As CISOs and DPOs, positive cyber security habits are second nature to you. The challenge comes cultivating positive cyber security habits within your organisation and your employees.
These habits serve as the foundation for a strong security posture and help mitigate the risk of cyber attacks.
There are fundamental and key positive cyber security habits that every organisation should foster in their employees to protect sensitive data, ensure compliance regulations are met, and protect reputational interests.
We will run into each in a little bit more detail below but here’s a quick rundown:
1. Regularly update and patch
Keeping software and systems up to date is one of the fundamental cyber security habits that organisations should prioritise. Organisations should encourage their employees to actively and regularly update operating systems, applications, and security patches to address vulnerabilities and protect against known and emerging exploits.
CISOs should encourage employees to enable automatic updates whenever possible to ensure they are benefiting from the latest security enhancements.
2. Strong password management
Strong password creation and management plays a crucial role in safeguarding sensitive information. Because we use passwords, codes and phrases, every single day, employees can get complacent and passive about them. CISOs should encourage employees to create strong, unique passwords and use a password manager to securely store passwords for their various business-related logins.
Your organisation should also implement multi-factor authentication (MFA) wherever possible to provide an additional layer of protection and an authentication check in front of all confidential actions and data. Use internal communication channels to regularly remind employees to change passwords and flash top tips on the latest password advice.
3. Phishing vigilance
Phishing attacks remain the most common and efficient methods used by cyber criminals against both individuals and organisations. You must educate employees about the distinct types of phishing attacks and the signs to look out for, such as suspicious addresses and grammatical errors.
Cyber criminals are always looking for new ways to supercharge their phishing emails to make them blend into legitimacy. In recent instances, cybercriminals have been using AI (Artificial Intelligence) language models to generate convincing and error-less phishing email copy and, in some larger cases, also generating encryption-based ransomware code to attack to malicious emails.
You must encourage employees to verify the authenticity of all emails and avoid clicking on suspicious links or downloading attachments from unknown sources.
4. Respect data privacy and confidentiality
Data privacy and confidentiality must be a constant in any organisation that handles data and clients. With laws and regulations enshrining data privacy and confidentiality rights such as GDPR (General Data Protection Regulation), it is your organisation’s duty to show compliance.
CISOs must ensure that employees understand the importance of handling sensitive data with care. You can do this by encouraging the use of encryption when transmitting or storing sensitive information and the correct use of data classification protocols.
5. Beware of unverified USB drives
Positive cyber security habits do not simply refer to digital behaviours but also physical ones. One such physical positive habit you must replay to your employees is to be cautious when using USB drives or connecting external devices to company computers. Remind employees not to insert unknown or unverified devices, as they may contain malware or other malicious files that can compromise system security.
6. Clear desk, clear screen
You must also emphasise the importance of securing physical workspaces when stepping away. Encourage employees to lock their computers when leaving their desks and store sensitive documents or devices in locked drawers or cabinets. This habit helps protect against unauthorised access and physical theft.
7. Keep your finger on the pulse of emerging threats
Stay Informed about Latest Threats: Encourage employees to stay informed about the latest cyber threats and trends. Share relevant articles, newsletters, or security bulletins to keep employees updated on emerging risks and techniques employed by cybercriminals. This habit enables employees to adapt and respond effectively to evolving threats.
8. Encourage swift reporting
You must accept that some cyber breaches and attacks are inevitable. This is why you must encourage an employee culture that is not afraid to report a breach or potential breach. You must make employees feel comfortable reporting security incidents.
To do this, you must establish clear and easy-to-access channels for reporting incidents, such as a dedicated email address or a designated IT support team number. You must also make it clear for employees that even if they have a small suspicion or little evidence of a breach, they should still run through the reporting protocols.
By promoting these positive cyber security habits among employees, organisations can significantly strengthen their overall security posture and minimise the risk of cyber incidents.
Remember to provide ongoing training, awareness campaigns, knowledge development and behaviour change campaigns to support employees in adopting and maintaining these habits.
If you would like more information about how The Security Company can help you to encourage positive cyber security behaviours or how we can run a behavioural survey to pinpoint lax behaviours and gaps in your security armour ... please contact our Head of Business Development and Sales, Jenny Mandley.
The Security Company's vast library of customised and non-customised products and services are tailored for small, medium and large organisations and are available in a variety of languages. We also offer bespoke solutions for organisations that desire training and awareness materials built from the ground up.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51
