Best Practices for Employees and Organizations to Keep Networks Secure

best cyber security practices for organizations and employees

Network security is becoming increasingly important as threats from malicious actors continue to evolve and incidences of cyberattacks continue to occur every single day. With the advancement in computer technology, cybercrime is evolving too, and attacks are becoming more sophisticated and successful. As recently as May 2021, a ransomware cyberattack on Colonial Pipeline led the pipeline company to temporarily halt its operations, pay the ransom and incur heavy losses. However, it is not just big companies being targeted, medium and small businesses are also vulnerable to cyberattacks. Businesses and employees should take preventive measures to ensure no unauthorized access, malfunction or misuse of the network infrastructure takes place.   

Cybersecurity Best Practices

IT teams work relentlessly to secure an organization’s network and maintain oversight of the entire network infrastructure. They monitor for unauthorized movement of data, prepare business continuity plans, and enforce the IT security policy.  However, employees need to be aware that negligent user behaviour can compromise the business’ network no matter how diligent the IT team is. Employees should know the basics of cybersecurity and follow best practices which can go a long way in protecting the organization from cyberattacks.

Use Strong Passwords

Guessing passwords remain the oldest and simplest way for cybercriminals to gain unauthorized access to an organization’s network. To prevent this, it’s important to choose passwords that are unique and complex. Strong passwords are usually more than 10 characters long and are composed of both upper-case and lower-case letters, numbers, and special characters. Passwords also need to be changed on a regular basis. Multi-factor authentication adds an extra layer of protection by requiring you to enter a one-time password sent to your mobile or email address. This ensures that the right person is gaining access to the network.

Recognize and Avoid Phishing Scams

Phishing is one of the most popular and successful means a cybercriminal uses to gain personal data as well as access accounts and networks. In phishing scams, perpetrators send seemingly legitimate emails with links that open popups which are embedded with viruses or malware or may ask you to enter personal or confidential information. Don’t click any links or provide any information in an email from an unknown user or an email you weren’t expecting. Perpetrators often impersonate legitimate accounts so be extra wary when opening emails with links and suspicious content. Users should always double-check the legitimacy of the email before clicking on the links.

Use USB Flash Drives with Caution

USB flash drives can carry viruses and malicious code. Most computers have an autorun feature enabled that automatically opens media and programs in removable drives including USB flash drives. Any malicious code in the infected device may get executed the moment it is plugged in. It is good practice to disable the autorun feature to mitigate this risk. Additionally, one should keep personal storage devices separate from those used at work. If a USB flash drive is needed at work, it should be thoroughly vetted by the IT team.

Use Security Software

Most anti-virus programs can identify, prevent, and eliminate threats to devices and the IT network. They continuously scan the system and detect suspicious files and provide real-time protection from malware. A firewall is the first line of defence of the network. Firewalls can monitor incoming and outgoing data and regulate the network traffic based on rules set by IT policy. Firewalls can prevent unauthorized access to the network as well as block access to unsafe websites.

If you’re accessing the company network on a public wi-fi network, it’s strongly recommended to use a trusted Virtual Private Network (VPN). VPNs can ensure that the connection remains secure. Furthermore, regularly installing security updates for software including operating system, firmware and applications can protect against the latest threats and vulnerabilities.

Protect and Back-Up Data

While cybercriminals mainly attack networks to gain access to data, they also use data to commit fraud and cybercrimes. As an employee, you should be careful not to leak or otherwise provide unauthorized access to company or personal data. The latter can be used to impersonate and carry out sophisticated phishing attacks.

Despite precautions, there is always a possibility of a data breach or malware attack which can result in lost data and service outages across the company. Backing up data to secure locations regularly can ensure business continuity even after an incident.

Communicate with Your IT Team

Your IT team has an in-depth understanding of the threat landscape and actions to be taken to mitigate those risks. But even they might not be aware of all threats. It’s important to share any suspicious emails or activity with your IT team so they can take corrective measures.