Skip to content
Home » Blog » Employee Checklist for Reducing Cybersecurity Risks

Employee Checklist for Reducing Cybersecurity Risks

In today’s interconnected world, personal and professional lives merge online, leaving trails that can expose us—and our companies—to cyber risks. While businesses invest heavily in cybersecurity, individual online activities remain an often overlooked vulnerability.

To help you proactively safeguard yourself and your organization, we’ve created a checklist of practical action items, essential tips, and best practices. From securing personal accounts to managing data privacy, this guide provides straightforward steps to better protect yourself and your company.

1. Update Privacy Settings & Permissions.

Regularly reviewing and updating privacy settings and permissions is crucial for controlling who has access to your personal information. If your online accounts or profiles are not properly restricted, hackers could easily access details like your birthdate, home address, and employment information. They could use this data to impersonate you, gain unauthorized access to your accounts, or craft convincing phishing messages.

  • Disable Unnecessary Permissions: Go through the privacy settings for each app on your device to ensure only necessary data is shared. Remove or restrict permissions that aren’t essential for the app’s function. For example, a photo-editing app may need access to your gallery but shouldn’t need access to your microphone or messages.
  • Turn Off Permissions When Not in Use: For apps you don’t use frequently, consider turning off permissions (like camera, microphone, or location) and enabling them only when needed.
  • Turn Off Location Sharing: Disable location tracking and sharing features on apps that don’t require it for their primary functionality.
  • Update Privacy Settings for Email Accounts: Modify your email privacy settings to control who can see your details or contact you. Enable filters and security options that limit spam or phishing attempts.
  • Review Privacy Settings on Browsers: Adjust your web browser settings to block third-party cookies and limit the data websites collect. Enable ‘Do Not Track’ requests if your browser supports it.
  • Check Permissions for Cloud Storage Services: Ensure that your cloud storage accounts have restricted access and are only shared with trusted individuals. Review and revoke shared links that are no longer needed.

2. Avoid Oversharing On Social Media.

Oversharing online, especially on social media, can create vulnerabilities as cybercriminals often exploit shared details for phishing attempts or social engineering attacks. Employees should be mindful of the information they disclose and who might have access to it.

  • Limit Public Information on Online Profiles: Remove or hide personal details such as your phone number, address, and date of birth from your social media profiles.
  • Think Before You Post: Be mindful of what you share on social media, forums, etc. Avoid posting real-time updates about where you are, what you’re doing, or who you’re with. Cybercriminals can use this information to build a more detailed profile of you and craft a more targeted attack.
  • Check Audience Settings: Ensure that the audience for your posts (friends, public, etc.) is appropriate for the information you are sharing. Set your profiles to private and customize your audience settings to limit visibility to trusted contacts only.
  • Don’t Accept Every Connection/Friend Request: Be selective about who you connect with online. Accept requests from people you know or can verify as legitimate contacts and avoid engaging with unfamiliar profiles.
  • Limit Work-Related Posts: Avoid sharing specific details about projects, clients, internal challenges, operational issues, or other sensitive company information. If you must post about work, keep it general and avoid sharing anything that could compromise security.
  • Separate Personal and Professional Accounts: If possible, maintain separate accounts for personal and professional use. This allows you to share work-related content selectively and keep personal posts more private.

3. Use Strong, Unique Passwords.

Creating strong, unique passwords is one of the most effective ways to protect personal and organizational data. Cybercriminals often use password-cracking techniques to gain access to accounts, so employees should prioritize password security.

  • Create Complex Passwords: Use a mix of uppercase and lowercase letters, numbers, and symbols. Aim for at least 12 characters.
  • Use Unique Passwords for Each Account: We surveyed 300+ information security professionals and found that 77% believe their employees reuse passwords frequently. Avoid reusing passwords to prevent one breach from impacting multiple accounts.
  • Avoid Common Words: Don’t use easily guessed information like birthdays, names, or common words.
  • Use a Password Manager: Store all your complex passwords securely with a password manager to keep track of them. These tools help reduce the re-use of passwords and make it easier to use strong, unique passwords for all of your accounts.
  • Update Regularly: Change passwords periodically, especially if you suspect an account might be compromised.

4. Delete Unused Accounts.

Inactive online accounts can pose serious security risks, especially if they contain outdated information or are protected by weak passwords. Conducting regular digital cleanups allows employees to eliminate unnecessary accounts and reduce their attack surface. By deleting these accounts, individuals can minimize potential pathways for cybercriminals to access sensitive data.

