6 Cyber Security Tips for Employees from HR

Author Headshot Written by Liz McDermott


The partnership between HR and IT is critical in making sure the future of work is secure as companies transition towards digital transformation and working from home continues. With cyberattacks expected to increase in volume and impact, the HR and IT partnership is more important than ever before in securing your company’s systems, networks, and data.

IT teams provide new employees with tech tools, set up VPNs (virtual private networks) to offer a wide range of security protection, do company-wide software updates, configure business systems for multi-factor authentication, recommend a password manager, provide instructions on creating strong passwords, secure operating systems, and safeguard work computers and smartphones.

In turn, HR can assist IT by educating employees about security best practices such as the tips covered in this article:

HR professionals can use these cybersecurity tips to increase cybersecurity awareness and help businesses avoid security risks. This preventative support for IT teams makes their jobs a little easier.

 

Cybersecurity Tip #1: Recognize Phishing Attempts

 

Cyber Security Tip - Phishing

 

Phishing attempts continue to grow as the digital workforce evolves significantly. In 2021, 83% of organizations reported they had experienced a successful phishing attack. Employees following cybersecurity best practices can help prevent data breaches from malicious emails.

The following steps help employees recognize attacks from suspicious emails:

  • Look at the “From:” email address, not just the sender's name. Inboxes of most email programs don’t show a sender’s actual email address. Looking at the email address verifies the sender's domain is not suspicious. If the domain used does not match the company website, it’s likely a hacking attempt.
  • Look at the recipient(s) in the “To:” line. If an email requesting action on your part is not directed to you specifically, it is probably a cyber attack attempt.
  • Hover over the link to a web page. If the message links to a web page, hover over it. If the link goes to a web page that isn’t on the brand's domain the email claims to come from,  don’t click on it. It is probably a fraudulent page.
  • Look for misspellings, bad grammar, or bad formatting. Not all phishing messages have them, but many do.
  • Be suspicious of any organization messages asking you for your personal information. No reputable organization will email you asking you to click on a link and provide personal information, like your password. A legitimate email would direct you to go to the company's website to log into your account and update the information there.

 

Cybersecurity Tip #2: Practice Good Password Management

 

Cyber Security Tip - Passwords

 

Don’t make it easy for cybercriminals to access business and personal accounts by following these good password security practices:

  • Use long and strong passwords. As a general rule, the longer and more complex, the better, as it makes them harder to crack. Use at least 12 characters, combining upper and lower-case characters, numbers, and symbols.
  • If allowed, consider using passphrases instead of passwords. A passphrase is a sequence of words or text. A long passphrase is better than a complex, shorter password and a lot easier to remember. Passphrases include: “My cousin bought a sailboat in 2021!” or “The groundhog usually sees his shadow on February 2.”
  • Activate multi-factor authentication. Two-factor authentication requires two separate, distinct forms of identification in order to log into a system. The first factor is a password. The second factor is often a code sent to your smartphone or email address, but there may also be some biometric factors, such as your fingerprint or face. Hackers might be able to crack your password, but chances are they won’t be able to provide the second authentication factor and, therefore, won’t get into your account.
  • Change passwords or passphrases regularly for personal accounts at least twice a year. Businesses should require employees to update passwords every 30-90 days.
  • Consider using a password manager utility. This solution securely stores all of your passwords and passphrases in one place. You just have to remember one password to access the secure passwords for all your devices and services. Some examples include Keeper, LastPass, and 1Password. Your organization may support a preferred password manager.
  • Don't write passwords down. If you must, carry them with you. Don’t leave them at your workstation. No sticky notes on your computer monitor or in the top drawer of your desk!
  • Don’t send your passwords to anyone — including yourself — via email, phone or voicemail.

 

Cybersecurity Tip #3: Use a VPN When Working Remotely

 

Cyber Security Tip - Connect to VPN

 

Remote work using home or public wifi networks is a risk that can be mitigated by a Virtual Private Network (VPN). A VPN ensures that all data transmitted between an employee's computer/device and your organization’s network is secure. IT departments are responsible for setting up employees with VPN access.

When working off-site, always connect to your organization’s network(s) using a VPN.

Using a VPN is particularly important if you are using public wifi. If you log into your work accounts without using a VPN, cybercriminals could intercept your activity over wifi and capture your password credentials and sensitive information, the content of any emails you send, and the content of any unsecured web pages you visit.

 

Cybersecurity Tip #4: Keep Files in the Cloud or on Your Organization’s Networks

 

Cyber Security Tip - Work on the Cloud

 

When you are working on sensitive files, don’t copy them to your computer or device’s local drive. Work on them in their secure location in the cloud or on your organization’s network. That way, the secure data stays secure if your computer or device is compromised or stolen.

 

Cybersecurity Tip #5: Don’t Send Sensitive Information by Email

 

Cyber Security Tip - Sensitive Information

 

Hackers can intercept email messages in transit. If messages contain any sensitive or personal information, they can access it. Out of all the cybersecurity best practices, email security is one of those security tips that should always be top of mind.

IT departments are responsible for information security and helping employees set up security software that encrypts data stored on a computer/device, communications, and file transfers. Ask your IT team for additional information security tips on this topic.

 

Cybersecurity Tip #6: Install Software Updates as Soon as They Become Available

 

Cyber Security Tip - Software Updates

 

Cybersecurity hackers use vulnerabilities in operating systems and applications software on computers and devices to launch malware attacks. Software developers release security updates or patches for their software when they discover these vulnerabilities. An estimated 60% of all data breaches result from cybersecurity criminals exploiting known vulnerabilities for which patches are available but have not been installed.

Make it a cybersecurity habit of installing software updates on your computer and devices whenever they become available. As well as operating systems, the following types of software should be updated:

  • Web browsers
  • Email software
  • Instant messaging software
  • Office productivity software
  • Personal firewalls

 

Need More Cybersecurity Tips?

 

It's hard to keep up with the latest security threats and solutions because IT security is continuously reinventing itself. HR leaders should seek advice from IT to stay abreast of the most recent security strategies and best practices. A strong alliance between HR and IT will help protect the company from cyber dangers.

 

Cybersecurity Training Courses

 

Getting employees on the same page about good security habits can be achieved by adding cybersecurity training to your compliance program for new employees and annual retraining. Vubiz offers a comprehensive cybersecurity training program. All courses are easy to customize and can be added to any LMS or run on Vubiz's learning platform.

Contact us to learn more about our cybersecurity training solution.