When it comes to technical capabilities, do you ever feel like your "can't do" list is longer than your "can do" one? That's understandable. So much has changed over time, and it's not easy to keep up — especially if you're not immersed in the tech industry on a day-to-day basis.

But you don't have to flounder in the dark or become a security liability just because you aren't a tech whiz.

CYBER Awareness Tips for the Less Tech Savvy

First, stop beating yourself up! You're reading this post, so chances are you're already pretty aware of the issues lack of awareness can cause. These tips can help you remain in the know, even as times change and security threats evolve.

1. Take awareness training courses

This tip's relatively obvious. If you don't understand something, learn about it! No good security awareness class is going to tell you that you need to learn how to install a firewall or complete patch management on a server, because you don't. People specialize because it's impossible for everyone to know everything, after all. But a good class (or webinar, or blog post series) will reveal some simple triggers to which you can respond, and help you create your own.

2. Keep it at home

If you don't want your stuff to get stolen while you're out at night, you leave it at home or lock it in your car. The same should go for your personal information. Keep personal email, personal browsing preferences and personal sites (like Facebook and your bank) off of your employer's network.

That can be difficult, because sitting at your desk grinding away all day without browsing is a big ask. But a simple search and click can represent a lot of unnecessary business risk. Alex Insley, Twinstate's Unified Defense Strategies technical manager, gives an example:

An employee at a small firm wanted to check on his golf lesson time. He browsed to the website and it had a bunch of malicious code (unbeknownst to the site operator, to be sure) which infected his machine. "The road to infection is paved with good intentions," says Insley.

Another takeaway from that story? "That was a leader. You shouldn’t let your position dictate what you can get away with," says Insley. "Each employee is equally responsible for security in that respect."

Recommended Read: The Basics of Information Security Awareness Training

3. Create reminders

Even if you try your hardest, staying constantly vigilant is an incredible challenge. And you might not always know what a threat looks like or where it's coming from (in fact, it's likely you won't know about it all until it's too late). So create reminders for yourself. A post-it note on your work computer that says "don't visit any websites for personal reasons!" is a good start.

You could also stick a note to your phone that reminds you that every call could be a potential social engineering opportunity for the caller. And we do mean every call. Just because someone says they're from a certain company and are looking for information about your web browser version (for example) doesn't mean that they're telling the truth, or that you should divulge that information — which brings us to our next tip.

Every call could be a potential social engineering opportunity for the caller. Click to tweet

4. Develop a healthy level of distrust

It sounds incredibly negative, but we promise that when it comes to protecting security, distrust is a positive thing! If you want to be more aware of security threats without diving too deeply into the world of tech, developing and maintaining a certain level of distrust is a must. We're not saying you need to be mean to people asking for information, but you should be aware that things aren't always what they seem. Not everyone is honest, and even those who are have infinite potential to make security mistakes.

We suggest doing some research on social engineering and phishing to get a sense of the need for distrust.

5. Enlist help

Our last tip involves your fellow employees and team members, and may even include leadership. If, after all you've learned, you feel that your organization could improve security through awareness, make a suggestion.

Ask for a checklist of preliminary questions to run through every time you receive an email, one for each time you're going to visit a new web address, and one for phone calls. For instance, your IT team might create a checklist for emails with items/questions like: Were you expecting to receive this email? Does the sender's signature exactly match the "from" address? Have you spoken to the sender about this email specifically? If you answered yes to all of these questions, you might be given the go-ahead to click on a link within that email. Otherwise? Let that distrust kick in.

Read more about cyber awareness:

Originally published on 10/06/2016

Topic: IT Security