Protecting company data can be an intimidating task. With hackers constantly inventing new schemes, and every colleague a potential target, it’s no wonder that cybersecurity hiring has ramped up over the last several years. The reality, however, is that most successful attacks aren’t technically sophisticated—instead, they exploit common human errors. With this in mind, we compiled a list of simple security tips that anyone can understand and put into practice.
1. Use strong and unique passwords
As much as special characters and capital letters can increase password strength, simply making your password longer is often the most straightforward approach for improving password security. Still, experts say using unique passwords might be even more important—if one account is compromised, the others will remain safe. One easy way to check both of these boxes is to use a password manager like 1Password or LastPass. It’s a solution that’s convenient for employees, but secure enough to keep IT admins happy. → Tip: Use the same good password habits with personal accounts—many successful attacks on businesses start with a stolen personal password or user name.
2. Always use two-factor authentication
Two-factor authentication (2FA)—which typically involves a mobile app—is another must. Even if your password is stolen, 2FA will serve as a backstop, preventing hackers from accessing your account. The problem? Only about 30 percent of people use 2FA, and nearly three-quarters of IT decision makers admit receiving complaints from employees who use it. Consider reviewing your 2FA options—some solutions let you tap a button, rather than transcribing a code every time you sign in. →Tip: Some services let you use a Universal 2nd Factor (U2F) security key, a physical alternative to 2FA that can also protect you against phishing attacks.
3. Update your software right away
Some security pros say keeping software updated is actually the most important safeguard of all. Everyday users don’t always understand how important bug fixes and security patches can be. Ideally, your IT team should force software updates across employee devices if they haven’t been updated within a few days. →Tip: Sometimes it helps to learn as much as possible about what a software update will do—if employees understand how the update fixes a vulnerability, they'll be more eager to download it.
4. Learn the ins and outs of phishing
Phishing is a practice where hackers impersonate a trusted service, then ask for personal information in an email or on a webpage. Even if some phishing attempts are easy to spot, some are more cleverly designed. One first step is creating a culture where employees avoid clicking on links in emails or filling out webforms by default. →Tip: Consider advocating for an internal resource that keeps a running log of known scams and legitimate requests—accessible to all employees.
5. Beware of attacks over text and phone calls
Some social attacks can be more specific and targeted in nature. Hackers might send an employee a text asking for a 2FA authentication code, or impersonate a customer support representative over the phone. These kind of attacks can be particularly tricky to avoid, because they’re designed to seem like genuine security requests. Customer service teams can review their procedures to make sure no one can exploit a loophole, and IT teams can encourage employees to report any suspicious callers or messages. →Tip: Consider using app-based 2FA instead of SMS-based, as text message authentication can lead to these kind of attacks.
6. Practice good badge behavior and discourage tailgating
One of the easiest—and most overlooked—security targets is the office itself. Compared to cracking a 2FA-protected account, slipping into corporate headquarters can be surprisingly easy. The biggest offender is tailgating: namely, when an unwanted guest follows a legitimate employee through a door before it closes. Your manners might tell you to hold the door, but you’ll be better off dropping the instinct for courtesy. You can also ask to see a badge if the person behind you doesn’t have it visible. →Tip: Learn the process for getting a replacement badge, so you can get one quickly even if you forget yours.
7. Be smart with devices
At the office, it's safest to put your computer to sleep whenever you leave your desk. On the road, you can use privacy screens to discourage snoopers from reading sensitive information. Criminals, or even just overcurious onlookers, will often act in response to opportunity. Safeguards like these will prevent them from getting any ideas in the first place. →Tip: Ensure that data on your devices can be wiped remotely. This way, even if a device is lost, company information remains safe. While each individual tip on this list is simple, taken together, they can make a giant difference. If you can establish good habits like these—even with no additional technical knowledge—you help make the security team’s job easier and the company safer.