20+ Simple Cybersecurity Awareness Tips for Your Organization

It's no secret that cybersecurity threats are on the rise. Cybercriminals continue to become increasingly creative and sophisticated in their attacks.

Meanwhile, on the prevention side, the cost of cybersecurity insurance quotes continues to climb as well. In Q1 of 2022 alone the average cost of cybersecurity premiums increased by 28%.

While companies might have robust technical defenses against malicious attacks, it’s just as important to ensure that they’re also equipping their staff appropriately. In this sense, the knowledge they need to prevent a data breach through basic security awareness practices.

That's why we've put together this helpful list of 20+ simple cybersecurity awareness tips for your organization—taking into account both technical best practices and day-to-day habits to keep your company safe from hackers!

Table of Contents

Keep software up-to-date

Software companies will push updates every few months. If you have an iPhone as I do, it feels like there’s some sort of update every other month. Keeping up with software updates has three benefits:

  1. Add new features

  2. Fix known bugs

  3. Upgrade security

Upgrading to the latest version of your software protects you from malicious actors. Make sure you take the time to click “install update” to protect yourself from new or existing vulnerabilities. If you don’t feel like constantly checking for updates, you can turn on automatic updates in your operating settings.

Avoid opening suspicious emails

The FBI’s research on phishing scams revealed that it’s the third most common type of reported scam. In fact, 54% of all digital vulnerabilities in 2020 involved phishing scams.

Why am I telling you this?

Hackers will go to extreme lengths to get someone in your organization to click on a link in an email. You need to be vigilant and on guard whenever you spend time in your inbox.

You probably have some sort of phishing training at your organization. If you don’t, then you should look into implementing it.

In the meantime, there are 5 common signs of a phishing attempt: 

  1. The subject line is empty

  2. There is a sense of urgency

  3. The call to action creates fear

  4. There are errors in the message

  5. There is a domain redirect

If an email looks suspicious, don’t click on it. Report it to the IT department in case other coworkers also got the questionable email.

Speaking of suspicious emails, you should also be wary of suspicious links.

Links are easily disguised as something they are not. Because it’s so easy to conceal malicious intent, it’s best to double-check the link when you click on the hyperlink.

On many browsers, you can see the full URL when you hover your mouse over the hyperlink. Make sure this becomes a habit so you don’t click on something you shouldn’t.

Double-check for HTTPS on websites

While checking on suspicious links, take the time to double-check for HTTPS on websites. 

Why?

If you are on a website that doesn’t use HTTPS, you cannot guarantee the security of your information. You see, when you are on a website, there is some type of information sharing between you and the site’s server. HTTPS helps make this sharing secure and safe.

Make sure that the websites you use have these letters in front of the URL. For example, this blog post starts with https://etactics.com/. This way, you will know you won’t be giving away personal or private information without any sense of security.

Slow down

We’re all busy with work. We have things to do, stuff to accomplish, research to conduct, and deadlines to meet.

In all of the chaos, employees go through, we need to slow down. This is especially true after you take a look at the scientific research that determined that rushing through work means more mistakes.

Slow down when going through your mailbox. Think twice before clicking on a link.

By taking a few extra seconds to analyze the validity of the email or message, you can prevent a massive data breach.

Add end-to-end encrypion to your email

While we are on the subject of the email, add end-to-end encryption.

It’s no surprise that unencrypted data gets compromised more often.

This ensures your data stays safe from the moment you start a draft to the moment you delete it from your trash folder. Once you have this encryption, all you have to do is make sure it stays up-to-date.

Encryption means that hackers won’t be able to intercept the email and use it to their advantage. They won’t be able to steal your email address to impersonate you. They won’t be able to steal the recipient’s email address to trick you either.

Keep hardware up-to-date

Keeping hardware up-to-date is just as important as keeping software up-to-date.

Outdated hardware is often overlooked when compared to software, but legacy systems do cost around $337 million per year to maintain.

Outdated hardware might not be able to support the most recent software updates that keep your systems secure. Updating your hardware prevents this problem from happening.

To make matters worse, old hardware makes it slower to respond to cyberattacks when they happen. Make sure you can handle a data breach. After all, it's not a matter of “if” it happens, it’s a matter of “when” it happens.

