No matter what industry you work in, protecting your data is critical. Though your company likely has cybersecurity policies set in place, it’s ultimately up to you to ensure your own protection. Failing to safeguard your personal information could leave you, your company, and your customers vulnerable to a cyber-attack and potentially identity theft.

Depending on the severity of the cyber-attack, it could end up costing you and your company a large amount of money. Just last year, employee error and negligence accounted for more than 40% of data breaches. While this number may not seem that high, it’s a number that could virtually be eradicated with carefully executed precautions put into place. Though managing your cybersecurity can oftentimes be difficult in a workplace setting, it doesn’t have to be.

Why Does it Matter?

You may be wondering why any of this should matter to you since it’s on the company if a data breach happens anyways… isn’t it? Well, in most cases it’s actually not. When you risk the exposure of sensitive information that is stored on your devices or in your account, you’re not just putting yourself at risk, but your customers as well. This is a particularly strong issue for the healthcare and financial industries where records tend to be more sensitive in nature.

If a company should conduct an investigation into the data breach and it is revealed that an error on your part was the cause, you could be seriously reprimanded or fired. This is because data breaches cost companies millions of dollars in damages annually and often damage their reputation. It can take years for a company to repair this damage.

Protecting Your Data

As mentioned previously, it’s ultimately up to you to practice healthy cybersecurity habits.

The best place to start is by familiarizing yourself with the policies your company has set in place. You may have signed a nondisclosure or confidentiality agreement upon being hired. You should be able to find a copy of this agreement and the entire cybersecurity policy laid out in the employee handbook.

If you do not have a handbook available, talk to your IT department. Your IT department is a great resource for any questions or concerns you may have. Never be afraid to ask them a question even if you think it may not be worth their time. They’re happy to help now, rather than down the road when an issue has already presented itself.

When it comes to your work devices, it’s important that you care about them the same way that you would your personal devices. Take precautions in the way that you handle them. This starts from the beginning when you set them up. When you first receive a work phone, laptop, or other devices, follow the setup instructions that your department gives you.

Make sure that you have everything installed that you need such as software, programs, and specific privacy settings. When an update becomes available for these, install them so you have the most up to date versions. Regularly, an update is released when companies will have found a flaw in the security settings and made the necessary repairs to ensure your safety.

Additionally, you should write down the serial numbers of these devices in case it is ever stolen so you can provide the police with this information.

Passwords

After you receive your device, you’ll need to create a password for your account. Make sure that it is both strong and unique in nature. The more complex that you can make it, the better your first line of defense will be in the event of a cyber-attack. When it comes to passwords, don’t skimp out on making one by using simple phrases or names. Instead, take the time to create one that uses a variety of both lower and uppercase letters, numbers, and symbols.

Never leave a device unlocked, especially when it contains sensitive data or company/client information. It’s crucial to set up a strong password, but it’s wise to also add in a stronger layer of defense on top of that such as a two-factor authentication process. This works by notifying you on another device that the login attempt was made. Sometimes it may also ask you to input a security code number. Once you receive this, you can either verify that it was you trying to sign in or deny the request.

Prioritizing and Managing Data

No matter what industry you work in, it’s likely that you’ll have private information that needs to stay within the company or even to yourself. Because of this, it’s important that you find proper methods of storing and managing your data to avoid it ending up in the wrong hands. Exposing this information is to competitors, cybercriminals, or the public would put your company in jeopardy.

Confidential data is different than private data. Though it’s important to keep both secure, confidential data is to be regarded with the highest regard to importance. Examples of each include:

Confidential Data (High Importance):
  • Financial records
  • Health records
  • Social security numbers
  • Credit card numbers
  • Employee ID numbers
Private Data (Important):
  • Proprietary information
  • Company research and data
Public Data (Available for Anyone):
  • Company History
  • Public Records
  • Public Budgets

The best way to protect confidential data is by encrypting it. This process uses a secret code to scramble the data so that it cannot be read by anyone who does not have the code.

Staying in line with encryption policies, it’s wise to refrain from sending confidential information over email. Instead, use a file transfer system that properly transmits and disposes of any records after sending them to the recipient.

When managing data, you should also keep business transactions, especially those with clients, on a need-to-know basis. If the information is necessary to a case, then it is okay for them to disclose it to your company. However, if it is not necessary do not ask for it or encourage them to share this sensitive data. This also works vice versa.

One of the most important things to remember to do is backing up your data on a regular basis. It’s likely that your IT department has a process for this in place already, but if not, inquire with them about storage options that may be available for you. This could include an external hard drive or a company cloud storage.

If for any reason you should need to terminate your work device, make sure to wipe it clean to a factory setting option before handing it over.

Managing Cyber Security Outside the Office

For various reasons you may find yourself working outside of the office. Whether you have a work from home arrangement set up, are traveling for business, or just want to check your work email in a cafe you need to be extra cautious. While it may seem safe to conduct work in these settings, it’s difficult to predict the safety of the digital environment you’ll be working off of.

Thankfully, there are a few tips you can keep in mind when working offsite to ensure your cyber safety. You may find benefit in utilizing a secure VPN while browsing the Internet. It will help protect and encrypt your data during your session, no matter where you are.

Hotels, airports, and cafes are notorious for using unsecured networks. Try to avoid these places if you are not using a VPN by searching for a secure network. Unsecured networks can leave the information that you are transmitting over the network susceptible to theft by criminal eavesdroppers who are also on the network. You will know if it is secured if it asks for a password or login.

During this time, you should also refrain from visiting any sites that store your personally identifiable information or require a credit card for purchases. If you truly must go on to one of these sites, verify its legitimacy by checking for SSL or secure sockets layer.

Do so by looking at the URL bar of the site. Be wary if there is an s missing in the “https://” section of the site address. Also, if a payment is required, make sure there is a padlock icon in the URL which signifies it is safe to input your payment method of choice.

Avoiding Scams

Companies are one of the most vulnerable victims when it comes to scams, the most common being phishing emails. This is when an outside source sends an email to you typically pretending to be an executive inside the company asking for information. Their hope is that you’ll fall for the phony email and open it. Within that email, they will likely ask you to reveal sensitive information to them or download a link. These downloads contain malicious spyware that can infect your devices with viruses. Be cautious and think twice before downloading anything to your device.

Though a scam email can be hard to notice at first glance, there are a few signs you can be on the lookout for.
  • Spelling and Grammar Mistakes – read through the entire email and subject line. If there are several spelling or grammar mistakes, think twice about taking action on the email.
  • Strange Sender Address – Though the email address may look like it came from an inside employee or corporate executive, it’s important to actually verify this before responding by checking directly with the person. If it is not legitimate, there will often be a letter missing or a symbol added but will still look close to the authentic address.
  • Request for Immediate ActionIf the email is making you feel uncomfortable, that’s a clear sign to avoid it, but especially if it contains a strong call to action. This might be something like “send me money now,” “It’s an emergency,” or “send me your password now or else…” These kinds of emails rarely end well.
  • They Don’t Call You by Your NameThough your boss could have just been sending an email in a rush, it’s more than likely that they would typically start the email with “Hi {YOUR NAME}”. If not, it could be a first warning sign.
Written By
John Price is a retired IT professional who enjoys freelance writing. His writing is focused on the cybersecurity and IT professional space. He is also an avid fisherman spending a majority of his retirement out on the lake.

Related Post

Human Resources Today