Cybersecurity Awareness Month might come and go each October, but the need for vigilance remains constant. While a month dedicated to cybersecurity is a great chance to get your hands on a range of invaluable resources, learn some top tips, and spark inspiration to prioritise cybersecurity, limiting our attention to just one month can result in a dangerous gap.
Cyber criminals don’t take breaks just because October is over, and neither should our awareness of potential threats. Instead, we should use Cybersecurity Awareness Month as a starting point, and reframe it as an annual reminder to foster ongoing, daily habits that help us to reinforce our digital safety each and every day.
With this in mind, we have put together twelve top tips to help you make cybersecurity awareness a natural part of your everyday routine, ensuring a robust, longlasting plan which will support your employees and protect your business for years to come.
A “Think Before You Click” habit can be as instinctive as locking your door when you leave the house - but you need to kickstart the trend. Encourage your team to be mindful when dealing with emails and online content by taking a split-second pause before clicking - when over 90% of cyber attacks start with phishing, taking this extra moment could be a lifesaver.
Make it a habit to always pause for a moment before clicking on any links or attachments, and to ask yourself “is this legitimate” before opening anything which may seem suspicious, or which is unexpected. Tricks such as hovering over the link to check the destination, noting whether the link is asking you to do something strange or out of the ordinary, or even just checking with the original sender only take a few moments, but could help reduce the risk of falling victim to a phishing scam.
Weak passwords make up around 80% of data breaches, and yet 41% of users recycle the same password on 10 or more apps and websites. The strength of a password is a key deterrent against cyber attacks, so make it a habit to use unique, complex passwords across accounts.
If permitted by your organisation, make good use of a secure password manager - this will allow you to generate and store a range of unique passwords safely and securely. Treat password changes like updating an address book, and consider quarterly “password checkups” as a team activity to review and improve password practices.
Two-Factor Authentication (2FA) provides an extra layer of security that can become second nature with a little practice, and which requires no extra effort on behalf of your team. Encourage team members to enable 2FA on all business accounts and critical applications - studies suggest that, when used correctly, 2FA and MFA (Multi Factor Authentication) can offer up to 99.99% protection for your accounts.
Make logging in with 2FA a daily habit by simplifying the process - take steps to have mobile authenticator apps readily accessible for your team, and emphasise that this small extra step can deter unauthorised access.
Too many of us tend to delay software updates, but these often contain critical security patches and fixes that are imperative to protecting against evolving threats.
Set aside a time each week, such as Monday mornings, for employees to review and update their devices, and encourage them to schedule this into their diaries, as they would any other compulsory meeting or event. This habit keeps systems resilient against emerging threats by ensuring that everything is always up to date and protected.
Public WiFi is often convenient but can be a risky gateway for cyber threats, and four out of ten people have had their information compromised while using public Wi-Fi. Remind team members to use secure, private networks whenever working on company assignments, especially for sensitive tasks. If using public WiFi is unavoidable, encourage the use of a virtual private network (VPN) for extra protection. Make connecting securely a norm by discussing this at monthly team meetings, particularly if employees travel or work remotely, or by investing in a team VPN plan for maximum security.
Just as you wouldn’t leave your home unlocked, it is crucial to make locking devices a consistent part of the day, whether at home or in the office. Encourage automatic locking on all devices, from laptops to mobile phones, after short periods of inactivity. This habit can be strengthened by reminders in meetings and quick tips on device lock settings, making it a natural part of routine, like locking an office door.
Good file storage is key to preventing accidental data exposure or loss, and needs to be built into everyday habits and routines. Regularly remind team members to save files to secure, encrypted locations rather than on local drives or unprotected USBs, and make sure your business provides clear, streamlined access to secure storage solutions to make this normal, standard practice within your workplace.
Scams often start with unsolicited communications, whether emails, texts, or calls. 2024 saw 94% of organisations fall victim to phishing attacks, and 96% of these victims were negatively impacted by the breach.
Develop an instinct to question unexpected requests or messages by checking the sender’s information and validating requests with the official contact on file. Implement a rule of thumb: when in doubt, don’t respond, and verify independently. A quarterly “Phishing Drill” can help reinforce this habit.
Create an environment where reporting suspicious activity is quick and simple. Encourage a “See Something, Say Something” habit, empowering employees to flag any unusual emails or messages to IT immediately. Reinforce that no concern is too small, and make the reporting process simple—such as a dedicated Slack channel or email address—to streamline this essential habit.
It is a temptation we have all given into - you need to step away from your desk at the end of the day, and simply click on the “X” to close the screen. That should be enough, right? In truth, failing to log out of your accounts properly can be a major cybersecurity risk. Your system may keep you logged in, allowing anyone to simply boot up your browser and access confidential information. Take the extra moment, and log out properly before leaving a site.
Before sharing any sensitive information, take a moment to verify the recipient’s identity and confirm that the channel is secure. Cybercriminals often impersonate colleagues or external partners, tricking people into divulging confidential data. By pausing to double-check email addresses, phone numbers, or other details, you significantly reduce the risk of sending information to a fraudulent source. This habit, though small, is crucial in ensuring sensitive data stays in trusted hands and out of reach from cyber threats.
Cybersecurity threats are constantly evolving, and staying informed is crucial. Make it a habit to read up on new cybersecurity risks and trends, or attend a webinar every few months. Even a quick scan of industry news can provide insight into emerging threats and new security practices. This ongoing education not only keeps your knowledge current but also reinforces a proactive mindset, helping you spot potential risks before they become problems.
Quality cybersecurity awareness training is also crucial - but the trick is to keep your staff engaged. Investing in outsourced quality training can be money well spent, and options like Bob’s Business offer unique, fun and engaging solutions which ensure that knowledge is up to date, and will make developing good cybersecurity habits second nature.
Building year-round cybersecurity habits takes commitment, but the payoff is invaluable: a safer, more resilient workplace that stands ready against ever-evolving cyber threats.
By incorporating these twelve habits into your routine, you and your team can foster a proactive culture of security, upgrading cybersecurity from a once-a-year checklist every October into an integral daily practice. periodic task essential for compliance, into a seamless part of everyday life.
Small but consistent actions, such as double-checking before you share a file, thinking before you click, or saying something when you see something, can help to create a ripple effect across your business - and when cybersecurity becomes everyone’s responsibility, your organisation will stand ready to combat evolving threats every day of the year. Remember, cybersecurity is for life: not just for October.
Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.