Use a secure file-sharing solution to encrypt data

Are you working a job where you regularly share confidential information?

If you work with information like Protected Health Information (PHI) or Personally Identifiable Information (PII) as we do at Etactics, this section applies to you.

You need to start using a secure file-sharing solution. Regular email isn’t meant for exchanging sensitive documents. This is because if someone intercepts the email, unauthorized users will gain access to the sensitive data.

Use a solution that automatically encrypts sensitive files. If it is automatic, it is one less thing to worry about when a breach happens.

Remember: your files are only as secure as the tools you use to protect them.

Evaluate how you share customer data

Speaking of PII, most companies use some kind of CRM, or Customer Relationship Management software.

This is a tool organizations use to maintain and manage client data.

The data stored in a CRM falls into the category of PII, which means that it's protected information. This is also true for all of the credit cards and billing information stored in the software.

You need to make sure the data flowing through your CRM remains secure. One way to do this is through layered encryption, but it's not the only answer. Take the time to evaluate the safety of customer data within your organization.

Use antivirus and antimalware

When connected to the internet, it is impossible to be completely and totally protected, especially from malware. This doesn’t mean that you can’t ever have internet access. It means you need to add some software to your arsenal.

Studies show that antivirus detects malicious software at a confidence level of 90% to 98%.

You need to actively use anti-virus and anti-malware software. This way, you can significantly reduce your vulnerability against bad actors. Protect yourself to the fullest by having an antivirus and at least one anti-malware installed on your organization’s computers.

With that said, make sure you install these programs from a known and trusted source. Otherwise, you could find yourself downloading malware instead.

Ditch you reused passwords!

Put more effort into your passwords. Don’t use the same password for all of your accounts. If you need to use numbers and characters, don’t use 123! or [year]! since these are easily cracked.

Why put in the effort?

Data breaches often involve the leakage of user credentials, including passwords. This can completely cripple someone’s life if they use the same passwords across many accounts.

For example, imagine your email gets hacked and you now have a compromised password. You use the same password for your bank account, vanguard account, and fidelity account. Now the hacker has access to all of your financial information and can steal your money!

Not to mention the fact that one of the largest breaches within the last few years occurred because of poor password management. Of course, I’m referring to the 2019 attack on Solarwinds. It’s estimated that the cost of that breach was upwards of $90,000,000

The best way to protect yourself is to use a password manager to create complex, unique passwords for each account. Although it may take time to implement, password diversification is worth the effort.

Apply multi-factor authentication

Multi-factor authentication, also known as two-factor authentication, may seem like an annoying step in the login process. As annoying as it might be, adding extra security to your login can prevent hackers from breaking into your accounts.

It only takes a whole extra five seconds!

Even if someone gets ahold of your password, multi-factor authentication makes it so the intruder can’t get into your account without your phone or other verification methods. At the end of the day, it is another layer to protect your information.

But how effective is it? At the end of 2021 Google auto-enrolled 150 million of its users into multi-factor authentication. That stunt led to a 50% drop in compromised accounts.

Never leave devices unattended

Hackers don’t just use the internet to try to get into your devices. Bad actors can also physically snoop while you are in the bathroom or on a lunch break. The physical security of your devices is important.

Here are some good tips to start with ensuring physical security:

  • If you leave your device for any length of time, lock it up so no one else can use it.

  • If you keep data on a flash drive or external hard drive, make sure you install some sort of encryption and lock it up.

  • If you have a desktop computer, lock your screen or shut it down when you aren’t using it.

Scan external storage devices for viruses

What is an external storage device?

You might not realize it, but USB flash drives, CDs, and even floppy disks are all considered external storage devices. Obviously, you don't have to worry about outdated technology, but many people today use an external hard drive to store information.

The problem is that external hard drives are prone to malware too. If you connect an infected device to your computer, the malware will take over.

For example, there was a slew of fake Microsoft Office flash drives sent in the mail in 2022. The USB drive had an engraving with the official Office logo and came in seemingly real Microsoft packaging. Everything looked legitimate until the recipient plugged in the USB stick. Instead of installing Office programs, it encouraged users to call a fake support line where the hackers would install a remote access program into the victim's computer.

