Employees are often considered the weak link in the cybersecurity chain, but what if they were your greatest asset? What do they need to know to be part of a culture of cybersecurity? Read on to learn more about ways to make your company more secure during Cybersecurity Awareness month and all year long.
The Need for Strong Cybersecurity
With so many devices connected to company networks as well as to the Internet, the threat surface has greatly increased. And threats that can impact one device, can impact your entire network. According to CompTIA’s 2025 State of Cybersecurity report, 56% of organizations report security incidents, even with 78% now prioritizing cybersecurity. However, on a brighter note, an IBM report cited a $1.5 million reduction in costs from security incidents, in organizations with security awareness training and incident response plans. These programs and plans empower everyone with the knowledge to spot signs of a cyberattack and stop it in its tracks. While cybersecurity includes tools, processes and people, people are a very important part.
Technology, Processes and People
The tools and processes are available, and many companies may have the technological tools in place as well as the processes. Software updates, firewalls and antivirus protection, and access and identity management are all things that your company already likely uses. Other methods of protection are in everyone’s hands. These include:
- Strong, unique passwords of at least 12 characters, with mixed numbers and letters and special symbols. Pass phrases are also effective. Workers should know to change these regularly and not re-use old passwords.
- Multi-factor authentication: When logging on, using more than one form of authentication adds an extra layer of security–for example, a one-time code and biometric in addition to a password or passphrase.
- Awareness of phishing scams and their variants, as well as indicators like misspellings and especially an urgent call to action.
- Using only secure Wi-Fi connections when working remotely, or logging into a VPN, again using strong passwords.
- Avoiding unsolicited attachments, because those are common malware vectors and often contain false sender names and other ways of tricking users into downloading attachments.
- Physical security measures like manually logging off work accounts and locking devices when not in use.
- Safe Internet browsing habits, like avoiding suspicious sites. Sites with https:// instead of just “http://” show that a secure protocol is in place. Workers can also enable script and ad blockers.
If something doesn’t look right, employees need to say something to an IT staff member. Lost devices need reporting as well as phishing scams, and employees need to be reminded not to click URLs or attachments. Timeliness is essential in helping stop an attack.
Training in cybersecurity is for everyone, and common-sense precautions can help safeguard your data and applications. For further assistance, please contact your trusted technology advisor today.