Nonprofit Resources
Cybersecurity Month: Cybersecurity in the Workplace is Everyone’s Business
October is National Cybersecurity Awareness Month. Each week, we’ll provide resources and tips to help you increase your cybersecurity awareness and reduce the risk for yourself and your organization.
CYBERSECURITY IN THE WORKPLACE IS EVERYONE’S BUSINESS
The Department of Homeland Security is focusing on Cybersecurity in the Workplace this week. Cybersecurity is no longer just an IT issue — it only takes one employee clicking one malicious link to cause a breach. The following tips will help you educate employees about cybersecurity risks and protect your organization’s data and systems.
Watch for phishing emails
Phishing emails are designed to entice the recipient to click on an attachment or link or share sensitive information. This opens the door for cyber criminals to infect your computer systems with malware, steal sensitive data, or trick the recipient into an action such as wiring funds.
- Educate employees on how a phishing attack works so they understand and recognize the threat
- Phishing emails can look like they’re from someone you know, so when in doubt, call the sender
- One of the more recent types of phishing scams, “whaling,” targets executives — these individuals have a high level of authority and resources, and employees respond promptly to requests that appear to come from them (often circumventing security procedures for “the boss”)
- Another common phishing scam entices users to open an attachment that leads to ransomware, a type of malware that “locks” a user’s file system and demands payment for the “key”
- Do not open emails, attachments, or links from strangers
- Use email filtering — it won’t completely eliminate the risk, but it can reduce it
- Provide a method for reporting suspicious emails
- Consider our Cyber Checkup, which includes a phishing test
Use strong passwords
Passwords remain a vital defense against cyber attacks.
- Require the use of long passwords (experts advise that using 10 to 12 characters greatly improves security)
- Avoid using dictionary words as passwords, as these are easier to crack
- Educate employees on the importance of:
- Using different passwords for different accounts (separate personal from business)
- Not sharing passwords
- Not saving passwords in an easily accessible or unsecured location
- Promptly changing passwords that may have been compromised
Create a culture of cybersecurity
It’s vital for all employees to recognize and appreciate the importance of cybersecurity.
- Be aware of these top cybersecurity myths and how your organization can overcome them
- Provide ongoing training and communication to help staff and volunteers understand:
- The dangers of visiting unsafe websites
- The latest cybersecurity threats
- The risks of using public WiFi networks
- The importance of reporting anything suspicious about their computer or email account to your IT team
DID YOU KNOW?
According to the Verizon 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default, or stolen passwords.
Access additional cybersecurity articles and blog posts here.