Cybersecurity for employees in 2024-2025: an awareness that protects your business

Advices

Since COVID times, when many employees shifted to remote work, cybersecurity for employees has been a hot topic. While your colleagues are becoming more suspicious of links in incoming emails and using multi-factor authentication, cybercriminals are devising new ways to “hack” your business to steal data and money.

We have compiled the top 10 recommendations on cybersecurity for employees in 2024-2025, which are easy to follow even without fully understanding how they work. You can use this for cybersecurity training within your organization. Please share these tips with your colleagues.

Most significant cybersecurity threats for employees in 2024-2025

  1. Phishing. The old technique remains the most effective method of cyberattack.
  2. AI social engineering. AI will help attackers personalize messages sent to your employees. Remember the case in Hong Kong?
  3. Attacks through suppliers. Your data stored outside your organization may have weaker protection, and attackers exploit this.
  4. Attacks through devices. IoT devices, especially innovative ones, are often released to the market without ensuring quality protection.
  5. Quantum computing. Criminal computers have become more powerful.
  6. Cloud attacks. More and more data is stored in the cloud, and if cloud infrastructure is used incorrectly, it poses a huge risk.
  7. Malicious mobile applications. The mobile applications market continues to grow and poses a significant danger.

Cybersecurity for employees in 2024-2025: simple tips

Tip 1: Change all passwords to 20-character ones.

Avoid repeating passwords for different logins. A password that differs by 1 digit is still repeating. You can use trusted password managers to avoid remembering long passwords.

If you prefer to remember passwords, develop your comfy password generation system. For example, if you have 10 favorite songs, generate ten passwords like this: the first three letters of each word from the title of the favorite song + the year the song was released + the year of birth of the band frontman and the city and date where you last attended a concert + the ticket price. Suppose your favorite song is “Teenage Dream” by Katy Perry. It was released in 2010. Katy Perry was born in 1984, and you were at a concert in Pasadena.

The password could look like this: TeeDre2010KP1984PasadenaCAJuly2023$300

Why long passwords? The answer is quantum computing. To crack a 20-character password consisting of letters, numbers, and special characters, a modern supercomputer would take about 466 quintillion years, while a quantum computer could handle this task in 4 years.

Tip 2: Change passwords every 1-3 months.

Reminders or even requirements to change the password for your work computer can be set up within your corporate infrastructure, but it’s also important to regularly change all other passwords.

Why change passwords? Because of the same increased capabilities of computers, and also because passwords can be seen by others.

Tip 3: When working from public places, sit in a way that the security camera doesn’t “see” your laptop screen and keyboard.

You can also use screen protectors or privacy filters on laptops to prevent unauthorized access to your screen.

Tip 4: Train yourself to hover over a link and carefully read the address before clicking.

Check URLs for suspicious characters or deviations from your company’s usual domain names.

Carefully examine the email addresses of senders, especially when receiving messages with important or action-required data.

Tip 5: Use a different communication channel to confirm when you receive important directives.

This refers to the same crazy case where scammers used deepfake technology to make an employee transfer a large sum, pretending to be his boss. Your employees should get used to the idea that significant directives for the company (involving large sums or significant information) received not in person offline need to be verified through a channel different from where the directive was issued. For example, if the boss wrote an email with a directive, it’s best to call them on their mobile and clarify.

Tip 6: Don’t discuss work with people you’re not in close relationships with or have known for less than 1 year.

Sometimes you feel like talking about work, especially to impress someone at a bar. However, this is exactly what social engineering specialists exploit.

Be cautious when discussing work matters at public events, on social networks, or with strangers, as this could become a source of information for potential attackers.

Tip 7: Don’t store personal files on your work computer.

Social engineering often works with compromising or personal data. A good way to avoid this is not to store personal data in the work environment. This includes photos of children on your desktop, your tickets printed on the work printer, or even personal appointments in your work calendar.

Tip 8: Learn access types to cloud storage as a part of cybersecurity for employees.

Get training on access rules to cloud storage, including access rights management, data encryption, and backup.

Make sure your colleagues understand the risks of using cloud services and ways to prevent data leaks when working with them.

Tip 9: Don’t give contractors unprotected information.

Don’t send photos, files, and data to contractors through messengers; use only official communication channels. All correspondence with contractors should be conducted through the corporate messenger or another organization-level established method.

Enter into confidentiality agreements with contractors and provide secure channels for information transfer to prevent data leaks through third-party companies.

Tip 10: Think about your role – what information available to you might be of interest to attackers?

Here are the data cybercriminals might collect:

  • Financial operations, access to payment systems
  • Personal data of colleagues: information about social security numbers, addresses, phone numbers, and other personal data of your colleagues
  • Corporate secrets and confidential information, such as development plans, intellectual property, or marketing strategies
  • Customer data
  • Logins and passwords

These tips on cybersecurity for employees won’t protect your company from all dangers, but they will significantly reduce risks.

By the way, JetSoftPro offers penetration testing and phishing attack simulation services to prepare your organization for threats. If you’re interested, contact us.

Connect With Our Experts
Get in touch with us. We'd love to hear from you.
Contact Us