It is more important than ever to ensure that you use the internet safely to protect both yourself and the companies you work for from cyber attacks. Cyber security mistakes made by individuals are the most common cause of cybersecurity breaches. Analysis of 2019 breach reports sent to the UK’s Information Commissioner’s Office (ICO) shows that 90% of data breaches were caused by a cyber security mistake. That’s a lot of costly mistakes.

In honour of Computer Security Day 2020, we compiled a list of the cyber security rules that everyone should know in order to stay safe and prevent data breaches.

Before we start, what is a CISO?

A CISO, or Chief Information Security Officer is the most senior officer in an organisation who has responsibility for making sure that the organisation has proper cybersecurity protections in place, and that they are doing their best to prevent cyber attacks, or have good plans in place to deal with them when they do take place. They are also responsible for making sure that every employee knows about their cybersecurity responsibilities and how to avoid making a cyber security mistake. The following 10 rules are just some of the things that they would like you to know. You’re welcome.

The best rules to follow to avoid making a cyber security mistake

1. Learn how to recognise the signs of a phishing email

More than 3 billion phishing emails are sent worldwide every single day, so the chances are that you receive them fairly frequently. While you may still receive an email from a Nigerian prince asking for money in return for his undying devotion, many phishing emails today are more sophisticated. They will use branding and wording taken directly from official organisations (check out this scam from earlier this summer), convincing the recipient that they are legit, and increasing their chance of success.

The aim of these emails is to trick you into making a cyber security mistake and giving them your personal information so that they can access your accounts.

Stay email safe:

Don’t open an email if you think it is suspicious
Don’t open links or attachments in unsolicited emails
Verify the sender – check the email address is genuine
Don’t reply to unsolicited emails
Never share sensitive information, such as your personal information, credit card numbers, or account passwords over email to someone you don’t know
Report suspicious emails to your IT security officer
Recognise the signs of a phishing email:
- Poor spelling or grammar in the email
- Errors in the text that don’t quite add up
- Weird looking sender email addresses with numbers and random letters rather than names and words
- Hidden domain names, and shortened links

2. Create strong passwords

Weak passwords are one of the most common cyber security mistakes that lead to data breaches. Cyber criminals have a variety of ways to get hold of passwords including getting information from phishing scams, and buying stolen passwords. They are also pretty good at guessing passwords, especially when people use unimaginative passwords such as ‘password’ or ‘123456’.

Below are some tips to creating strong passwords:

Use more than 8 characters. Try the three random words rule to create long passwords that are easy to remember
Get creative – add characters within words, or use random words and ideas
Always change your password from a default password that someone else gives you (from a system administrator, to a preloaded password from the supplier)

Don’t use common words, character combinations or easily available personal information in your passwords
Don’t reuse passwords – create a new password for each online account
Don’t create new passwords that are almost exactly the same as the last password

3. Be extra careful in public places

Another common cyber security mistake is to trust public Wi-Fi. Public Wi-Fi is free, and a great way to keep up with work while on the move, but it is also not secure. When you work on a public Wi-Fi network, it is easy for a cyber criminal to intercept confidential data using a Man-In-The-Middle attack, or even access your device.

Stay safe in public places:

Don’t do sensitive tasks while connected to a public network, for example making payments, or sharing files
Use a VPN when you are on a public Wi-Fi network to hide your location

4. When you see a software update for your computer – do it!

When you see a pop up in the corner of your screen with a software update, make sure you download the update ASAP. Software updates fix security weaknesses in the programs and applications that you use on your devices. They are usually a response to a known threat, which is already being exploited. Not updating leaves the applications you use at risk of being attacked. Check out what can happen if you don’t update your programs as soon as you see the update pop up.

Stay safe:

Always download an update when you see it

5. Security features and programs are there to protect you

Your CISO and their team may have already added security features to your computers and work phones in order to protect the organisation’s networks.

They may slow you down, or be a bit annoying, but they are there to help you. For example, firewalls protect your computer against viruses, malware and other threats to the network. Download restrictions help avoid someone mistakenly downloading malware, and spam filters remove harmful emails before they reach your inbox.

Stay safe:

Don’t disable or override security settings on your computer or phone

6. Don’t browse untrusted websites

Another easily avoided cyber security mistake is browsing unsafe websites. Untrusted websites may contain spyware, and any links you click on could install malware on your computer or phone. If that device is connected to the office WiFi, it could expose the entire company. While the cat videos or funny clip someone may send you looks like harmless fun, the website they are hosted on may be anything but.

Stay safe when browsing the web:

Don’t override the antivirus software that blocks the website
Recognise the signs of unsafe websites including unusual url endings (for example .biz)
Look for the S in ‘https’ at the start of the URL, or the green padlock icon in the URL bar. Both are signs of secure sites

7. Don’t plug unknown USB Flash Drives into your computer

If you don’t know who a flash drive belongs to, and can’t verify that it has been stored safely, don’t use it. USB flash drives can contain malware, which will be installed on your computer as soon as you plug it in.

Use USB flash drives safely:

If in doubt, use a new USB flash drive
Store your USB drives in a secure place, for example in a locked drawer
Don’t lend your USB drive or borrow one from a colleague
If you find a USB flash drive, give it to your IT team to check

8. Protect your phone or personal computers

Many people access their work email or other applications on their phones or personal computers so that they can stay connected outside the office. Once they connect to work applications outside the secure work network, they add a level of risk of security breach. Forgetting your device in a public place, or having it stolen while you aren’t watching it will not have a happy ending.

If an infected outside device is connected to the work network, it will infect the entire network, and create havoc at work.

Stay safe outside the office:

Don’t leave your computer or phone out of your sight
Only use secured networks, or use a VPN if connecting to a public network
Don’t take your devices out unnecessarily
Use a password or fingerprint to lock devices
If a device which contains work information is stolen, report it to the IT security team immediately

9. Everyone is at risk of a cyber attack

It is only a matter of when, not if, any person is going to be a victim of some form of cybercrime. No one is too small or too insignificant to an attacker. Hackers aren’t picky, they just want to benefit in some way. It is in your best interests to follow safe cyber security rules, and make it harder for cyber attackers to access your devices, accounts, or personal information.

10. Cybersecurity is everyone’s responsibility

Yes, you read that right. Each and every member of an organisation has a responsibility for protecting the company’s networks, data, and systems. Take responsibility for keeping your computer, phone, and accounts safe, and avoid a costly cyber security mistake.

Stay safe:

Attend the professional security training that your company organises, and apply what you learn
Follow the cyber security rules listed above

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-176747747-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

The Top 10 Cyber Security Mistakes Your CISO Wants You To Avoid

The best rules to follow to avoid making a cyber security mistake

1. Learn how to recognise the signs of a phishing email

2. Create strong passwords

3. Be extra careful in public places

4. When you see a software update for your computer – do it!

5. Security features and programs are there to protect you

6. Don’t browse untrusted websites

7. Don’t plug unknown USB Flash Drives into your computer

8. Protect your phone or personal computers

9. Everyone is at risk of a cyber attack

10. Cybersecurity is everyone’s responsibility

Recent Posts

How to build a cybersecurity strategy for startups

ISO 27001 vs SOC 2 – Which is better for your organisation?

Encryption of data in use: A new standard in data protection

What is HIPAA Compliance for Startups?

Benefits of ISO 27001: Why you need a cybersecurity framework

Are you the weakest link? How to prevent software supply chain attacks

Services

Location & Contact Details

Stay Connected