October. It’s the heart of football season and a time when pumpkin spice surfaces as the premier ingredient in the cooking world. But October is also a time for something more serious; something that each of us should place on a pedestal above such a highly touted culinary craving: cybersecurity.
Supported by the Department of Homeland Security, October is Cybersecurity Awareness Month and it couldn’t have come at a better time. Today, we are more connected than ever foreign and domestically. With the increasing prevalence of smart devices, accredited to the international westernization of society, we must be more alert and secure than ever before. Advancements in modern technology have been one of the greatest phenomena, yet place us in one of the most vulnerable states.
Our dependency on computers, mobile devices and cloud-based technologies has enhanced our way of life and made things easier, especially in the workforce. Companies are becoming more comfortable with integrating and storing digital data, for our consumption and evaluation. On the flip side, these actions pose alarming threats from hackers and illegal cyber-attacking groups alike, searching for the most susceptible companies on whom to prey. The incursion on healthcare organizations, banks and even retail chains are occurring more frequently and not without dire consequences.
Steer Clear of Cyber Culprits & Digital Demons
As awful as it sounds, the current trend has become to attack company’s human resources departments. Why you ask? Simply put, this is where all of the most sensitive employee information is held. HR is a goldmine of Personally Identifiable Information (PII) – all of a person’s personal information (name, DOB, SSN, postal address, etc.) – and arguably the hottest commodity. Additionally, they monitor payroll and other financial systems nestled within an organization. Unfortunately, there is a pretty lucrative underground market for criminals who plan to exploit and resell this information and that virtual emporium is growing.
With all that being said, here are the 7 best tips for everyone in the workplace who wants to keep their information secure from cyber culprits and digital demons and maintain the protection for your HR department:
- Passwords, passwords, passwords.
No matter what department you’re in, do not use the same password for every login account you have. Also, please don’t be the person in the office who has the sticky notes bordering your monitor full of usernames and passwords for everyone to see. I know “Bob” sitting next to you probably could care less, but that’s private information that only you should know.
- Training during the on-boarding process.
Understanding the company culture and assigning new projects might take precedent in new hire orientation, but instilling proper security measures should be a priority as well. If, from day one, your new hire understood the severity of potential risks and exercised correct security procedures, the chance of an attack will lessen enormously.
- This isn’t just a job for IT.
Sure, IT are the ones who get paid to ensure malware and cyber threats are kept at bay, but it’s everyone’s responsibility within a company to avoid such dangers. Your IT department, or whoever is in charge of handling your organization’s security, would greatly appreciate everyone’s participation and it would make their jobs a lot easier.
- Educate everyone extensively.
This can’t be stressed enough: no matter your role within your company, everyone must be held accountable for their actions and technological behavior. HR needs to be the parents in this relationship and educate their employees a couple times throughout each calendar year.
- Stress caution when assimilating work and personal devices.
If you are going to merge your personal devices with work, such as emails, calendars or even projects, be aware of your surroundings when reviewing this information. Understand the connection you are on, whether it be public or private, and recognize where you are outside of the office.
- Social engineering is not cool.
According to Dell SecureWorks, 70% of cyber-attacks are attributed to human elements. This is exclusively what social engineering depends on. Similar to phishing scams, this form of psychological manipulation, performed by fraudsters, dupes people into believing they are providing confidential information to a known source. These messages can be communicated in forms of emails that might imitate their boss requesting a social security number for an urgent matter or even a voicemail from your “co-worker” wanting to know where you live so they can drop something off. Be careful, because these messages can be replicated almost identically to that of your boss, co-worker or anyone else. This is ultimately phase one of the infiltration of your HR department and/or company as a whole.
- You’re smart. But so are cyber sneaks.
Although I know you are aware that such cyber-attacks are nothing new in the working world, it’s undeniably important we understand that hackers are always one step ahead of current security practices and will stop at nothing to satisfy their cruel intentions. You’re smart, so act smart.
In addition to implementing these tips, go beyond the firewall of security and expand your education. New Horizons offers a plethora of cybersecurity courses from vendor-neutral vendors such as CompTIA, EC-Council and many more. Are you doing your part to keep you and your company’s information secure?