Many employees will have access to work-related apps and files on their personal devices, possibly because their company encourages a BYOD (Bring Your Own Devices) policy, for example. Therefore, following certain security measures to protect themselves and their employers safe. How can you make that happen? Here are a few handy tips that you can teach your employees.
1. Encourage employees to follow basic principles of online safety
Promote these security habits that are easy to manage and sustainable long-term:
- Use secure passwords.
- Use a different password for each of your accounts.
- Store passwords in a reliable password manager
- Add an additional layer of security by using multi-factor authentication (MFA).
- Avoid sharing too much personal, work-related, or sensitive information on social media.
- Be mindful that not all downloads are safe, and some may contain malware.
- If possible, avoid connecting to public Wi-Fi networks, primarily if a password does not protect them and you are not using a VPN.
- Keep all software, apps, and internet browser updated.
2. Educate employees about the most common online threats
What are some common threats your employees may encounter while browsing the internet?
Phishing and other social engineering attacks: As you know, there are many social engineering attacks employees may come across, most of which rely primarily on human error. Phishing continues to be the one that is most frequently used. In this case, knowledge definitely is power, so help your employees Get to know various social engineering attacks. And, of course, encourage your employees to contact you if they encounter anything suspicious.
Malicious plug-ins: Your employees may want to upgrade their browser by downloading one or more accessible plug-ins. But before they do so, remind them that some plug-ins can be used to collect your data or install malware on your device. Thus, inform all staff to opt for verified plug-ins.
DNS poisoning: When an employee writes a website’s name into their search bar, a domain name system (DNS) “translates” it into an IP address to redirect them to the page. Unfortunately, hackers can alter some pages’ DNS, so they could be taken to a malicious website. Reliable security solutions, such as ESET PROTECT Advanced can help prevent attacks like this.
Man-in-the-middle attacks: As cybercriminals can position themselves between two parties – such as the website and the user – to collect sensitive data or install their software on the user’s device, employees should always follow basic security principles while connecting to Wi-Fi. Warn your employees that this is a particularly common attack while connecting to public Wi-Fi.
Malicious links: Apart from being careful about what they download, employees should always be cautious when clicking on any links. Malicious links can present themselves as seemingly legitimate (while often hardly believable) ads. Once clicked, criminals may install malware on their computers or take them to a malicious site. Employees must remain vigilant, avoiding unknown links or suspicious-looking pages.
3. Help employees to recognise dangerous websites
Here are some tips for you to directly share with employees to help keep them safe while navigating the internet:
Look for misspelt URLs and ambiguous characters. Have you ever heard about homoglyph or homograph attacks? Cybercriminals may create a page with a name similar to another site, and the change is often difficult to uncover.
|
Homoglyph attack Can you spot the difference between “Linkedln” and “LinkedIn”? While the latter refers to the well-known social media site, the former includes a lowercase “L” instead of a capital “I”. This trick may lead you to a malicious site if registered by hackers. |
Typosquatting is a similar type of attack employees need to be aware of that uses typos in the name. Some websites have bought other domains to protect users from fighting this issue. For instance, you can access Google both through gooogle.com and gogle.com. To avoid falling victim to typosquatting or homoglyph attacks, encourage employees to check links and website names carefully, especially if visiting a page where they may need to fill in login details.
Check the website online. Google, for instance, offers a Safe Browsing site status, where you can enter a link, and the tool will analyse the address. You can also use VirusTotal’s URL checker or the Who.is page, which should give you more information on the site’s owner or registration date.
Look for the privacy policy and contact information. If you’ve entered a site and are uncertain whether it is legitimate, look for the attributes that secure pages usually have.
Don’t view HTTPS as a clear sign of security. If a website has an HTTPS protocol, it only means that the communication between the site and the user’s browser is encrypted. It gives us no information on the legitimacy or security of the actual site – even hackers can obtain an SSL/TLS certificate. If you want to learn more about the HTTPS protocol, you can check the agency that issued the certificate by clicking the padlock icon in the browser’s address box. If the agency is trustworthy, the site you are on is probably safe.
Trust your gut. If a website looks suspicious to you – for instance, because it is filled with links and ads popping up every second – believe your instincts and leave the page.
4. Use a reliable digital security solution
If you want to protect your employees, even in their free time, count on reliable security solutions like ESET PROTECT Advanced. It can scan a website and look for potential dangers or compare a page to a blacklist of known dangerous sites. With a good solution, you can enjoy the benefits of the online world to the fullest.
