As a small business, you know you are at greater risk of being targeted by cyber attackers simply because of your size and supposed vulnerability. This is why you have worked hard to secure your business: partnering with a managed security service, putting in place multiple backups, and creating a backup and disaster recovery plan in case the worst happens. With all this focus on keeping attackers at bay, it is easy to forget that not all threats come from outside.
With the marked increase in direct cyber attacks in recent years, internet browsing and its associated risks can become a safety afterthought. As a result, unsuspecting employees may unwittingly introduce a threat just by the nature of their internet browsing behavior.
We have created this guide to help provide your employees with the training and tools needed to navigate the web safely and avoid putting the company at risk.
Understanding the risks
There are a number of risks associated with reckless or unwitting internet use. For many people, it is important to understand these risks to also understand the importance of safe browsing.
Social Engineering – This is the practice of manipulating people into divulging personal information or money. The most well-known example is the email from the “Nigerian prince.” Since the advent of social media, however, with the amount of personal information available online, these scams have become more convincing and affect a greater number of people.
Phishing – Phishing is a specific type of social engineering. This is the practice of sending out some form of communication, usually an email but it can also come in the form of a phone call or text, claiming to be from a trusted source. They are direct the user to a fake website, which would then be used to either collect personal information or install malware.
Spyware – A type of malware that steals your internet usage data and personal information. As the name suggests, it gathers data and sends it to an outside party.
Adware – A type of malware that displays pop-up ads all over your browser/screen. It usually piggybacks with a free download, so you download it unknowingly.
Ransomware – A type of malware that takes your computer or data hostage unless a ransom is paid. Sometimes this means that the attacker will threaten to publish sensitive information if their demands are not met, and sometimes they’ll encrypt your data on your own device only unlocking it once they’ve received payment.
Computer virus – A type of malware that replicates itself by modifying other programs and inserting its own code. Viruses can also spread to other machines in the network, causing significant damage.
Related reading: Are data backups important in ransomware defense?
Spotting the signs
Even with managed security, browsing policies, and security filters in place you can’t completely control where employees will end up online. This is why it is so important to train them to recognize the biggest red flags for malicious sites. Not only will this protect your business, but this is great information that will help to protect your employees no matter where they are browsing.
Look for the S – Web addresses start with either HTTP or HTTPS. What’s the difference? (Click for a great, detailed breakdown of the difference and everything you need to know). The short answer is that the S stands for secure, and you want to avoid entering personal information on any sites that don’t have that S.
Misspelled or mismatched URLs – You clicked on a Facebook ad and landed on a page that looks like eBay. But is it really? Take a closer look at the URL. Is it really ebay.com? Or is it mebay.com? When in doubt, open a new browser and go directly to the website in question, as opposed to clicking on the link. If you aren’t sure what the address is, search for it online rather than typing in the questionable one that was supplied to you.
Weird page content – If there is anything “off brand” or strange on the page, don’t just assume the best of people. Take it as a reason to step back and reassess why you are on that site.
Related reading: The biggest IT security threat
Providing the tools
To ensure that your employees can maintain best practices when it comes to internet security, it is essential that you provide them with the tools they need to succeed.
Password manager – Strong, unique passwords are a must for every account that you have. Reusing passwords is a huge security risk. Consider giving your employees access to a password manager. This enables them to remember just one password while giving every account a strong password that is kept secure in the password manager. Bonus: Passwords can easily be filled in with a click once the manager is unlocked, making the browser auto-fill feature unnecessary.
Turn off auto-fill – If you have your password auto-fill turned on, you’re negating the protection of having a strong password. If your computer gets hacked or falls into the wrong hands, not only do they have access to all your passwords but potentially to your home address, bank accounts, and other personal information. Turn this feature off on all your devices.
Secure browser – Just because a browser comes loaded on your computer doesn’t mean you have to use it. There are a number of different browsers out there that are worth exploring what they have to offer by way of security features. One of the most popular of these is Mozilla Firefox, an open source browser that was built with an emphasis on privacy and security.
Keep all security/software updated – Antivirus software is not perfect, but it is designed to detect and remove most known viruses malware infections. For this reason, it is vital to keep it updated. If you use managed security services, they will take care of this for you. If not, be sure not to skip any updates or just set the auto update feature.
Create clear compliance/BYOD policies – Create clear policies regarding any compliance regulations and personal device use. This is usually referred to as a BYOD (Bring Your Own Device) policy. These policies are designed to prevent unintentional breaches of data or non-compliance. The ramifications of data breaches and failure to follow compliance regulations can be severe, including steep financial fines. It is worth taking these policies seriously and ensuring that your employees do as well.
This list may seem a little long at first glance, but the benefits are invaluable. These practices and principles will make your web browsing significantly safer, and good habits become second nature with a little practice. Just a few changes can make your digital life easier and safer.