14 Cybersecurity Best Practices to Instill In Your End-Users

Password reuse continues to be a threat to companies everywhere—a recent report found that 64% of people continue to use passwords that have been exposed in a breach. Poor password hygiene by end-users can open up your organization to security breaches and make your company’s sensitive data vulnerable to cyber-attack.

Preventing cybersecurity attacks starts with preparing your frontline of defense: your employees. Cybersecurity awareness training helps them become more aware, alert, and knowledgeable against the latest cyber threat tactics targeting end-users.

While it can be difficult to prevent all users' "bad" behavior, there are several cybersecurity best practices to train and regularly remind your employees of.

Secure End-User Accounts

Credential-based endpoints are the most vulnerable attack surface in any organization. Securing end-user accounts with these 4 best practices is important to protecting your entire organization from risk.

1. Enforce password policy compliance

Employees should have no choice but to comply with the password policy rules of your organization. With Specops Password Policy, for instance, organizations can enforce length and complexity requirements to ensure that their password is as strong as possible while blocking over 3 billion known breached passwords.

2. Utilize MFA whenever possible

To further secure end-user accounts, the implementation of multifactor authentication (MFA) should be mandatory for end-users logging into work apps, or making a change like resetting their passwords. When it comes to the MFA process, the more ways you can verify your identity when logging in, the harder it is for someone to steal your information.

3. Don’t leave information unprotected

Another best practice pertaining to account information is to encourage employees to lock their screens when they’re not around. Leaving screens unlocked increases the risk of someone viewing or accessing sensitive data.

4. Use a password manager

It’s also important for your organization to encourage the use of a password manager, not only for the individual end-user but to utilize shared vault features to prevent insecure password sharing among employees.

Protect Company Equipment

It’s easy, especially in a software-lead organization, to forget the importance of secure hardware. But as the IT pros in manufacturing or healthcare will tell you, it’s vital to secure your device infrastructure as well as your network.

When it comes to employees protecting their equipment from cybersecurity threats, there are a few ways internal training and strong policies can help.

5. All hardware should come from IT

To start, all new purchases should come directly through the IT department. IT is responsible for not only setting up the employee on the company’s network, but also for making sure the computer is properly equipped with security and OS or system support. This initial setup helps the IT department remotely maintain your computer to ensure your software is up to date and is set up to auto update.

6. Mobile devices need encryption too

Phones should have a lock screen and enable message encryption. This policy protects critical texts such as MFA security codes from being visible on a locked screen. This way, only those who can identify themselves with the correct password can read the messages.

7. Shut down devices properly, and often

It’s common for employees to keep their computers running throughout the work week, but shutting them down is essential for the health—and security—of the equipment. Most software updates require you to restart your computer in order to run successfully, so shutting down equipment is necessary for regular software maintenance.

8. Don't disable built-in protections

Employees should also be encouraged to keep firewalls enabled. Firewalls are put in place to block certain types of network traffic which keeps your system safe from external threats. Disabling the firewall opens up the organization to malicious attacks which rely on open network ports.

Finally, as an additional layer of protection, employees should always enable antivirus. Antivirus software offers real-time protection by scanning new files and will immediately alert the user if it detects any threats.

Data Privacy and Storage Policies

Data privacy is another huge piece of the IT security infrastructure. Encouraging these data storage best practices, as well as implementing a zero-trust framework in your organization, can ensure none of your end-users are invertedly putting your data at risk.

9. No personal data storage

Many companies encourage employees to send everything to the cloud, whether for file sharing or storage. The cloud offers more control over who can access internal information. If this is the policy at your company, then there shouldn’t be any company information saved on a user’s personal storage.

10. Discourage USBs

Additionally, make it a point to discourage the use of USB drives. USBs are not only small and easy to lose, but they’re usually not encrypted. This means that if a user plugs one into a personal or public computer that isn’t secure, and then uses it on work equipment, the USB can then transfer and introduce a virus into your network.

If an end-user needs a USB and there is no other option, make sure it’s being purchased and looked over by your IT department

11. Beware of suspicious emails and texts

Employees should also be encouraged to pay close attention to suspicious-looking emails – and always send them to IT if unsure. The IT department can conduct anti-phishing campaigns to help train employees on security awareness and what to look out for when it comes to suspicious emails.

12. Consider the environment, and your data security

All employees should also avoid printing anything with company data. Loose papers can end up in the wrong hands once they leave the employee’s home or the office.

While printing should be limited, there are cases where you may need to print a document—in which case employees should be encouraged to shred anything they’re no longer using.

Handle Software & Licensing Responsibly

Lastly, end-user education in cybersecurity 101 should include the risks of software on work devices. Organizations should have clear guidelines on how and when end-users can download or license anything that doesn’t come standard-issue on their work computers. A few guidelines include:

13. Express IT permission for all new downloads

New software downloads should be limited, but if users have to download a program, even a web-based application, they should clear it with IT first.

This is especially important if there isn’t any web application security already in place.

14. MFA on external software is non-optional

Additionally, all external software needs MFA for even greater password protection and security.

You’d be shocked to find out how many work-related apps’ built-in security measures don’t stack up. MFA can help mitigate any 3rd party risk.

Cybersecurity training is a constant practice and a team effort. With regular reminders, training sessions, and support from IT, users can generate more awareness of cybersecurity threats and help protect internal information.

Sponsored and written by Specops Software.