To avoid situations like this, always scan external devices for malware before accessing them.

Avoid using public networks

It might seem like a good idea to head to the local cafe, log in to the local public wifi, and work while enjoying your drink. However, this is not recommended from a cybersecurity perspective.

When you connect with a public network, you are actually sharing it with all the other devices connected to it. Any information you send or retrieve on the network is vulnerable. This includes passwords to financial accounts, confidential emails you send to clients, and all documents you download from the cloud.

The best thing to do to protect yourself is to stay away from public networks. If that isn’t possible, use a VPN to protect your information.

Avoid the "secure enough" mentality

Chances are, you don’t live completely isolated from the world.

You likely have a phone or laptop since you are reading this blog. Since you actively use technology, there is no such thing as “secure enough”.

The biggest companies in the world like Meta, Apple, and Microsoft have to deal with data breaches despite investing millions into their cybersecurity framework.

For smaller companies, you must ditch the “secure enough” mentality. It will come to haunt you when hackers decide to target the company.

Back up important data

It's possible to lose important data after a security breach.

Maybe a hacker’s holding your data hostage while demanding a ransom. Maybe malware went through your computer and completely messed up the system. Either way, the only guaranteed way to repair a computer is to erase everything and reinstall the system.

To make sure you can restore your files, you should back up your data frequently. You could do this through a local storage device like an external hard drive or the cloud. These backups ensure you can restore the data after compromised computers are safe.

Employee a "White Hat" hacker

There are a lot of bad hackers out there who want to get rich by stealing from others. They use sneaky tactics to rob people of their information and money.

However, not all hackers are bad. A “white hat” hacker is someone who exposes security risks for the sake of helping others. They do this to show organizations how they can improve their cybersecurity. Their job is to keep others aware of security flaws and show them where to put patches.

By hiring one, you take an active role in understanding how to improve your cybersecurity framework.

Train employees

The key to cybersecurity is knowledge.

Well-trained employees are in sync and constantly practicing cybersecurity safety. The more you train your employees, the less likely you are to endure a breach.

Potential training topics include, but are not limited to…

  • Malware

  • Virus

  • Ransomware

  • Insider Threats

To train your employees on these topics and more, click here.

Look at cybersecurity when working from home

Speaking of employees, we must discuss cybersecurity when working from home. Even though there aren’t too many restrictions caused by the 2020 pandemic, some companies still utilize a work-from-home policy. This creates new challenges and cyber threats companies need to address.

In fact, many cybersecurity publications forewarn organizations of the risks associated with remote employees.

One of the easiest ways to ensure safety while working remotely is to have employees use a company VPN. This way, a computer remains secure no matter where the employee is working from.

Contruct a safety net for human error

I alluded to this before, but people are a huge safety risk. Human error is the cause of 88% of breaches around the world.

That’s why you need to train your staff thoroughly.

That said, we are all human. We all make mistakes with cybersecurity. The question we need to ask ourselves is, “how do we minimize the risk? What do I do to mitigate damages?”

Encrypting certain types of data helps ensure that even if hackers get their hands on your data, it will be useless to them. You should also implement a “revoke” feature. This lets you revoke someone’s access to shared data at any time. Both of these can help you take immediate action to mitigate risk.

Revist your breach prevention plan

Ransomware attacks and data breaches are on the rise. Now more than ever, it is important to take a look at your breach prevention and response plan.

Make sure it is up to date. Double-check that everyone understands their role in preventing and responding to an incident. Fill in any gaps in the plan if there are some out-of-date policies

When evaluating your plan, ask yourself these questions:

  • Are we just protecting our systems or networks?

  • Are we protecting the data itself?

  • Is the data protected everywhere it travels?

Asking yourself these questions can point you in the right direction.

Conclusion

As I'm sure you've gathered after reading this blog post, cybersecurity is ever-changing and evolving.

But, nothing from a cybersecurity perspective can start without awareness. Hopefully, the cybersecurity awareness tips provided throughout this blog post helped you understand where to begin when it comes to increasing your organization's or personal cyber hygiene.

If not, leave a comment below or contact us and we'd be happy to get you started on your journey to a better cybersecurity posture. What other questions do you have about cybersecurity?