Security in the workplace is more vital than ever. It is something that should be taken into consideration for all aspects of work-related activities. This is especially challenging in today’s modern workforce, which typically extends far beyond the physical office and can include digital communication that originates from nearly any location and from a variety of devices.
Security measures taken by specific organisations can be quite complex at times, which is why it is so crucial to remember some of the most basic actions you can take to ensure security at all times. It’s a great idea to review this information periodically and share it with employees as a part of your cyber security best practices.
1. Lock Up Anything You Can
When possible, it’s important to use any resources you can to restrict access to devices and information. This may mean using physical locks, such as locking up your office or putting devices in a lockbox when they are not being used. But it should also be extended to locking the devices themselves with passwords, passcodes or even by using biometric data such as retinal scans or fingerprints. This means that even if you forget or lose your device in a coffee shop or any other public place, the risk of compromising data is still minimized.
2. Use Two-Factor Authentication
While passwords and codes are a great first line of defense, two-factor authentication provides an additional layer of security. Passwords can be hacked – there is a ton of evidence to show how common this is, and we need not look any further than the recent leak of several billion username and password combinations, known as Collections 1-5, to realize how prevalent our sensitive information might be to the public at large, including hackers. Multi-factor authentication means that having your password won’t be enough to gain access – they must also have something you own or something you know. This may be tokens that are in your devices that verify your identity, or they may be security questions or additional passcodes that can be delivered via SMS or by email.
3. Put your VPN to Work
Virtual private networks, or VPNs, provide a connection between a secure server and your computer. Wi-fi hotspots found in public areas are high-risk due to the possibility of having your connection and information hijacked. Additionally, internet service providers can sell data collected during these sessions about your online habits. VPNs hide your IP address, which makes it hard for 3rd parties to track your online behavior. They also help to protect you from identity theft, access content privately and bypass firewalls. Browsing the internet seems like a relatively benign activity, and many individuals don’t fully understand the risk of doing so without proper security measures. A VPN should be used whenever a PC or other device is accessing the internet for business purposes.
4. Use Work Devices for Work. Period.
This particular issue is becoming increasingly complicated as our world becomes more interconnected. It’s simply easier for many people to use whatever device is available to them easily when they need it. However, there is a danger in intermingling personal and business devices. To maintain the highest level of security, users need to remember to use their work devices for business purposes and nothing else. Further, they should not use personal devices to conduct work on; these should be reserved for their personal use only.
5. Think Twice if Something Seems Off
Even though security measures are evolving and becoming more stringent, there are still a huge number of digital scams, especially those that target email use. This includes phishing, spoofing, and even the hijacking of executive-level emails in order to obtain sensitive (often financial) information. Over ¾ of organisations reported phishing attacks alone in 2017 and nearly half of all organisations report that these types of scams are growing.ii Many businesses will hold refresher courses for their employees that teach them how to spot a suspicious email or other form of fraudulent communication. While these can help greatly, the best action you can take is to just pause, then ask questions internally if you do receive something that doesn’t seem quite right.