11 tips to reduce cyber risk
Identifying and mitigating threats to computer security is a constantly evolving process. However, the following tips may help you protect your organization, your clients, and your reputation against the harmful effects of data hacking.
1) Be aware of threats
Email scams, phishing attacks, zombie computer networks, viruses, and Trojan horses are just a few of the tools used by cyber criminals. Knowing where they come from and what they look like is the first step to keeping them at bay.
2) Avoid fake software
Cyber criminals often develop attractive free software programs that employees are encouraged to download on their office computer. These programs install malware or viruses on the computer, enabling criminals to access your company network. Make sure your employees know about these threats, teach them to spot fake software, and, especially, in order to protect your network, tell them never to install software themselves on company computers.
3) Watch out for sharing on social networks
Personal information shared by an employee on social media sites can be used by hackers to build a “social profile” of the employee. The profile is used to develop one or several convincing scams, tailored to the employee's personality, interests and needs, in order to access your company network. Make sure your employees know about best practices for protecting their private data on social media.
4) Know how to spot phishing attempts
Cyber criminals often use fake emails, text messages, and websites to get employees to discolse important information. This is known as “phishing”. Passwords, usernames, and account or credit card numbers can be stolen, sold, or used by criminals. Employees should never respond to emails requesting private or sensitive information, or click on links from unknown sources. Encourage them to be suspicious of messages that are alarmist, that contain spelling mistakes, or that offer a deal that's too good to be true.
5) Know how to spot dodgy Web addresses
Cyber criminals can trick unsuspecting people by taking the URL of a well-known site and tweaking it slightly. Signs that a Web address is untrustworthy include added hyphens, numbers, spelling mistakes, or symbols in place of a regular character. Encourage your employees to manually type URLs in the address bar of their navigator, to use Google to find legitimate sites for recognized companies, or to use their favourites, rather than clicking on email links.
6) Don't leave passwords where others can see them
Encourage your employees not to write down their passwords on scraps of paper and leave them near their workstations. The passwords can be stolen by someone passing by, or seen from a window, and used to access accounts.
7) Encourage employees to create unique passwords
The more complex, long and random a password is, the harder it is for cyber criminals to guess it. Encourage your employees to use long, random phrases as passwords, and tell them to make sure they have a different password for each of their accounts.
8) Lock computer screens
Advise employees to secure their workstation by locking their screen and session when they are away from their desk.
9) Protect laptops and smartphones
If cyber criminals get a hold of an employee's laptop or smartphone, they can use it to access your network, your data, and your clients' data. Remind employees to be vigilant if they use devices that are connected to your network when not in the office, and to keep these devices in a safe place.
10) Contact your IT experts right away in an emergency
When your employees identify an attempted cyberattack, or realize they have been the victims of hackers, they should to contact your IT department right away to prevent or limit the damage.
11) Establish a process for departing employees
When an employee leaves your company, make sure they no longer have access to your systems, your network or even your office. Any open account or unsupervised access can be exploited by hackers.
Based on articles from Public Safety Canada's “Get Cybersafe” website.