CIS Logo
tagline: Confidence in the Connected World

6 Cybersecurity Tips to Keep Your Workplace Safe Online

online-safety-work

In the office, cybersecurity is everyone's responsibility. By reminding your employees of these simple online safety best practices, your organization can avoid becoming the next victim of a cyber-attack. Check out the tips below to discover how to keep your workplace safe online, to improve your organization's cybersecurity defense and minimize risk.

1. Lock it up

Modern workplaces are often split between multiple locations and may involve remote employees. No matter where your office is located for the day, devices should be carefully secured. Make sure employees know to always keep portable devices such as laptops and cell phones locked with a secure passcode. There are many ways to create secure passcodes. Some devices have biometric scanners, while others use a PIN or matrix passcode for authentication. If you are using a text password, make sure it is unique for each account.

2. Two is better than one

For critical applications and accounts, employees should be required to use two-factor authentication. A good way to remember how it works is that it's a combination of any two of the following:

  • Something you have (such as a randomly-generated code or ID badge)
  • Something you are (such as a fingerprint)
  • Something you know (such as a password)

Two-factor authentication is an important layer of defense beyond the typical password. It decreases your risk of falling victim to a compromise because criminals need access to not only your account password, but your additional security method as well to access the account. Be sure it's required for employees accessing sensitive networks or data.

3. VPN for the win

When conducting work business outside of the office network, ensure your safety by never using Wi-Fi without using a VPN (Virtualized Personal Network). A VPN acts as a secure tunnel over the internet, encrypting traffic. By implementing a VPN to your office's secure network, employees can travel while relying on the defense controls at HQ. Requiring employees to VPN into a secure network is essential; using public wi-fi networks can expose your organization's accounts and data to malicious actors or compromised infrastructure.

4. Stay on guard

From the founder to the new intern, everyone at your organization needs to remember: if something looks suspicious, chances are it is! Malicious actors will leverage urgent subject lines, billing-related attachments, and spoofed senders to entice the recipient to take action. Share these email and web browser tips: Never open or download attachments from unknown senders and always hover over a link before clicking to ensure you're being directed to the intended URL. Implementing these security best practices can help prevent the spread of malspam and ransomware. 

5. Training is key

Your organization's cyber defenses depend on an educated workforce that can apply best practices to avoid threats. From recognizing a suspicious email to knowing when to connect via VPNs, you'll want to ensure your employees understand cybersecurity essentials. SANS is the leading cybersecurity training institute for professionals offering courses on multiple topics. Their security awareness training programs help train employees on topics like phishing, two-factor authentication, and more. 

6. Take inventory

You can't defend what you don't know you have. Be sure to set up processes that actively track all hardware and software assets within your organization. Utilizing tools like an active discovery tool or software inventory tool will be able to easily identify connected devices to your network and help automate the documentation of all software on business systems.

In fact, taking an inventory of devices and software are the first two recommendations of the CIS Controls. This puts them at top priority for cybersecurity actions you can take. The CIS Controls are a prioritized set of cyber defense actions for organizations to improve their cybersecurity. They include steps everyone can take to harden systems and prevent an attack.

A Deeper Look: Security controls for home and work.

The CIS Controls team has also released a guide that walks through security best practices for teleworking, small business, and home office environments. The CIS Controls Telework and Small Office Network Security Guide provide recommendations for hardening your devices to protect workplace data when working from home or remotely. As we work to protect our homes from cyber threats, we can also protect the workplace. Effective cybersecurity controls are the place to start.

Download the White Paper
Download the White Paper

Related Resources



Arrow CIS Control 1: Inventory and Control of Hardware Assets
Arrow CIS Control 2: Inventory and Control of Software Assets