10 Steps Employees Can Take to Protect Against Cyber Attacks

Person at desk using mobile phone

When we think about protecting organizations against cyber threats and ransomware attacks, we typically think about the responsibility falling on the IT department to prevent and resolve. However, securing sensitive data is a team effort -- day-to-day decisions by any employee can have a major impact on a company’s overall security posture.

With the surge in ransomware attacks this last year, members of Vandis’ staff got together to discuss the part that we can all play to protect against threats.

Here are 10 steps every employee can take to protect against cyber threats and ransomware attacks:

  1. Familiarize yourself with security plans and policies - IT and management put plans and policies in place for a reason. While it may seem daunting to add another thing to your to-do list, periodically reviewing procedures ensures you don’t miss crucial security steps.

  2. Be mindful of where you store confidential documents and material non-public information - Be sure to only save sensitive documents in the approved locations, including backups, and follow company policies for physically or electronically sharing this information with others. Otherwise, what you store and how you share information can become easy targets for bad actors.

  3. Opt-in to MFA - Going through the one additional step of two-factor authentication makes it exponentially harder for attackers to penetrate your network.

  4. Respect IAM parameters - Identity and Access Management (IAM) policies are not put into place to keep you out of the loop; rather, they exist because the fewer people who have access to sensitive information, the fewer opportunities hackers have to get ahold of it. Do not circumvent these parameters just for your own convenience -- only request access to documents that are necessary to do your job.

  5. Use protected devices - Whenever possible, work on company-issued and company-approved devices. That will ensure that the proper Endpoint Detection and Response (EDR) features are in place. But if you are using personal devices, such as your phone or tablet to access work-related materials, make sure to password protect your device, and make it strong.

  6. Slow down when reading and sending emails - When your inbox feels never-ending and you have a lot of work on your plate, it is understandable that you sometimes skim the message to quickly move on to the next item. But it is important to slow down and take the moment to review thoroughly. Make sure you are not clicking any links in emails from unknown senders, and that you know the signs of phishing emails. And of course, if the email seems suspicious, report the message using the Phish Alert button found on your email platform. Also be mindful of who you are sending information to. Recheck who is in your ”To” and "cc" list before clicking send.

  7. Take security awareness training seriously – Your company may schedule annual security and compliance training with the start of each new year as part of its company policies. Whether scheduled or ad hoc, when IT and security professionals take time out of their busy schedules to provide training, it’s for everyone’s benefit. Make sure to take the training seriously and revisit it often, so you can stay up-to-date on best practices.

  8. Don’t snooze the updates - System updates may be a small interruption to your workday (particularly if they require a restart), but they’re critical to making sure your device is protected against the most recent threats.

  9. Protect your wireless network - When working remotely, be sure you are only using a password protected wireless network and when possible, avoid using public networks. Otherwise, attackers can easily access anything you are doing on the internet or the cloud, which can include sensitive information.

  10. When in doubt, ask! - Always err on the side of caution. If an email looks a little suspicious, a policy is unclear, or it seems that a procedure isn’t being followed, bring it to the attention of your IT or security teams. It may be the difference between stopping an attack before it happens or opening the door for malicious actors.

While your whole organization can work together to strengthen your security posture, getting assistance from infrastructure security experts is another smart step to take. Reach out to the team at Vandis today to schedule an assessment of your security posture to ensure the security of your infrastructure.