Security Basics: What Everyone Should Know

As cybersecurity threats are becoming more and more sophisticated and effective, companies need to prepare a strong line of defense to protect themselves from cyber attacks. Good, technical security practices need to be implemented and adapted as threats are constantly adapting, however, it is just as important that employees be trained to become the first line of defense for your company.

Image via: cloudpro.co.uk

Malicious actors with the intentions of sabotaging your company or extracting sensitive information might decide to target your employees as the first step to gain access to your company. That is why employee trainings should be a fundamental part of your defense strategy.

What are the security basics everybody should know?

Emails and calls:
Many people unfortunately fall victim to phishing attempts, in which malicious actors pretend to be a trustworthy entity to acquire information from them.
Here are a few tips:

• Double (or triple!) check the sender before opening an email.
• If you did not request an attachment, DO NOT open it! Ask yourself – Is this attachment necessary? Am I expecting an attachment?
• If there is a link in an email you received, DO NOT just click it, even if it looks legitimate. Hover the cursor over the link to reveal where it is actually taking you. Check the spelling attentively and use search engines to navigate to the page instead.
• Be suspicious of emails and calls that ask you to click on links, modify settings on your computer, provide information about the company, or provide personal information.

Image via: unsplash.com

Downloading from the Internet:
Companies have specific policies when it comes to downloading from the Internet. If an employee needs to download from the Internet, then there are some guidelines to be aware of:

• Follow your company policy about downloading files from the Internet. If you’re not sure if you can download something, ask!
• Malware and viruses can hide in many files, so you must be careful and suspicious while downloading.
• Make sure you are downloading from a trustworthy source.
• Be extra suspicious of files that ask you to enable features to be able to read the document (i.e. Macro) or prompt for authentication.

Passwords:
Passwords are also established by a company policy. However, here are a few recommendations:

• Avoid using guessable passwords such as Summer2016, admin, password, birthdays, etc.
• ALWAYS change default passwords when a new service or system is setup.
• Use long passwords or passphrases (more than 12 characters) – the longer the better!
• Use a mix of lowercase and capital letters, numbers, and special characters.
• Change your password regularly.
• Consider using a password manager.

Even though every employee should be aware of the cybersecurity basics listed above, much more information about cybersecurity practices should be provided to employees for them to represent a valuable first defense for the company.

LMG Security offers and customizes intensive technical training courses, as well as online security awareness tutorials. An overview of the trainings offered by LMG Security is listed below, along with the topics they each cover.

General Security Awareness Training

– Phishing
– Physical Security
– Password Habits
– Data Disposal
– Mobile Security (Phone, Tablets, Laptops)
– Social Media Security
– Safe Web Browsing
– Cloud Storage
– Encryption
– Removable Media Security
– Advance Persistent Threats (APT)
– Incident Response
– Security on the Go
– HIPAA Security

Digital First Responder Course

– Incident Detection, Triage and Communication
– Volatile Evidence Collection (memory, processes, network connections, etc.)
– Network-Based Evidence Acquisition
– Hard Drive Imaging
– Evidence Preservation Fundamentals

Network Forensics Classes

– Packet Analysis
– Wireless Traffic Analysis
– Network Tunneling
– Flow Record Analysis
– Web Proxies
– Network Intrusion Detection/Prevention Systems
– Malware

Continuing Legal Education Seminars

– Digital Evidence Preservation
– Protecting your Clients’ Data
– HIPAA/HITECH Security for Attorneys
– The Ethics of Email Encryption
– Mobile Device Security
– Cybersecurity in the Cloud

Executive Cybersecurity Seminars

– How Companies get Hacked
– Phishing Awareness
– How Much is Your Data Worth?
– Emerging Threats
– 9 Building Blocks of an Effective Cybersecurity Defense

Employees are the first line of defense for any company and need to be trained on how to properly identify and respond to cyber threats.

For information on who should take the trainings listed above, and how they will benefit your company, please visit our trainings page. For any questions or comment, email us at [email protected].