Anyone who’s worked in cybersecurity for longer than a few minutes has gotten the question: “you’re in cybersecurity … what should I do to protect myself?” There’s no shortage of frameworks, advice and “best practices” out there. Even so, tales of security breaches and stolen customer data dot the headlines every day.
Among the mountain of frameworks, there are a handful of cybersecurity fundamentals that are relatively simple and inexpensive, at least for individuals at home. Peel away the buzzwords and the lengthy policies written by the Bobs … and the security “must dos” are easier to implement than you might initially think.
Yet I still hear about people and organizations doing nothing about security. It’s unfortunate for businesses and their employees.
So why can’t we “do” cybersecurity better?
The overlooked factor: motivation
I’ve discovered that most orgs are missing a critical opportunity to encourage their employees to “do security” better at the office.
Here’s the message they’re missing: Good security starts (and benefits you) at home. Just like demands for easy-to-use technology came into the enterprise from the home, so too can (and should) security.
Employees with a security mindset go a long way in protecting your business, and to bring that mindset into the office, we need to make it personal.
Whether someone’s concerned with protecting their Facebook account or their digital files at the office, here are four things anyone can do today to become substantially better at security:
#1: Update
I bet your employees don’t know just how much keeping their stuff – from their iPhone to their laptop – up to date can help keep their (and your) data safe. Turns out that large companies that make headlines often point to not updating software and systems as the reason why they were breached. Save yourself the heartache and encourage your people to stay up to date. This simple action goes a long way towards protecting bank account passwords to corporate data, and everything in between.
When I say “update,” you might think I really mean “patch.”
But I’m not calling it patching. Patching has an innately negative connotation. It’s not a “fix,” it’s just a temporary “patch.” While that may be true since we’re talking about software, if the objective is to motivate action, “update” encourages the same behavior without the associated baggage.
Over the past several years, I’ve heard arguments advocating caution against patching – or at least automatic patching. But we should build a culture among non-security people that they err on the side of turning on automatic updates wherever they go. As computer users, we should all want software to be automatically updated.
#2: Backup
Encourage people to safeguard their precious data by using a backup service for their computer like Apple’s TimeMachine, BackBlaze, or iDrive. Should the computer go up in smoke, they’ll always be able to get their files back.
Why backups? If you or anyone you know has seen a “Your personal files are encrypted” message pop up on their screen, then you already know why safeguarding your data – from family photos to spreadsheets with financial info – is critical.
Further, ransomware has run rampant among businesses the past several years, particularly because it’s substantially cheaper for orgs to pay the ransom than it is to hire consultants to fix the problem afterward. This, in turn, funds both more adversaries and more sophisticated attack methods. It’s the gift that keeps on giving … to the bad guys.
Turns out one of the simple and effective ways to protect against it is to have a backup of your data.
#3: Learn the two-step
There’s a 1-in-170 chance that one of your social media accounts will be taken over by someone else today if you’re using only a password. Most people spend days apologizing to friends for things they didn’t even do (including tricking them into transferring money). Skip the hassle and turn on two-factor or two-step authentication.
The point here is to start small. Even adopting two-step authentication over SMS makes your security posture stronger than using just a password.
#4: Forget your passwords
Save time logging in anywhere – from Amazon.com to your office mail app – by skipping the username and password prompt. Install a password manager like 1Pasword or LastPass. It’ll generate passwords for you, log you in with one click and keep your account much safer. When your favorite website tells you they lost your password to hackers, you can change just one password instead of a dozen because password managers help you use a unique password on every website (that you don’t even have to memorize).
Considering that most people reuse passwords, this threat surface is huge. Beyond the security reasons for using a password manager, though, is the fact that it actually makes it easier to deal with all your accounts. Most password managers act like bookmarks and will log you into sites automatically with one click.
Keep it simple
Having an easy plan to follow that benefits someone personally and professionally is the first step in creating an effective cybersecurity strategy. Too many strategies fail, as employees find them too complex and managers find them too expensive.
But any organization can take the messages above and implement them at very little cost. The result is that you’ll have the start of a strong cybersecurity strategy that works for everyone.