  • Create an Account Inventory: List all your online accounts, including those you may have forgotten, by reviewing old emails, browser-saved passwords, and app lists.
  • Delete Unused Accounts: Close any accounts that you no longer use, ensuring you follow the proper process to permanently delete them, not just deactivate them.
  • Remove Personal Information from Inactive Accounts: If you decide to keep an account inactive but not delete it, remove any personal data stored on it to limit exposure.
  • Unlink Connected Accounts: Disconnect third-party applications or accounts (e.g., social media logins) that are linked to your inactive accounts to prevent access through shared credentials.
  • Keep Track of Active Accounts: Use a password manager to maintain an updated list of your active accounts, making future digital cleanups easier.
  • Schedule Regular Digital Cleanups: Set a recurring reminder (e.g., every six months) to review your online accounts, delete inactive ones, and verify that the remaining accounts are secure.

5. Enable Multi-Factor Authentication (MFA).

Implementing multi-factor authentication (MFA) provides an additional layer of security that helps protect accounts from unauthorized access. Even if a password is compromised, MFA requires a secondary verification method, making it significantly harder for cybercriminals to infiltrate accounts.

  • Activate MFA: Start by enabling MFA for accounts that contain sensitive information, including email, banking, company systems, and cloud storage accounts.
  • Use an Authenticator App: Choose app-based authentication (e.g., Google Authenticator) over SMS when possible. Authenticator apps provide one-time codes that are more secure than SMS-based MFA, which can be vulnerable to SIM-swapping attacks.
  • Use Biometric MFA if Available: Biometrics, like fingerprint or facial recognition, provide another strong layer of protection that’s convenient to use.
  • Review MFA Settings: Check and update MFA settings periodically, especially after any device changes. Ensure you’re aware of where and how MFA is enabled across your accounts.
  • Back-Up Your Authentication Codes:  Some platforms offer backup codes in case you lose access to your authentication device. Store these codes securely offline or in a secure password manager. This way, if you lose access to your device, you can still access your accounts.
  • Avoid Using the Same Device for MFA and Access: Where possible, use a different device for MFA verification than the one you use to log in. For example, authenticate your login on a phone when accessing work systems on a computer.
  • Stay Alert to MFA Fatigue Attacks: Hackers may attempt to repeatedly trigger MFA requests to annoy users into accepting an authentication attempt out of frustration. If you receive unexpected requests, decline them and report the incident if possible.
  • Be Cautious with Recovery Methods: Some accounts offer email or security questions as a backup method. Make sure these options are secure by using complex answers.

6. Be Selective About Your Apps.

Choosing apps carefully and reviewing their permissions can significantly reduce exposure to potential security risks. Employees should only download apps from trusted sources and carefully evaluate the permissions requested by each app.

  • Read App Reviews and Ratings: Reviews and ratings can provide insights into potential security issues. Watch for red flags like mentions of intrusive ads, unexpected behavior, or privacy concerns raised by other users.
  • Delete Unnecessary Apps: Old or unused apps can still access your data in the background. Regularly delete apps you no longer use to reduce your exposure to unnecessary risks.
  • Download Only from Official App Stores: Stick to official app stores like Google Play or the Apple App Store, which enforce stricter security and verification measures. Avoid downloading apps from unknown websites or third-party stores.
  • Update Apps Regularly: App updates often contain important security patches. Keep your apps updated to benefit from the latest security improvements and minimize vulnerabilities.
  • Be Wary of Social Media or Game App Permissions: Social media and gaming apps often request a range of permissions for data collection. Only allow permissions essential to the functionality and avoid connecting these apps to other social accounts.

7. Regularly Monitor Your Online Presence.

Monitoring your online presence allows employees to stay aware of how and when their personal information is shared. Conducting regular searches for your name can help identify unauthorized usage of data and enable swift action to protect your privacy. This proactive approach helps employees manage their digital footprints effectively.

  • Google Yourself: Regularly search for your name in incognito mode to see what information is publicly available about you.
  • Set Up Alerts: Use tools like Google Alerts to notify you when your name or other personal information appears online.
  • Take Action: If you find unauthorized information or accounts, take steps to remove or report them.
  • Leverage Your Company’s Tech Stack: Ask your employer if they use a Digital Footprint Assessment tool such as Digital Risk Inc. These tools go beyond a simple Google search and account for risks on the Deep and Dark Web. They will identify and score exposures, data breaches, and impersonations on your behalf and provide you with easy-to-follow remediation actions.

