Password reuse continues to be a threat to businesses around the world. recent report found that 64% of people continue to use passwords that were exposed during a breach. Poor password hygiene by end users can expose your organization to security breaches and make your company’s sensitive data vulnerable to cyberattacks.
Preventing cybersecurity attacks starts with preparing your first line of defense: your employees. Cybersecurity awareness training helps them become more aware, alert and informed of the latest cyber threat tactics targeting end users.
Although it may be difficult to prevent all “bad” user behaviorthere are several good cybersecurity practices to train and remind your employees regularly.
Secure end user accounts
Credential-based endpoints are the most vulnerable attack surface in any organization. Securing end-user accounts with these 4 best practices is important to protect your entire organization from risk.
1. Enforce password policy
Employees should have no choice but to abide by the rules of your organization’s password policy. With Specops password policyfor example, organizations can enforce length and complexity requirements to ensure their password is as strong as possible while blocking over 3 billion known cracked passwords.
2. Use MFA whenever possible
In order to further secure end-user accounts, the implementation of multi-factor authentication (MFA) should be mandatory for end users logging into work applications or making a change such as resetting their passwords. When it comes to the MFA process, the more you can verify your identity when logging in, the harder it is for someone to steal your information.
3. Don’t leave information unprotected
Another best practice around account information is to encourage employees to lock their screens when they’re not around. Leaving screens unlocked increases the risk of someone viewing or accessing sensitive data.
4. Use a password manager
It is also important that your organization encourages the use of a password manager, not only for the individual end user, but also to use shared vault features to prevent password sharing. unsecured between employees.
Protect company equipment
It’s easy, especially in a software-driven organization, to overlook the importance of secure hardware. But as IT professionals in manufacturing or healthcare will tell you, securing your device infrastructure as well as your network is essential.
When it comes to employees protecting their equipment from cybersecurity threats, there are several ways in-house training and strong policies can help.
5. All hardware must come from the IT department
To start, all new purchases must go directly through the IT department. The IT department is responsible not only for setting up the employee on the corporate network, but also for ensuring that the computer is properly equipped with security and the operating system or support of the system. This initial setup helps the IT department perform remote maintenance on your computer to ensure that your software is up-to-date and configured for automatic updating.
6. Mobile devices also need encryption
Phones must have a lock screen and allow message encryption. This policy prevents critical text such as MFA security codes from being visible on a locked screen. This way, only those who can identify themselves with the correct password can read the messages.
7. Turn Off Appliances Properly and Often
It’s common for employees to keep their computers running throughout the work week, but turning them off is essential for equipment health and safety. Most software updates require you to restart your computer to work properly. It is therefore necessary to stop the equipment for the regular maintenance of the software.
8. Don’t disable built-in protections
Employees should also be encouraged to keep firewalls enabled. Firewalls are put in place to block certain types of network traffic, which protects your system from external threats. Disabling the firewall exposes the organization to malicious attacks that rely on open network ports.
Finally, as an added layer of protection, employees should always have antivirus enabled. Antivirus software provides real-time protection by scanning new files and will immediately alert the user if it detects any threats.
Privacy and data storage policies
Data privacy is another important part of the IT security infrastructure. Encourage these good data storage practices, as well as implement a zero trust framework in your organization, can ensure that none of your end users put your data at risk.
9. No storage of personal data
Many companies encourage employees to send everything to the cloud, whether for file sharing or file storage. The cloud offers more control over who can access internal information. If it is your company policy, no company information should be saved to a user’s personal storage.
10. Discourage USB Drives
Also, make a point of discourage the use of USB drives. USB drives are not only small and easy to lose, but they are usually not encrypted. This means that if a user plugs one into a home or public computer that is not secure and then uses it on work equipment, the USB can then transfer and introduce a virus into your network.
If an end user needs a USB drive and there is no other option, make sure it is purchased and reviewed by your IT department.
11. Beware of suspicious emails and text messages
Employees should also be encouraged to pay close attention to suspicious emails and always send them to IT if in doubt. the IT can run anti-phishing campaigns to help train employees on security awareness and what to watch for suspicious emails.
12. Consider the environment and the security of your data
All employees should also avoid printing anything with company data. Loose papers can end up in the wrong hands once they leave the employee’s home or office.
Although printing should be limited, there are instances when you might need to print a document, in which case employees should be encouraged to shred anything they no longer use.
Manage software and licenses responsibly
Finally, cybersecurity 101 end-user training should include the risks of software on work devices. Organizations should have clear guidelines on how and when end users can download or license anything that does not come standard on their work computers. Here are some guidelines:
13. Express Computer Authorization for All New Downloads
New software downloads should be limited, but if users need to download any program, even a web app, they should clear it with IT first.
This is especially important if there is no web application security already in place.
14. MFA on external software is not optional
Also, all external software needs MFA for even better password protection and security.
You’d be surprised how many Work-related apps’ built-in security measures don’t stack. MFA can help mitigate any third-party risk.
Cybersecurity training is constant practice and teamwork. Through regular reminders, training sessions, and support from IT, users can generate greater awareness of cybersecurity threats and help protect internal information.
Sponsored and written by Specops software