[0:00]Cybersecurity isn't just your IT team's problem. It's an enterprise-wide responsibility. And as technology advances, the risk of data breaches grows. And the reality is that it's not a matter of if a breach will happen, but when. Human error is one of the leading causes of security incidents today, which means every employee plays a critical role in protecting sensitive information at your organization. In this video, we'll cover practical tips that you can start using right away to keep your organization's data safe, but also your personal information outside of work too. Let's dive in. Tip number one: enable multifactor authentication, also known as MFA or even 2FA. Sometimes having multiple steps to validate your login can be a hassle, but adding MFA to your accounts can give you an extra layer of security. This is crucial because hackers today often log in with stolen credentials rather than break into your accounts. Use an authenticator app whenever available and report any unusual login attempts immediately to your IT team. Tip number two: Avoid organization-wide sharing links. Wait, don't make that link accessible to everyone. Sharing links that grant access to everyone in your organization, or worse, the entire internet, can expose sensitive data to the wrong audience. At Varonis, we see so many sharing links enabled, and oftentimes, they don't even get used. Instead, share files directly with the people who need them and restrict permissions to minimize your risk. If you're in security, restrict the creation of org-wide links across the business and enable employees to add labels to their digital files. This will give you better visibility into what's okay to be public and what's extremely sensitive. Tip number three: Be suspicious of links and unknown contacts. Phishing is one of the most common attack methods, and it's evolved drastically. And no, it doesn't involve a fishing rod. Attackers are calling IT help desks, impersonating you, and email messages that were once built to tell, like typos and weird email addresses are much more sophisticated now with the help of AI. So be critical of every message that comes from an external source and even internal ones that are questionable. Watch for red flags like strange sender addresses, urgent requests, or links prompting you to act quickly. When in doubt, always verify before you click a link in a message. Tip number four: Report suspicious activity immediately. Related to tip number three, if you receive a phishing email or a text, don't just ignore it. Report it to your IT team or via your cell phone immediately. Quick reporting helps prevent attackers from targeting others, and who knows, a simple button click by you could lead you to be the ultimate hero. Tip number five: Limit administrative access. Oh, you're a super admin in Salesforce? That's great, but not everyone needs to be an admin, especially if it's for a one-time task. Too many admins increases your risk, as this level of access is usually what threats are after so they can make more of an impact in your environment. Keep admin access locked down, definitely make MFA a requirement for admins and review requests carefully. IT teams can also enable a solution that lets them set expiration dates for elevated permissions as an extra layer of precaution, in case there are situations where admin access is only needed for a short period. Tip number six: Assess third-party app access. Imagine signing up for the latest social networking app, and to bypass filling out a lengthy form, you simply connect it to your Gmail account. And unknowingly, you open up access to all your information. While creating accounts via third-party apps can be a time saver, you also risk exposing sensitive information if you're not careful. Regularly review your app permissions to understand how they are using your data, and remove access for apps you no longer use.
[4:04]High-risk apps should be disconnected entirely. If your identity is compromised in Salesforce, and that's connected to your Gmail, which is connected to your bank account, et cetera, et cetera, the impact can truly be catastrophic. Tip number seven: Use public Wi-Fi with caution. Free Wi-Fi can be a hacker's playground. Avoid connecting to unknown networks and clear them from your device after use. This includes local cafés, airports, stadiums, all of them. So if you do connect to a public Wi-Fi, don't log into accounts that hold critical information like your banking app or company systems. That's exactly what a threat is hoping for. Tip number eight: Be careful with AI tools. AI, AI, AI. While the productivity benefits are huge, always use AI tools with caution, never share sensitive information with them, and double check what your organization's AI policies are. This helps keep your identity within a tool like Copilot in the clear if it were to get compromised. Also, know that threats are using LLMs too and can easily exploit them. Varonis Threat Labs uncovered a method for attackers to do this exactly in Microsoft Copilot personal. I'll leave a link in the description if you're curious. A lot of this happens without you even knowing. So just remember, while AI is a great productivity enhancer, use it in the most secure way possible. If you're using an AI tool and the results start coming back questionable, report it to your security team right away. Tip number nine: Perform routine updates for your devices and apps. Another computer update? Well, yes, the update alerts we get usually mean the provider, like Apple for example, patched vulnerabilities that attackers could exploit. Restarting your device may take some time, but don't delay. Install updates as soon as they become available. Also ensure you're not automatically enrolling in new features about how your data is being used within apps and programs as well. A majority of the time, there are options to explicitly deny apps from using your data. Tip number ten: Use a password manager. Hackers are buying stolen credentials to log into your accounts. Password managers can help create strong, unique passwords for every account so you're not questioning if you used any numbers, special characters, or having to constantly create new passwords you can't remember. Never share your passwords and don't reuse them. Combine a password manager with MFA for maximum protection. Strong security practices start with informed employees, so take action today. Cybersecurity is everyone's responsibility. By following these tips, you're not just protecting your own data, you're safeguarding your entire organization. Want to learn more about cybersecurity and how to protect data? Subscribe to Varonis's YouTube channel. Our team of experts are always sharing new insights into data security and how enterprises can stop a breach before it occurs.
