Home » Spin.AI Blog » Cybersecurity » Google Workspace Security » Cyber Security Training for Employees
Google Workspace Security
November 19, 2018 | Updated on: March 28, 2024 | Reading time 10 minutes

Cyber Security Training for Employees

Author:
Avatar photo

VP of Engineering

In this Cyber Security Training for Employees you will find an extensive instruction on how to avoid becoming a cybercrime victim which will be useful for your colleagues. It covers such topics as suspicious files and links, password creation, 2-step verification, software, antivirus, OS, backup, mobile security, physical security, and so on.

We recommend you send this instruction to your employees via email and make everybody read and understand it. In corporate network, the failure of a person can become a disaster for a company. So enhance your organization’s cyber hygiene and work in a secure digital environment.

Cyber Security Training for Employees: Key Thing to Learn – Do not Press Suspicious Things

Do not open, press, or run suspicious files, links, and applications. Your rule of thumb: if you were not waiting for this message, file, link, etc., consider it suspicious.

Suspicious Files

Do not open suspicious files, email attachments, or archives if you do not trust the source. Move unwanted messages to a Spam folder before reading. Files or links from unknown people should be considered harmful by default. Check the files you receive particularly carefully. If you have received a MS Word document via email, contact the sender via a messenger or phone and ask them about the purpose of sending the file and whether they have sent it. The most risky file extensions are .com .cmd,.bat, .ps1, .swf, .jar, etc. MS Office documents, especially with macros:.doc/.docx /.docm, .xls /.xlsx /.xlsm, etc. PDF documents: .pdf. Vector files with inner code: .svg . Archives, especially the ones protected with a password.

Suspicious Links

  • Do not open suspicious links (URL), especially those that lead to web-sites you normally do not use. Always check web-sites’ domain addresses before clicking the link: criminals can conceal the domain name, so it seems familiar (facelook.com, gooogle.com , etc.). Use HTTPS and check the web-site SSL-certificate to make sure it is not copied or fake.
  • Harmful URL-addresses might “mask” behind any text in HTML-files, documents and emails. In the web-browser or mail client move the mouse cursor on the link (but do not press) and wait (1-2 seconds) until the real URL appears. You can also right click the link and copy it to the text editor to see its actual address.
  • Harmful URLs might be encoded with QR-codes and / or printed on paper, including in the form of cut URLs, generated by special services, like tinyurl.com, bit.ly, ow.ly, etc. Do not insert these links in the browser and do not scan QR-codes with your smartphone if you are not sure about their contents or origin. You can unfold short links before opening with the help of special web-sites. Popular browsers apps provide such unfolding automatically: Google Chrome – URL Unshortener, Mozilla Firefox – Long URL Please Mod.

Suspicious Pop-Up Windows

Be careful with pop-up windows and messages in your browser, programs, operational system and mobile device. Always read their content and do not “approve” and “accept” anything automatically. Pop-up windows may be harmful in different ways: some allow criminals to install fake SSL-certificates to your system that will help them intercept your network traffic; some might install malicious programs on your computer and smartphone or redirect your browser to malicious web-sites that infect computers with viruses and other malicious programs.

Suspicious Devices

Do not plug USB drives and external drives, do not insert CD and DVD etc. in your computer if you do not absolutely trust their origin. There are computer hack techniques even before you open a file on USB and long before your antivirus scans it. If you have found a device on the street or in the office, or if you have received it by mail or with a courier, if a stranger has given it to you asking to print a document or simply open and check the content – there is a chance the device is malicious. Trust only your own devices and be careful with the devices you receive from others.

Use Passphrases instead of Passwords

What is a Passphrase?

Use passphrases instead of passwords, to avoid easy passwords problem. Passwords based on well-known dictionary words are easy to crack. Instead, select a phrase you will not easily forget the following 2-3 days: one line of a poem, byword etc. Then, transform this phrase into one “word” deleting the spaces and replacing letters with similar digits or symbols: A-4, B-8, C-(, I-1, L-7, S-5, T-7, etc. Adding digits and symbols, and converting letters to uppercase will make the passphrase even stronger.

