Blog - Rhea+Kaiser

Cybersecurity Awareness: Empowering Employees to Combat Threats

Written by Hubspot user | Dec 8, 2023 6:27:09 PM

How employees can protect company data

In a recent webinar hosted by our IT partner, Aqueity, they asked, “who here knows someone or is aware of a company that’s been breached”? Almost everyone raised their hand. Yet many of us still believe cybersecurity threats are a theoretical concept that won’t happen to them or their business. In reality, cybersecurity threats are a real and present danger that affects businesses around the world every day.

In today’s increasingly digital environment, companies not only have to protect their own company and employee data, but also their customers’ personal data from becoming vulnerable to cyber-attacks. Cyber-attacks can lead to data breaches, financial losses, and damage to your reputation.

Every employee is responsible for practicing safe cybersecurity habits and preventing sensitive information from getting into the wrong hands. As more states begin to adopt new privacy laws regarding consumer data, marketers need to stay current on these changes to stay compliant. There are several things employees can do to maintain the security of personal and private company and customer data, no matter their role.

UNDERSTAND THE RISK AT HAND

Although cybersecurity and data protection may not be explicitly included in your job description, it’s important to follow the guidelines and take necessary precautions for your sake, your company’s and your customers. Depending on your role, it’s likely that you have possession of some kind of proprietary information, whether that’s budgets and financial information or customers’ personal identifiable information (PII). It is your responsibility to take the necessary precautions to make sure that data remains safe and not vulnerable to hackers.

KNOW THE SIGNS OF VULNERABILITIES

Through the natural rhythms of both our personal and professional lives, a lot of sensitive data is inputted and transmitted via technology each day. Personal, financial, and proprietary information should be safeguarded and protected to keep it from falling into the wrong hands.

It’s easy to think of cyber-attacks as this complicated process that requires hacking into a company’s mainframe. However, according to a study done by Stanford University and security firm Tessian, approximately 88 percent of data breaches are caused simply by human error.

Phishing is the most common form of cybercrime, with an estimated 3.4 billion phishing emails sent every day. Most phishing attempts occur through email. These threats are becoming more difficult to identify as time passes because hackers are finding ways to make their fraud look more authentic.

Employees need to stay vigilant about what emails they are opening. Here are a few indicators Microsoft says to look out for that can help employees identify a phishing email:

  • (Don’t) Act Now. Urgent calls to action that encourage recipients to “act now” to claim a reward or avoid a consequence create urgency and fear to get users to act quickly.
  • Sender Unknown. Unfamiliar senders, which are often marked with [EXTERNAL] in the subject line, can indicate a phishing email, especially if the email is addressed from someone within the company.
  • Mismatched Email Addresses. Be sure to check that the email address domain matches the name of the company sending the email. For example, if the email is supposedly coming from Amazon, the sending email address should be [email]@amazon.com.
  • Bad Grammar. Incorrect spelling or grammar can indicate that the email has been translated from a different language.
  • Impersonal Greetings. Emails that start with simply “Hello” or “Dear Sir or Madam,” show that they are generic and could be a phishing attempt. Most emails directed at you will address the receiver by name.
  • Suspicious Attachments or Links. A good rule of thumb is to avoid clicking any links or opening any attachments from emails that look “phishy.” If you do click a link, do not give any personal identifying information that is asked for, as this could be used against you to access sensitive information on your device.

Nowadays, phishing emails often appear to be legitimate from an individual or company you frequently correspond with. If you receive one you’re not expecting, always verify that it’s legitimate by contacting the vendor directly before you click links or buttons.

TAKE PROPER PRECAUTIONS: WHAT EMPLOYEES CAN DO

Because employees are often the weakest link in cybersecurity, it’s important for everyone in an organization to make sure they are doing their part to protect sensitive information. There are several precautions employees can take to protect against cyberattacks.

  • Participate in training: Most companies invest in regular training for staff to recognize and respond to phishing attacks, social engineering, and other and other common threats. As an employee of your company, be sure to do your part by attending and completing these training courses to stay up to date on the latest cybersecurity issues. At R+K, we are required to complete quarterly training campaigns with videos and tests. KnowBe4.com has been a great resource for our team. They conduct phishing tests and send out weekly reports to make sure everyone is compliant and not clicking or opening malware.

  • Strengthen passwords: Passwords are a critical part of keeping your data safe. Best practice for strong passwords is to use a phrase that is at least 20 characters long. Using the same password across different platforms is risky. Ideally, use different, complex passwords for each of your accounts. If your company does not require that you change your password periodically, it’s a good idea to do anyway to keep your accounts protected.

  • Complete regular updates: Keep all software, hardware, and systems up to date. Cybercriminals often exploit known vulnerabilities, so timely patch management is crucial. If you receive alerts to restart your computer to implement these updates and changes, do not click out of the alerts until you’ve completed the task, so you don’t get distracted by other work tasks.

KNOW HOW TO RESPOND IN THE CASE OF AN ATTACK

If you believe you were the victim of a phishing attempt or other form of cyber-attack, it’s important to report it to your IT administrator as soon as possible. The longer you wait, the longer hackers can access your company’s information and infiltrate the system. From there, identify what you did incorrectly and determine how you will avoid making the same mistake moving forward.

The responsibility of cybersecurity does not fall solely on one person or department. It’s something everyone in an organization needs to contribute to and manage in order to keep proprietary and sensitive information safe.

For more information on data privacy and how it impacts marketers, check out our blog on how changing privacy laws affect how businesses can store and use customer data.