8. Avoid Clickbait and Suspicious Links.

Being cautious about clicking on links in emails or online can help prevent falling victim to phishing attempts or malware infections. This vigilance is essential in maintaining cybersecurity and protecting sensitive information.

  • Verify the Sender: Always check the sender’s email address to confirm it’s legitimate. Be cautious of addresses that mimic known contacts but have slight misspellings or odd characters.
  • Hover Over Links: Before clicking any link, hover over it to preview the URL. Ensure it matches the expected destination and comes from a trusted source.
  • Look for Red Flags: Be wary of emails with urgent language, spelling errors, or unexpected attachments. These are common signs of phishing attempts.
  • Avoid Clicking Shortened URLs: Be cautious with shortened links, as they can mask the real destination. Use a link expander tool if you need to verify the full URL.
  • Enable Anti-Phishing Features: Use browser and email security features that help identify and block suspicious links and phishing attempts.
  • Check for HTTPS: When clicking on a link that leads to a website, ensure the URL starts with “https://” to confirm it’s a secure site.
  • Contact the Sender Directly: If you receive an unexpected email from a known contact that seems suspicious, reach out to them through a different communication method to verify its legitimacy.
  • Avoid Clicking on Pop-Up Links: Be careful with pop-ups that ask you to click on links or download content, especially if they appear unsolicited.

9. Limit the Use of Public Wi-Fi.

Public Wi-Fi networks can be highly insecure, making them an easy target for cybercriminals looking to intercept sensitive data. Employees should be cautious when accessing company resources or sensitive information over public networks.

  • Stick to Password-Protected Networks: Avoid open networks whenever possible. Opt for networks that require a password, as they’re generally more secure than open, public ones.
  • Limit Sensitive Activities: Avoid accessing sensitive accounts, like online banking or work accounts, over public Wi-Fi. Wait until you’re on a trusted, private network to handle sensitive transactions.
  • Use a VPN: A Virtual Private Network (VPN) encrypts your internet traffic, adding a layer of security when using public Wi-Fi. Always connect to a VPN before accessing any sensitive information or logging into accounts over public Wi-Fi.
  • Turn Off File Sharing and AirDrop: When using public Wi-Fi, disable file-sharing features and turn off AirDrop or Bluetooth to avoid unauthorized access to your device.
  • Enable ‘Forget Network’ After Use: Set your device to forget public networks after use to prevent automatic reconnections to potentially insecure networks in the future.
  • Disable Automatic Connection: Turn off settings that allow your device to automatically connect to open Wi-Fi networks. This reduces the risk of unknowingly joining a malicious network.
  • Check Network Authenticity: Look for the official network name (often posted by legitimate businesses) and confirm with staff if possible. Hackers may set up “evil twin” networks with similar names to intercept data from unsuspecting users.
  • Keep Your Device Firewall On: A firewall acts as a barrier against unauthorized access. Make sure it’s enabled on your device for added protection, especially when using public Wi-Fi.
  • Turn Off Wi-Fi When Not Needed: Disable Wi-Fi on your device when it’s not actively in use to minimize the risk of automatically connecting to rogue networks.

10. Limit the Information You Share for Marketing and Promotions.

When signing up for marketing offers, promotions, or discounts, it’s important to be mindful of the personal information you provide. By limiting the data you share for marketing purposes, you can better protect your privacy and minimize exposures while simultaneously reducing spam.

  • Be Cautious with Personal Information: Limit the amount of personal data you provide when signing up for promotions. Avoid sharing unnecessary details, such information such as your phone number or address, unless required.
  • Create a Spam Email Address: Set up a separate email account specifically for newsletters, store promotions, and discount offers. Keep it free from personal information, so if it’s compromised, you can delete it without significant risk.
  • Use Temporary Email Services: For one-time sign-ups or promotional offers, consider using a temporary email address to safeguard your primary inbox and reduce spam.
  • Unsubscribe and Review Existing Accounts: Unsubscribe from unwanted newsletters or promotional emails. Also, review and clean up the personal information stored in existing accounts, removing or anonymizing any unnecessary details to further protect your privacy.

Final Thoughts.

Empowering your employees with the right guidance and tools to minimize cybersecurity risks is crucial for both their safety and the security of your organization. By reducing digital footprint risks, employees can help protect the company’s systems, safeguard sensitive data, and strengthen your overall bottom line.

With Digital Risk Inc., you can automate the heavy lifting in identifying and mitigating digital footprint risks. Learn more here.