Millennials and Gen Z are the generations most concerned about the organizations they work for being the victim of a cyber attack. They're also worried about leaving their organizations vulnerable to cyber attacks, as well as feeling less prepared to deal with said cyber attacks.
This research comes from Ernst & Young LLP (EY US), which found that overall 53% of US employees worry their organization will be the target of a cyber attack. Just over a third (34%) are concerned they may be the ones leaving their organization vulnerable due to their actions.
When it comes to Millennials and Gen Z, 58% and 64% of these generations respectively are worried that they will lose their jobs if they leave their organization vulnerable to a cyber attack.
This panic only works to make people less cyber secure, as it can lead to cyberattacks going unreported when they do happen, for fear of the repercussions. With 68% of cyber attacks including a non-malicious human element, e.g. clicking on a link in a phishing email, this fear is definitely best nipped in the bud.
So, to raise your cyber-confidence and put you in a better position to respond to cyber attacks, I have put together 5 steps you can take to make you (and by extension, your company) more cyber secure.
1. Recognize phishing attempts
Phishing is a cyber attack technique that involves hackers putting out "bait" in the form of an email and hoping you'll take it, either by clicking on a link, downloading a file, or otherwise helping them reach their goal.
There are multiple different forms of phishing, for example smishing which is sent via text, vishing which is via a phone call, and quishing where hackers send you QR codes in an attempt to get you to scan them.
These attacks are a form of social engineering, meaning hackers employ psychological tactics to try and force you into behaving the way they want to.
Understanding what to do if you get a suspicious text, email or even phone call is crucial for stopping phishing attacks. However, with EY US' research finding that just 31% of Gen Z employees feel "very confident" in their ability to identify phishing attempts, along with 51% of Millennials, it's clear that companies could be doing more to help out their employees.
Luckily, there are a few handy hints you can use to identify and prevent phishing attacks.
- Don't immediately act: phishing attacks often employ language meant to inspire panic or a sense of urgency in the recipient. Even if you receive an email that claims that you must click on a link, download a file, or transfer funds, it's important to take a moment and consider whether the message is legitimate.
- Read the message carefully: is it pushing you to do something urgently? Does it seem different from other emails you've received from this person? Are there grammatical mistakes or spelling errors? Are you being asked to do something you wouldn't normally do, e.g. randomly resetting your password, buying gift cards, or attempting to move funds? All of these are clues that this is a phishing scam rather than a regular message.
- Check the sender: hackers may pose as your manager, IT department, or even CEO in an attempt to coerce you into helping them. While their display name may be the same, their email won't be. Hover over the contact and check it against the details you have for them. If you're still unsure, reach out to them directly. They'll be able to confirm whether or not it is legitimate.
- Check the link: if you have been urged to click on something, hovering over the link sent to you may reveal that it is dodgy. Of course, hackers can and do create very similar web pages to get you to believe that they're legitimate, so it can be hard to discern legitimate sites from not.
- Report the phishing attempt: when hackers are attempting to gain access to an organization, likely, they may not just be targeting you. By reporting the attempted cyber attack, you'll be keeping your company safe by warning others of what to look out for.
By using these techniques, you'll be protecting both yourself and your company. Plus, they can be used against day-to-day phishing attempts, making sure you're less likely to get scammed.
2. Set up multi-factor authentication
Multi-factor authentication (MFA) can prevent cyber attacks as it requires you to confirm your identity via a code that is either texted to you, sent via email, or received via an authentication app.
Not only does it mean that it is confirmed that you are logging in thanks to the code, it will also alert your company to the fact someone else is trying to gain unauthorized access to an account if you suddenly get MFA codes you didn't request.
The importance of MFA cannot be understated. For example, health tech giant Change Healthcare recently suffered a cyber attack that took its sites offline. A key aspect of the cyber attack was the fact that the Citrix profile used by the hackers to gain access to Change Healthcare's network did not have MFA turned on.
It's not to say that the hackers wouldn't have been able to carry out the cyber attack if MFA was active, but it could have alerted Change Healthcare to the fact its network was in danger a whole lot sooner.
3. Use strong passwords
If you use a weak password for your work accounts, you are not alone. Research has found that 37% of people have "risky" workplace security habits, with almost two in five (39%) people admitting they use weak login credentials.
Passwords are the first line of defense against unauthorized access to your network. Using weak passwords may make them easier to remember, but they undoubtedly make you less cybersecure.
If you struggle to remember secure passwords, it's a good idea to use a password manager. Most browsers and even phones come with a built-in password manager that can generate secure passwords, so you don't have to come up with something yourself.
Some countries, such as the UK, are even making weak default passwords illegal. This may eventually extend further to protect people from using unsafe passwords in their workplaces.
4. Use a VPN
A virtual private network (VPN) is a piece of software that encrypts your computer's connection. This means your browsing data, IP address, and location, among other personal information, is kept private.
VPNs are particularly useful if you are a hybrid or remote worker, as it keeps your connection to both the internet and your company's network safe and private. This is doubly important if you use public Wi-Fi when you work.
Public Wi-Fi can allow others on the network, or those running the network, to access your data via the internet connection. By using a VPN, you block anyone snooping from seeing what you're doing.
VPNs also prevent data theft by adding an extra layer of security when sharing or sending any data between users or servers. This layer of encryption helps keep prying eyes away from your device and the data stored on it, as well as any data stored on your company's network.
If you're unsure of which VPN to use, check out our recommendations for the best VPNs as we break down thousands of hours of testing into clear and simple results.
5. Install software updates regularly
I get it, software popups can be a pain and sometimes it's infinitely easier to press "restart later", especially when you're in the middle of something. In terms of cyber security, though, these updates are vital in keeping your network safe.
The consequences of not installing software updates and patches really cannot be overstated. One of the most infamous ransomware worms, WannaCry, was particularly devastating to the UK's National Health Service (NHS) simply because their computers—which were vital to hospital operations—were running on outdated software and had not installed a Windows security update.
It has been speculated that up to 70,000 devices—not just computers but MRI machines, theater equipment, and blood storage refrigerators—were impacted by the cyber attack.
A ransomware worm is a particularly nasty piece of software that can self-replicate, meaning once it is on a network it can quickly (and devastatingly) spread across an entire network. All in all, WannaCry impacted more than 300,000 computers across 150 countries, and the financial impact of the attack was estimated anywhere from hundreds of millions of dollars to $4 billion.
So, next time you get an update, consider it a network-enforced break, save your work, and then set your computer to update while you grab a cup of coffee. By the time you come back, the update will be installed, you'll be refreshed and your company will be safer.
