Verizon Data Breach Investigations Report found that 30% of all data breaches involved internal actors. 37% of these breaches were caused by stolen or compromised credentials, 22% by errors, and 8% by misuse of authorized users. By learning all you can, following corporate security policies, and following our safe computing tips you can help protect your organization against IT security vulnerabilities.
‍

Cybersecurity Culture Tips for Employees:

1. Understand and follow all company policies regarding data security and confidentiality.
2. Be an advocate for safe computing in your workplace by explaining the purpose of your organization's cybersecurity practices to your coworkers and demonstrating the best practices.
3. Help bridge the gap between IT security and employee productivity by informing your manager about any security-related frustrations your coworkers have.
   ‍
   

Safe Computing Tip #2 – Avoid Using Shadow IT in The Workplace

‍
Shadow IT – also known as Stealth IT, Client IT, or Fake IT – is any system, solution, or software you use for work without the knowledge and approval of your IT department. Shadow IT poses a unique threat to cybersecurity as the technologies are not under the control of the IT department. These applications, Software-as-a-Service (SaaS) products, and other shadow technologies put corporate data at risk because they are not being appropriately secured.

‍
Examples of Shadow IT:

• Transferring corporate data to personally managed cloud storage accounts and USB storage devices
• Signing up for corporate SaaS accounts without approval of the IT department
• Using personal devices for work purposes without a formal Bring Your Own Device policy
• Using unofficial communication tools for work (Slack, Discord, etc)

These shadow IT safe computing tips do not just apply to software with viruses and other malware, either. The shadow technologies themselves may not even be inherently insecure. Platforms, services, and applications that are widely used in business settings may simply become insecure due to the lack of visibility and control the corporate IT department has over them.

A personal cloud storage account, for example, could be used to transfer work-related files to a coworker. However, if that data falls under a protected class such as personally identifiable information (PII), then your ability to access that data outside of work would be a violation of corporate and regulatory data security compliance standards.

‍
Shadow IT Cybersecurity Tips for Employees:

1. Do not use unapproved technology in the workplace.
2. Encourage your coworkers to use officially supported solutions.
3. If a particular shadow technology fulfills a highly desired need in the workplace, advocate for its official adoption.
4. Report suspected shadow IT usage to your IT admin or manager.

Safe Computing Tip #3 – Beware of Phishing Emails & Social Engineering

‍
These phishing safe computing tips are absolutely essential for any employee with internet access. According to the Verizon report a vast majority of malware is delivered via email. Business email compromise (BEC) is a pervasive threat that you need to be aware of to use computers safely.
A report from Tessian found that a staggering 1 in 4 employees have admitted to clicking on a phishing email at work. According to a report from PhishMe employees who have opened a phishing email in the past are 67% more likely to fall for a future phishing attempt.

Phishing is a type of fraud that uses fake emails, text messages, or social media messages to convince you to click a link, fill out a form, provide sensitive information, transfer funds, or take other actions that benefit the attacker. Phishing is a constant threat to data security. It is responsible for 22% of the data breaches studied in the Verizon report. Cybercriminals use phishing attacks to compromise accounts, steal company funds and breach sensitive data.

Social Engineering is an advanced form of social manipulation where an attacker convinces an employee to provide confidential information or unauthorized access to corporate systems. Social engineering can be as simple as pretending to be a contractor in order to gain physical access to the office or as advanced as impersonating an executive to trick you into providing them with confidential information.

‍

Phishing cybersecurity tips for employees:

1. Learn about anti-phishing best practices and follow them. Your employer should provide you with anti-phishing training that includes phishing simulations, examples of phishing emails, and procedures for reporting phishing attempts to your IT department.
2. Treat every email that demands non-public information, files, or unexpected requests with suspicion – especially if it tries to force you to rush the request. If a request sounds dubious, take the time to call the requester and verify that their demands are legitimate.
3. If you receive a suspected phishing email, report it to your IT department so they can investigate. Your employer may even be performing a phishing simulation that tracks how well employees respond to phishing attacks.
   
   

Safe Computing Tip #4 – Use Strong, Unique and Confidential Passwords

‍
Following these password hygiene computing tips are essential for protecting data. Unfortunately, poor password hygiene is far too prevalent – a shocking 59% of users surveyed in the LastPass Psychology of Passwords Report admit to reusing passwords!

‍
Your passwords must be unique, private, and easy for you to remember without being easy for an attacker to guess. Along with a strong password, you should use multi-factor authentication (MFA) wherever possible; this forces a would-be attacker to bypass multiple authentication measures (a password + biometrics, a PIN number, etc.) before they can breach an account.

‍
Password Security Tips for Employees:

1. Do not reuse passwords. If a data breach ever leaks one of your accounts the attacker could gain access to other accounts using your reused passwords.
2. Use company-provided authentication measures such as a password manager or Identity Access Management (IAM) solution.
3. Do not leave passwords in an insecure location such as a post-it note, journal or unencrypted text file.
4. Do not share your passwords or accounts with coworkers. Every employee must have their own unique login credentials so that their activity can be accurately monitored and managed by the IT department.
5. Make long and simple passwords. Think of your password as more of a passphrase. Use a series of unrelated words to create long, simple passwords rather than short and complex ones. Passphrases are easier for you to remember and harder for attackers to brute force or guess.

‍