Don’t let the holidays catch you unaware – 10 security awareness best practices

Dec 19, 2023 | Blog, Security Awareness Training

As we are full swing into the holidays, we all need a reminder of the best security awareness practices. We’re busy, stressed, and our minds may be going in several different directions. Plus, we’ve placed orders, shipped things, and are looking out for last-minute deals. So that email from the bank to review our latest debit card purchase catches us unaware.

Here are 10 security awareness best practices

Keep you and your system safe and less vulnerable to cyber attacks. Humans are the weakest link and the first line of defense!

1. Follow instructions from your IT department
Follow the instructions your IT department gives you. If there’s a new app or process you need to follow, do it. They have your best interest in mind and are giving you the best tools to stay connected and secure.

2. Update your apps and OS
New vulnerabilities are always being found in applications and operating systems. Usually, updates come out that patch these vulnerabilities, but cyber criminals look to exploit those systems that aren’t updated. So it’s important to regularly update everything installed on any device that you use for work.

3. Use a VPN
If you’re using a Wi-Fi connection that isn’t your home network, such as public Wi-Fi, be extra careful. These connections are often not encrypted and can leave you vulnerable to hackers. To prevent others connected to this Wi-Fi network from spying on you, use a virtual private network. When you’re connected through a VPN, all your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.

4. Lock your devices
Stepping away from your desk even for a moment could lead to disastrous consequences. Devices should remain locked if left unattended. Setting up a password on your computer or mobile devices is important. Even if you have a password on your device, that won’t protect you if you walk away from your device leaving it unlocked and easily accessible.

5. Be aware of phishing attacks
A phishing email is a kind of cyber attack in which an attacker tries to get sensitive information from you by disguising themselves as someone else. The point of phishing emails is for you to click on a link or to download a file. When successfully done, phishing emails gain what we call the big three: Access, Information, and Data.

6. Be aware of vishing scams
A vishing attack is a specific type of cyber attack that uses a phone to steal your personal confidential information. While this may sound like a good old fashioned spam call, vishing is much more high tech than just an automated message saying “you’ve won a free vacation.” Vishing scams are not only common, they are extremely dangerous. Most vishing calls that occur already have some sort of information about you, so it could seem legitimate at first sight. However, always ask questions and never divulge sensitive information over the phone.

7. Use strong passwords
Passwords are not only a great way to keep your information safe, it is also completely necessary for almost every site you will need to get your work done and access your personal data. Simple passwords can leave you very vulnerable to threat actors ready to steal your most important data, access and information. Make your password unique and complex. Avoid personal info. Try using a passphrase instead of a password.

8. Be aware of physical threats
Physical security flaws can put your personal information and your company’s data at risk just as much as a cyber attack. When it comes to physical security, there are many dangers to be aware of. The most common are tailgating and shoulder surfing. Tailgating happens when someone follows you into your building without proper access. Never allow someone access to your office unless they can show proof they should be there. Shoulder surfing can be difficult to spot. You never know who is peering over your shoulder while you are entering sensitive information on your device. Whether you are at your desk or in a coffee shop, always be aware of your surroundings.

9. Ensure your mobile devices are secure
Having a mobile device has changed the way we work and even the way we play. In order to keep your devices as secure as possible, we recommend always locking your devices, keeping them updated, staying away from unsecured Wi-Fi, and keeping your devices close to avoid physical theft. Awareness from the owner is the best defense against all mobile device attacks.

10. Practice proper incident response
Reporting incidents allows the necessary IT heroes to take action and respond to security issues that arise. Having a proper incident response plan in place can help you spot, avoid, and report cyber security incidents that are threatening your company.

How can Duffy help? Making sure you and your employees are undergoing constant security awareness training is one step you can take against the ever-evolving cyber attacks. Contact us today for more information as we have several training options.

Subscribe to Our Monthly Newsletter

Free education for cybersecurity.


Your personal information will not be shared and you are able to unsubscribe at any time.