16 May 5 Cyber Security Best Practices Every HR Executive Should Know

Cyber attacks on companies are becoming more frequent and costly – and they aren’t expected to stop anytime soon. Because of this, IT shouldn’t be the only department responsible for protecting companies against hackers. Skilled cybersecurity specialists are valuable, but they’re only one line of defense.

According to a study by Wombat, a cyber security firm, many employees rely excessively on IT teams to detect and fix malicious software. In reality, IT professionals can only do so much. There are several important guidelines that all employees be aware of and follow to protect their companies’ data and systems. Here are some of the cyber security best practices that HR executives should know.

1. Use a Firewall

A firewall is a standard line of defense against any cyber attack for both home and the office. There are two types of firewall; an internal firewall and an external firewall.

What’s an Internal Firewall?
An internal firewall faces your trusted networks, like your LAN. As such, they help filter connections from trusted hosts headed somewhere else.

What’s an External Firewall?
An external firewall is once that faces untrusted networks, like your internet. Because of this, they help filter connections from your internet.

An external firewall is common, most people use it in their home networks. However, more and more companies are slowly installing an internal firewall for added protection.

Since a firewall is often the first line of defense against cyber attacks, as an HR executive, you should encourage your employees to install a firewall on their home devices, should they choose to work from home.

2. Safe password policies

Passwords are often the first line of protection against any unauthorized access to your computer. The basic idea behind passwords is, the stronger the password, the higher the level of protection your computer has.

The first thing you should know about safe password policy is that a strong password doesn’t necessarily have to be a hard password. For instance, “aBDf1236!^))zzbdbz” is a strong password, but it’s not a good password to remember. Employees might write the password down and leave it on their computer or an app on their phone. Cybersecurity breaches are often the result of a mistake from someone in the company.

A better password would be to take a sentence or your favourite sport or hobby and amending it to include all the numbers, symbols, and uppercase letters needed. For instance, if you love basketball, make your password, “iLov3baSketBaLL!!”  to make it easier to remember.

Learn more about the best practices for passwords here.

3. Educate employees to take extra steps to ensure maximum protection

First things first, all companies should use Linux instead of Windows or OS software on their computers. We’re kidding! You don’t have to use the best software to ensure maximum protection. It’s always important to remember that cybersecurity protection is a habit – not a process. And that it is up to the HR executives to build that process, to ensure that habit.

Below are some additional steps that will be useful:

• • Admin rights should only be reserved for employees who need it. Normal users do not require admin rights.
    
  • 2FA authentication should be used especially when accessing information outside of the company.
  • A VPN (Virtual Private Network) should be used by employees to access company resources.
  • Strong passwords, and password protection.
  • Encourage employees to NOT send out their username and password credentials to other members of the company via email or through the computer.
  • DO NOT leave your company access cards lying around. Unfortunately, it is very easy to duplicate these cards, allowing anyone to gain the same access as you.

   

  4. Be wary of phishing attempts

  

  Phishing is one of the easiest forms of cyber attacks for a criminal to carry out. This is usually carried out via email – although phishing can also be carried out on social media. According to ZDNet, a basic phishing attack wants the target to hand over passwords, or bank details to the scammer.
  
  Here are some qualities to look for in a phishing email:

  • Phishing emails always feature messages that require immediate attention. However, a well thought-out phishing email might say something along the lines of, “your credit card is due in one day” or “your password has already expired”.
  • Sometimes, it might contain messages that sound attractive instead of threatening. The message might be, “congratulations, you’ve won a prize”.
  • Usually, phishing emails will feature a reply email that’s different from the sender’s email.
  • The contents of the email might contain text, logos, and pictures used on legitimate websites to make it look genuine. It will use similar words or tone as the original website.
  • The email might contain hyperlinks that will take the recipient to a fake website. The website might contain a form for the recipient to fill in, which allows scammers to collect the information they want.

  
  Learn more about phishing concepts and techniques here.
  

  5. Be skeptical about everything

  

  
  Skepticism is your best protection against cybersecurity threats. In the case of phishing emails, it’s best to be skeptical even if the email is correct.

  Be proactive and consider:

  • Double checking with the sender regarding the email. Preferably using another mode of communication.
  • Ask questions that only the sender will know, to help verify.
  • Explain that you don’t trust the email and the reasons why. Keep in mind that if they’re truly your colleague, they will not mind.

   

  These are some of the steps that HR executives and employees in Singapore can take to protect themselves and their companies’ data. But there is only so much HR executives can do.

  Consider outsourcing your cybersecurity headaches to a professional vendor or a network/systems engineer. Find out more about Cyberstein’s services here.