Cybersecurity is a must at the office. But your employees are also vulnerable to cyber attacks at home.
Marcy Klipfel: Hello, from Businessolver, and welcome to our fourth and final installment of our series on Cybersecurity: Practical Tips for Your Workforce. I’m Marcy Klipfel, and I lead the Engagement Team here at Businessolver. This is my friend and colleague.
Tom Pohl: Hi, I’m Tom Pohl. I’m the Vice President of IT systems here at Businessolver.
Marcy Klipfel: Welcome back. Today we’re going to offer some very practical tips for HR professionals to share with their employees about how to stay cybersecure both at work, and in their personal lives, and at home. I wanted to kick it off, Tom, with your tips for people in the office to stay, as an individual, cybersecure at work.
Tom Pohl: Absolutely, thanks, Marcy. In a previous video, we talked about things like training, and things that you can do from an organizational perspective. One of the things that I like to help employees understand is to slow down and think. Don’t just assume what’s coming at your inbox is legit. You were telling me a little bit about your experience, Marcy.
Marcy Klipfel: I did, I had an example of that this week where I received an email that looked like it was from my boss, asking me to very urgently and quickly go get 10 Apple gift cards, and then email him back with the gift card numbers. Luckily, I was thinking, right?
Tom Pohl: Right.
Marcy Klipfel: I slowed down and reported it. We even have a phishing button for easy reporting. So, I hit the phishing button, got that sent to IT, and avoided something that could have been really silly.
Tom Pohl: That could have been bad. That’s the thing, in protecting ourselves, I realize in this day and age, everybody’s like, “Move, move, move, now, now, now.” But being able to really stop, think critically, and take action is important. Rely on the training that you received, and just slow it down. Think about it a little bit.
Marcy Klipfel: I know that you’ve really hit home with our employees to have very complex long passwords. The thing that I struggle with is where do you store those. Because, if I make them so complex, how will I remember that complex password?
Tom Pohl: So, there’s a couple approaches, and depending on your organization, you may or may not have these at your disposal. There’s definitely mnemonic devices, where you can come up with four individual words. Longer is the better with passwords, always. Longer, longer, longer. They may ask for upper case, lower case, special characters, numbers, blood of the first-born child… but, whatever. But really, coming up with a password that’s super long, like a sentence, right? Or four words, like “correct-horse-battery-staple.” Google “XKCD passwords,” and you’ll see a great cartoon explaining how password length is huge in preventing attackers from being able to crack your password.
Marcy Klipfel: But then where should I store that super long password?
Tom Pohl: Yeah, it depends on your threat model, right? A threat model is who’s coming after your passwords, right? Is it the cleaning company that’s cleaning your desk? Is it someone online? I can tell you where absolutely not to store your passwords. Don’t store them in a spreadsheet.
Marcy Klipfel: Okay.
Tom Pohl: Don’t store them in a Word document. Certainly don’t ever email them to yourself at home. I’ve seen these practices. It’s not good. You’ve heard of password managers, right? They’re secure password vaults, and this doesn’t necessarily apply at work because some organizations don’t supply password managers to their employees.
Marcy Klipfel: Right.
Tom Pohl: But you should be using password managers even in your home life.
Marcy Klipfel: Well, that’s a great segue, because I really want some tips for employees to have in their homes where we might be vulnerable.
Tom Pohl: Exactly. So, at home I think it’s awesome to use a password manager because you only have to remember one password. And make that password super secure. Then, all your other passwords are inside of it are secure. What happens is they have browser integrations, and things like that. I don’t know any of my passwords. I know my one vault password, and then everything else gets filled in for me automatically from that. With this password manager, you will also be protected from phishing attacks. Because, if you go to a website that’s asking for your password, like Facebook.com, but it’s spelled with zeroes instead of Os, your password manager will be like, “That’s not Facebook. I’m not going to put your Facebook password into a phishing URL.”
Marcy Klipfel: Oh interesting.
Tom Pohl: There are other things you can do to protect yourself from a personal perspective. For example, are you going on vacation next week in Switzerland?
Marcy Klipfel: I wish.
Tom Pohl: Haha, right. Do you think it’s a good idea to publish that you’re going to be out of town on social media before you leave to go on your trip? From a bad guy perspective, I can target you and potentially break into your house or try and steal your identity while you’re away. Having your identity stolen is a big deal, that can distract you from work. As an HR professional, I’m sure you don’t want your employees distracted with issues that come up because of a digital exhaust at home that has compromised their identity. They can do things like locking their credit, with all three bureaus. It now free to lock your credit with all three bureaus and I encourage everyone to do that.
Marcy Klipfel: Great advice.
Tom Pohl: Here are some other things you can do. Get a social media monitoring services. Get a credit monitoring service. And, educate all your family — your spouse, your children. Especially with children because they’re the future, right?
Marcy Klipfel: Right!
Tom Pohl: They don’t yet know that they should withhold information online.
Marcy Klipfel: Right, not put their amazing trip to Switzerland next week out on Facebook, or Instagram, or Snapchat, or everything that they’re using.
Tom Pohl: Exactly. And there are a lot of sites out there that will provide kids’ versions, you know, like YouTube Kids or Facebook Messenger for Kids, and things of that nature. You can really control the experience as a parent, and really think about it. It’s you versus the bad guy really, when it comes right down to it.
Marcy Klipfel: Sure, I think those are all helpful things. I have really enjoyed spending this time with you. I think I can speak on behalf of all my HR professionals out there, and colleagues, that it has been great talking and learning about cybersecurity. Our entire four-part series can be found on our website, Businesssolver.com. Check us out. Thanks for being with us, and enjoy your day.
Tom Pohl: Thank you very much.
Marcy Klipfel: Thanks, Tom.
Tom Pohl: Have fun.
Miss part 1, 2, and 3?
Are you ready to dive deeper into cybersecurity?