3 Best Cybersecurity Practices - In and Out of the office
In this comprehensive article, we invite you to dive into the realm of cybersecurity 101. Discover the essential knowledge and gain practical insights into safeguarding yourself against common online risks, including phishing and brute-force attacks.
Equipped with our expertise, we present you with three invaluable best practices that will empower you to navigate the digital landscape with confidence. Whether you’re working within the confines of the office or venturing beyond, these practices are designed to fortify your defenses against potential threats.
4 types of devices
Generally, there are 4 types of devices in office work we are normally dealing with.
1. Company devices
Owned, controlled, and managed by a company, such as desktop computers, or notebooks for people who are frequently on the move for business purposes.
2. Personal devices
Owned, controlled, and managed by an individual, such as personal laptops, tablets, mobile phones, among others.
Ideally, personal devices should not store any company data prior to the company’s consent or acknowledgment. And this leads us to the 3rd kind of device, BYOD.
3. BYDO (bring your own device)
BYOD trend is on the rise, as an increasing number of personal devices are used for non-personal (work) purposes.
BYOD is done for many reasons, but one most common reason is for the convenience of both sides: the person who uses the device(s) and the company.
However, when business confidential information can be accessed from such personal devices, special agreements are normally made between the device owners and the companies. And extra security setups are done on the devices by a company’s division-in-charge, typically ICT department.
4. Public devices
Computers, tablets, or similar devices which are usually made available for public use.
Such devices are typically seen in public spaces, such as public libraries, art museums, internet café, hotels, to name only a few.
One thing to keep in mind when using public devices: All accesses that require identifiable personal data, such as: your personal or work email accounts
social media, storage clouds or anything that requests you to key in your own usernames and passwords before access should never be done on public devices. No one can assure you how your personal data is going to be stored, retrieved, and used by the owner and other users of the same devices you are using.
3 Best Cybersecurity Practices — In and Out of the Office
1. Your own responsibility
a. Bad passwords
People sometimes take to unhealthy and uninformed habits online for the sake of their convenience. However, there’s always a trade-off between convenience and cybersecurity.
People can become extremely lazy at (or simply under-appreciate the significance of) creating passwords strong enough against potential scams like brute-force attacks. There are situations when hackers adopt the hit-or-miss approach, experimenting with numerous passwords until they luck out and strike gold with the correct passwords.
b. Two-factor authentication dismissal
As cyberattacks are on the rise, and the number of cybersecurity measures also increases to bring the situation under control, more and more cybersecurity solutions for online users are introduced. One such measure is two-factor authentication (2FA).
Two-factor authentication is a method designed exclusively to doubly-secure online accounts. In fact, 2FA adds another level of security on top of the typical username-and-password protocol, and makes it additionally challenging for cyber thieves to steal online users’ private information.
For those who are aware of it, or have used it at least once: 2FA is still underestimated for its scam-proof importance. It even comes off intimidating for some people as the 2-step verification process goes.
c. Time-pressure and ‘asap’ traps
Time-pressure and the sense of urgency (‘getting things done asap’) are our psychological weaknesses—the Achilles heels, that are usually targeted at by cyberattackers.
One of the most common and “easiest” ways for a cybercriminal to get your personal data is through phishing emails, which normally pressurizes you to do something quickly. In such emails, they would claim they are doing something for your own good, and tricking you to give up private credentials to your bank accounts, for example, by setting you up in a false “asap” trap.
“They will typically word it with a view to making you want to take action immediately.
So, for example, they might send a security warning and ask you to click on the link to restore access to your account. If you do so, you will arrive at a site that looks like your bank’s site, but that is geared at gathering your username and password.”
d. Large friend lists
Another human flaw that Internet scammers can manipulate is our fancy over big friend lists.
Not being picky at whom you are befriending online, such as Facebook, Twitter, or LinkedIn, leaves the door wide open for these online scammers to trace your digital footprints and collect the personal information you leave virtually—be it your home address or your company policies. They would then use it to craft a story that is totally and personally convincing for you in attempts to scam you with their phishing emails.
2. Network security
a. Company network
The most secured network that is set up, controlled, and actively monitored by a dedicated department of a company (i.e. ICT division) to detect and identify any unauthorized behaviors on the network at an early stage.
Oftentimes, this kind of network boasts different zones to meet various demands for Internet use in a corporation.
b. Private network
The second-most secured network that is typically provided and used in the privacy of a person’s home-setting (ie. not shared with neighbors) by an Internet contractor, with fewer layers of security compared to Company network, and no dedicated network-monitoring personnel overall. Also known as fixed broadband.
Some of the best Internet providers are AT&T Wireless and Verizon Wireless (in the US), Swisscom and UPC (in Switzerland), FPT and VNPT (in Vietnam, where Axon Active ODC and OTC are operating), just to name a few.
c. Cellular network
A network for mobile devices that is more or less as secure as Private network.
It’s the Mobile network that people use on the move (also known as mobile broadband), such as 3G, 4G, or 5G,.., provided by a mobile internet provider.
d. Public network
A network with the lowest level of security.
What makes this type of network least reliable to use is its typically going without any security layer—even in the case it uses encryption, usually a password, it’s known by everyone! Your private information and personal data will be most at risk of getting sniffed. For that reason, all businesses should be done over secured networks, such as full-tunnel VPN.
3. Latest updates for your devices, firewall, and antivirus program
One of the most proactive and effective defense methods against cyber threats is to make sure your devices are always up to date.
Besides desktop computers, laptops, and mobile phones, these devices come in a variety of shapes and sizes as far as the latest technological advances are concerned, e.g. SmartTV, IP phones, webcams, IoT devices, baby phones, Google Home, or any devices connected with the Internet.
Once your devices get the latest firmware updates, their built-in firewall and antivirus software will also get the updates essential in your fight against cyber threats.