How to Create a Strong Passphrase?

Use the recipes for creating strong and unique passphrases. The recipe is the algorithm used for forming different passphrases for different systems on the common base. For example:

  1. Choose the strong base, for example, the passphrase w3llD0nem8’
  2. Think of tying this phrase to a service, e.g., simply adding the server name at the end: w3llD0nem8’gle, glew3llD0nem8’goo
  3. Do not forget to “distort” the resulting phrase by, for example, changing the server name last letter to the digit, if possible, and adding the exclamation mark or other symbol: goow3llD0nem8’gl3!

Keep the Passphrases Secret

No one but you should know your passwords. Do not reveal them to anybody, including your boss, your system administrator or support service, your spouse, parents, children etc. They have no logical or legal base to get your passphrases. From technical point, even the system you use the password for does not have access to it in its initial form. Instead, the system keeps the “hash” – its cryptographically secure copy. Never write your key passphrases on paper or in an (unencoded) file. Password safe Excel file is not encoded. Password safe archive is not appropriately encoded. If required, use only safe password managers for keeping the passphrases.

Passphrases Renewal

Renew the passphrases regularly or at least once a year. Your corporate passphrases and passwords you use the most frequently (often per day) must be renewed every month or every two months. The rule of thumb is that the more often you use the passphrase, the more often it must be renewed.

Password Managers

Use the password manager software for keeping and protecting the passwords and follow these rules.

    • Generate strong accidental passwords no less than 20 symbols long.
    • Make sure the masterpass you use to protect other passwords is a strong passphrase.
    • Use the password manager that encodes the database before saving to the cloud or synchronizing with the network devices.
    • Often, or, even better, automatically, make the reserve copies of the password databases.
    • Still want to use passwords?

Safe passwords are long, complicated, and unique. It means they have to be longer than 12 characters, consist different characters (letters, digits, symbols), and differ for every service, web-site, or system. Passwords should not be based on simple words that can be found in dictionaries. Passwords should not be cognitive, meaning, they should not be based on the user or system data.

Use 2-Step Verification

    1. Enable 2-Step verificationMost authoritative online-services support 2-step verification. Enable it with the software token (available in Facebook, Twitter, Google, etc.) or with a temporary password delivered via SMS.
    2. Avoid SMSPrefer using Google Authenticator, physical token, or mobile application verification. Avoid using temporary passwords via SMS.

Try SpinOne for free

Learn more in Part 2
Learn about G Suite cybersecurity and the best G Suite security practices.

Was this helpful?

Thanks for your feedback!
Avatar photo

VP of Engineering

About Author

Sergiy Balynsky is the VP of Engineering at Spin.AI, responsible for guiding the company's technological vision and overseeing engineering teams.

He played a key role in launching a modern, scalable platform that has become the market leader, serving millions of users.

Before joining Spin.AI, Sergiy contributed to AI/ML projects, fintech startups, and banking domains, where he successfully managed teams of over 100 engineers and analysts. With 15 years of experience in building world-class engineering teams and developing innovative cloud products, Sergiy holds a Master's degree in Computer Science.

His primary focus lies in team management, cybersecurity, AI/ML, and the development and scaling of innovative cloud products.

Contents

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Schedule a Demo Call

Latest blog posts

Importance of Backing Up Google Workspace Data Daily

Importance of Backing Up Google Workspace Data Daily

January 23, 2024

Many organizations today are heavily relying on cloud Software-as-a-Service offerings for business productivity, communication, and... Read more

Avatar photo

Director of Support

Google Workspace in 2024: Key Updates and Features

December 14, 2023

Google Workspace is constantly improving to bring new productivity features for businesses. In this article,... Read more

Avatar photo

Vice President of Product

How to Implement Data Leak Prevention in Google Workspace

How to Implement Data Leak Prevention in Google Workspace

October 27, 2023

Data leaks in Google Workspace can have severe legal, financial, and reputational implications for the... Read more

Avatar photo

Vice President of Product