October is Cybersecurity Awareness Month, and HR plays a key role in encouraging safe behaviors as well as in raising awareness within the organization. This month, our Information Security (InfoSec) team is sharing some tips with HR professionals on how to own, secure, and protect IT so that you can share with employees to encourage personal accountability and proactive behavior on security and digital privacy.
Own IT: Staying Safe on Social Media
On each social media platform, users have the ability to connect with almost anyone, anywhere, but this level of connection comes with some risk, particularly for vulnerable groups like children. It’s important to use caution when interacting on Facebook, Twitter, Instagram, Snapchat, LinkedIn, and elsewhere.
- Think Before You Post: Do not publically share personal details that could be used to guess the answers to security questions used on other sites to verify your identity, the street you grew up on and your first pet’s name. Think twice before posting that you’re vacationing, and maybe wait until you get home or change your privacy settings to only allow your trusted friends to view your posts to limit who knows your house will be empty for an extended period.
- Lock Down Your Account: Use long, unique passphrases for each social media account and enable multi-factor authentication, especially when connecting a new device to your account. Most social media sites today allow you to use either an authenticator app like Duo or an SMS texting code as your multi-factor authentication method to log in.
- Be Aware: Phishing email tactics apply to social media too. Use caution even when clicking on links shared by friends. Social accounts are easily compromised.
- Work it Out: Be aware of your organization’s social media policies, including whether you can post about work on your personal accounts. Take extra care not to share private company information that is not intended to be shared publicly.
Secure IT: Phishing Quick Bites
Phishing is a frequent topic because it is still one of the most common tactics used to attack web users. Here are some quick phishing bites of red flags that should trigger you to think before you click:
- Unusual tax document or gift card requests
- Unofficial email addresses with attachments and links that might look legitimate at first glance
- Emails that require “urgent action”
Also, beware “vishing,” which is phishing via phone call (eg, fake Microsoft or IRS calls), and “smishing” or “SMShing,” which is phishing via text messages.
Protect IT: Quick Wins
All this vigilance can be overwhelming and exhausting, so here are some quick wins around protecting your electronic devices, accounts, and secure information:
- Update Everything: Staying current on updates to software, applications (like web browsers), and operating systems help keep you protected against the latest threats.
- Treat All Wi-Fi with Suspicion: Hackers can easily set up a Wi-Fi network that mimics one you’re familiar with by using the same name as a local coffee shop or hotel. Connecting to a copycat network will mean they can intercept all of your communications, including transaction and banking information.
- Follow Protocol on Corporate Devices: When connecting corporate devices to a public Wi-Fi network, be sure to use a VPN (Virtual Private Network).