15 simple steps to increase safety at work

No one wants to feel burnt out at work. Battling physical or emotional exhaustion can quickly affect your health, happiness, commitment and any sense of professional fulfilment. It can also affect your productivity and the likelihood that you'll make a mistake that puts your company's data at risk.

Every workplace needs a good and easy safety culture

While there are many factors and work tasks that can lead to burnout, maintaining a good safety culture shouldn't be one of them. Today, many well-meaning companies bombard their employees with safety policies that are difficult to understand and disrupt their usual workflow. The truth is that it doesn't take much to protect yourself from the vast majority of cyber attacks.

It is therefore important that security measures are easy for all employees to understand and implement, creating a secure working environment without compromising on day-to-day operations.

1. Use strong, unique passwords

This means no common passwords like "123456", "qwerty" and "password" or anything that includes your name or date of birth. They also need to be long - we recommend at least 16 characters.

All your passwords should also be unique. You can use Single-Sign On (SSO) at work, which lets you log in to multiple apps and services with the same credentials. However, it doesn't matter if you need to remember 10 or 10,000 passwords - they all still need to be strong and unique. If you use the same set of characters for everything, you're putting the workplace at risk.

Of course, no one can remember 100 different passwords - especially if they're random strings like "UmxT9t4s8B6sVhr6mvSo." The solution? Use a password manager that can generate and remember strong passwords for you.

2. Share passwords securely

Everyone has passwords that they need to share from time to time. It could be the office Wi-Fi password, a subscription to a trade publication or the license key to a specific app.

Don't rely on post-it notes, insecure text messages, emails, spreadsheets or random text documents for these - use a password manager instead. It's secure and convenient because everyone knows exactly where to find your shared credentials.

3. Use two-factor authentication wherever possible

Two-factor authentication (2FA) is an extra layer of security that protects your accounts from hackers who want to steal your information.

Here's how it works: You can ask for a time-based one-time password to be sent every time someone tries to log in to your account - this can be via email, a dedicated authentication app or SMS. The person trying to log in will then be asked to submit the one-time code along with your password. It's a great system because it's unlikely that a hacker has access to both the password and the place where you retrieve your one-time passwords.

4. Keep your devices updated

Most operating systems allow you to apply security updates automatically. As a general rule, you should only use hardware that can run the latest version of Windows, macOS, Linux, iOS or Android. And don't use an operating system that no longer receives security updates, like Windows 7 - especially if you plan to use the internet.

5. Protect your devices with a strong password or PIN

This means your PIN can't be "1111" or the year you were born (they're simply too easy for a criminal to guess). Alternatively, you can use a biometric unlock method like Windows Hello or Face ID. Both are convenient without compromising your device's overall security.

6. Consider encrypting your hard drives

Full-disk encryption (FDE) protects your system's entire hard drive, including the operating system. If an attacker stole your device, they would be required to provide the encryption key - which typically comes in the form of a password - to complete the boot process and gain access to all data on the drive. To get started, follow the instructions provided by Apple, Microsoft or Linux.

7. Don't leave your devices unattended

Don't forget to be vigilant in cafes, hotel lobbies and other public spaces. You should never leave your devices unattended, and if you need to get up for a moment - to say hello to someone or pick up a coffee, for example - you should lock them or take them with you, just in case.

The same principle applies to the office. Lock your devices when you leave your desk, just to be on the safe side. You don't want to give someone the chance to read your emails, steal sensitive company data or take a picture of that top-secret project you're working on.

8. Turn on any 'Find My' feature that's availablecommon

You may work for a company that uses mobile device management (MDM) software to help them track lost hardware. If not, consider enabling any "Find My" service available on your devices. As the name suggests, it will help you locate your laptop, tablet or phone if it ever goes missing.

If you're particularly forgetful, consider investing in some Bluetooth trackers - like those made by Tile or Apple's AirTags - for other possessions that don't have a Find My service built in.

9. Keep your work and personal life separate

If you've got a work computer, remember that it's just that: a device for work. Don't give it to your kids to play Fortnite or to an elderly relative who's desperate to check their emails.

If you have permission to use your device outside of work, take special care to ensure your personal and company data are kept separate.

10. Protect your home router

If you work from home, remember that your home router needs to be updated from time to time, just like your phone and computer. You should opt in to automatic updates or periodically check for new security patches.

You should also protect your router with strong, unique passwords. This includes the router's password - which is required to change various settings - and the password for the Wi-Fi network.

11. Be careful when connecting to public Wi-Fi networks

If you have updated your router and set a strong password, you can be sure that your home Wi-Fi network is quite secure. And if you work in an office, you should be able to rely on the building's Wi-Fi. In public, however, it's a different story.

Some public Wi-Fi networks are secure, but a lot aren't. Hackers can use the latter to steal information from your internet traffic and use that information to carry out various cyber attacks.

But that doesn't mean you should never use a public Wi-Fi network. You can protect yourself by using a VPN and avoiding Wi-Fi networks with suspicious names.

12. Think about segmentation when using apps like Slack and Microsoft Teams

The pandemic has forced more companies to experiment with apps like Slack, Microsoft Teams and Discord. They are great, but need to be used responsibly. Stop and think before you invite someone into a new chat room, group or channel. Do they really need access to a management-level discussion? And should that access be revoked after a period of time?

It's important to use groups and rooms, each with their own privacy settings, to store information on a need-to-know basis. Otherwise, sensitive information is more likely to leak or accidentally be shared with someone outside your organization.

13. Make sure strangers can't join your video calls

You don't want a random person sneaking into your company's quarterly audit meeting. If you use a platform like Zoom, make sure the call is private and invite-only. And if you have a shareable link, be careful where you share it.

14. Beware of files stored in the cloud

Many people use cloud-based platforms like Google Docs and Microsoft Office Online at work. If you need to share a project with someone else, be aware of the privacy and permission settings you have chosen. If the file is sensitive, make sure only invited people - rather than everyone with the correct link - can open it.

15. Beware of phishing emails

This is one of the best ways to maintain a culture of security in the workplace. Cybercriminals will often impersonate a reputable company or individual - a tactic known as phishing - and encourage you to click on a link that appears legitimate but actually sends you to a malicious website designed to steal your credentials or personal information.

Keep your eyes open for phishing attempts. Check the sender's email address and whether you have received any messages from them before. Scan for spelling mistakes and pay close attention to any language that suggests you need to take quick, drastic action. If anything seems off, contact the suspected sender by other means and check that the email is authentic.