This post is part 3 of our series about security awareness. Last time we discussed Microsoft 365 security best practices for all your users.

Do you leave your front door or car unlocked? Do you drive without seatbelts? Would you take a ride from a stranger?

Of course not! Since your early days of Driver’s Ed training, security awareness has been reinforced over and over. Now, all these habits are automatic.

While physical safety precautions are no-brainers, cyber security isn’t always as intuitive as locking your front door. In fact, according to Security Intelligence, human error causes 95% of data breaches.

However, these 6 habits can help users prevent and reduce security breaches.

 

1. Protect documents in the cloud

Is your hard drive cluttered with company files and documents? These documents are at risk if your device is damaged, stolen, lost… you get the idea.

Clear up the clutter and protect your data by saving documents to the cloud.


Save files in OneDrive or SharePoint to access them from any device. Plus, only those granted permission can access documents. At any time, you can allow or revoke editing permissions for your files in the cloud.

And the next time you want to click Print, think again. Do you really need this document in paper form? Save a tree, keep your company’s documents secure, and store it in the cloud instead.

Thanks to the cloud, you can say goodbye to complex folder systems. Instead, search or sort your files with metadata.

Metadata is information about your files, like modified by, date created, shared status, and more. OneDrive or SharePoint display metadata in columns. Add or create columns to categorize your information, so you can find it when you need it.

 

2. Secure your device

The following tips can help you prevent a host of cyber security issues:

  • Block suspicious email senders. You’ll prevent possible phishing attacks, information leaks, malware, and more.
  • Set your computer to lock after inactivity. Any open documents are available to passersby if you don't lock your device.
  • Run virus scans. Maintain a healthy system by regularly checking for viruses or malware.
  • Enable computer updates. Don't ignore security and system update notices. Instead, schedule them ahead of time.
  • Restart your machine regularly. This allows your computer to reset, which is a critical step if your operating system is running slow, if RAM is filling up, or if a driver crashes.

Take care of your device, and it will take care of you.

 

3. Collaborate safely with colleagues

Once your files are in the cloud, you can enjoy the benefits of secure sharing.

For instance—instead of sending email attachments, share a link to a file. What’s the difference? A file attachment is a copy of the file that can be forwarded, altered, and changed. By sharing a file link, you’ll literally keep everyone on the same page.

Anytime –before or after sharing—review document permissions in OneDrive. In this way, you can allow or prevent editing, forwarding, sharing, and downloading. Plus, you can control your file even after giving others access.

Image of paper file folders

Before sharing a document with someone outside your organization, use the Inspect Document feature in Microsoft Excel, Word, or PowerPoint. Click File, choose Info, select Check for Issues and then Inspect Document. This will help you remove hidden data or personal information.

You can also set up rights management to protect shared documents from accidental or unauthorized changes. Restrict changes by password, person, or make it a read-only document. To add rights management to a Word document, click File, choose Info, select Protect Document and then choose how to protect your document.

 

4. Follow security best practices

We mentioned earlier how important it is to lock your device when you step away. Keeping office space secure is also important. In the world of remote work, our “office spaces” aren’t defined or controlled. So, make physical safety a priority no matter where you are.

Also, check with your IT team for organization-specific safety protocols. Here are a few general Do’s and Don’ts:

  • Don’t connect to public Wifi for work. Public connections aren’t secure. Hackers can easily intercept any information you send over the Internet.
  • Do lock physical office or storage spaces.
  • Don’t use your personal device for work unless you have permission to do so.
  • Don’t use your personal cellphone or mobile device for work without IT permission.
  • Do lock your devices when stepping away.
  • Do use passwords with a range of different characters. This includes upper and lower case, symbols, and numbers. Also, consider 2-factor or multi-factor authentication.
  • Don’t use the same password for more than one account. If one password is compromised, then your other accounts are at risk.

As mentioned above, if you’re using a non-company computer for work, check with your IT or security team. They will want to ensure you’re following the correct protocols.

 

5. Secure your communication method

Are emails, instant messages, or mobile phone text messages all created equal? While they all communicate quickly, some are more secure than others.

Emails are great for broad communication that requires little feedback. Think announcements, occasional updates, or newsletters.

The next time you send an email to recipients that don’t know each other, use BCC (blind carbon copy) to protect their contact information. But—try to use email as a last resort. If you share an attachment, you no longer have control of that document. Also, back-and-forth email collaboration gets cumbersome.

Instant messaging at your workplace might take place via Microsoft Teams, Cisco Webex, Slack, or Google chat. If your IT team recommends a particular app, use an adoption tool like BrainStorm QuickHelp™ to learn all the best practices for that app.

Don’t share passwords or other sensitive information through messaging. Whenever you can, send an instant message via your chosen collaboration tool instead of via email.

Text messages aren't secure, so avoid using them for work. Instead, use your organization's messaging platform. When your phone is more convenient, try the mobile app version.

A woman's hand holding an image of a lock

 

6. Become proactive and security aware

Your workday is already packed; however, incorporating security into your workflow can be relatively painless. A few simple actions—just like fastening your seatbelt—can go a long way toward better cybersecurity.

The next time you open an email, hover over any links before clicking on them. Most often, a suspicious link will be near the end of the message. Word to the wise: scammers are getting increasingly sophisticated, so be cautious! The same principle applies for surfing the web—what is the security status of websites you visit? If the address field isn’t secure, do not offer information or download anything.

Don’t download random applications! If you really need a certain program, check with your IT department first so they can recommend appropriate steps.

It may seem obvious, but—store your work and personal files in separate locations. Likewise, keep your personal photos and communication stored only in your personal cloud storage.

Also—no matter how tempting—don’t use shared accounts or logins with your team. If you make an exception, ensure your entire team follows prescribed safety protocols to access this information.

Finally, we suggest regularly checking up on the latest cyber threats. Hackers are becoming ever more creative, and your entire time should be educated about the latest scams.

Small mistakes can have big consequences when it comes to cybersecurity. Good  thing your security awareness training is effective. Or is it? Get the guide >>

 

What’s next?

Now that you’re primed for security awareness, incorporate these habits into your workplace and help all your end users do the same.

Since it can be challenging to get everyone on board, check out the BrainStorm QuickHelp learning platform. We’ll quickly onboard your users, change the way they work with their technology, and empower them to be more secure on a daily basis.

P.S. Don’t rely on your required “annual” security training to build good habits—start now to get specific user groups the training they need. It’s quick, efficient, and most of all effective. See a Threat Defense demo to learn more.