Cloud and mobile technology come with big advantages for businesses. They make remote work possible and allow companies to share information with consultants. While these technology solutions mean that employees can stay in touch from conferences, site visits or basically anywhere, they also increase the risk of a cybersecurity breach.
This evolving threat landscape, coupled with the terrible PR scenarios caused by data loss, has made cybersecurity a top priority for many of your clients. Now is a good time to help these clients improve their cybersecurity. Here are five tips to share with your clients.
1. Keep Passwords Secure
Most programs require users to create strong passwords. That is passwords that contain upper and lowercase letters, numerals and special characters. (If your clients aren’t already using a system that requires strong passwords, tell them it’s time to change that!)
Unfortunately, since many employers require their staff to maintain unique, strong passwords for several different programs, it can be difficult for employees to remember all of them. The result? Many people write them on sticky notes and post them on their desk or computer monitor. This is a bad idea.
Instead, encourage your clients to use a password manager. There are many products out there that will remember all of your passwords for you. Most of them will generate secure passwords as well. Dashlane, RoboForm and Sticky Password all offer free password manager tools that are highly rated.
2. Learn to Recognize Phishing
Cybercriminals are getting smarter and their phishing emails are getting harder to detect. Teach your clients how to recognize these messages and tell them to pass that information on to their employees. No one should ever click a link or open an attachment from a suspicious sender.
Here are a few classic phishing signs:
- The email comes from a sender you don’t recognize and asks you to sign into a site or change a password.
- The email claims to contain an attachment or a link to a document from HR, IT or another department within your own company. However, you don’t recognize the sender.
- The email includes embedded URLs that take you to a different site. For example, the URL might look like this: www.legitmateURL.com. But when you hover your mouse over that link, you can see that it will actually take you to www.maliciousURL.com.
- The email includes spelling and grammar mistakes. No legitimate company would send an email to its customers without proofreading for errors. When an email includes these types of mistakes, chances are it was written by a scam artist.
- The email contains a threat. If an email claims that your account will be closed, criminal charges will be filed or you will lose a lot of money, be wary. Phishers use these types of threats to stoke anxiety and get you to click.
3. Back Up Your Data
Some cybercriminals use ransomware to steal your data. They then demand a ransom to return it to you. If your clients back up their data, they are instantly protected from this type of attack.
4. Don’t Install Software or Hardware on Company Computers Without Permission
Since malware can be difficult for the average person to detect, it is important that your clients do not allow employees to install anything on their computers before a knowledgeable IT manager takes a look at it.
5. Always Use a Secure Wi-Fi Connection
Not all Wi-Fi is secure, especially free Wi-Fi in public places. If your clients have employees or remote contractors who like to work out of their local coffee shop, they might want to consider investing in a virtual private network (VPN). A VPN routes your connection through a private server, hiding your online activity.
If a VPN isn’t possible for some of your clients, tell them that they should encourage their employees to only log on through a secure connection, either at home or at the office.
If your clients need more help assessing their level of cyber risk, encourage them to use Zywave’s Cyber Risk Exposure Scorecard. You can download it for free.