How to take your customers’ security awareness to the next level in 2020
Linda Misauer gives some great tips and looks into mobile phone security
At the start of a new year, many of us like to focus on our goals for the upcoming year and do some general ‘life’ housekeeping. When it comes to information security, it’s crucial to review your systems, processes, and procedures at least annually to ensure that your security is as tight as it can be. But that’s not all, improving customer security awareness has to be a key priority.
Unfortunately, all that hard work will be for nothing if your customers are going to hand the key to would-be attackers on a silver platter. Which brings us to the importance of customer education and protecting your own privacy.
We often see awareness communications that are very general and high level – such as:
- Protect your devices
- Beware of phishing emails
- What communications to expect from the company
- What communications you shouldn’t expect from the company
- Don’t share your access details with anyone
Although these are useful, in many cases your customers won’t necessarily link each one to a specific risky behavior.
For example, “don’t share your access details” doesn’t only refer to sharing it verbally with a coworker, it also means not saving your username and password in your browser or connecting to the internet via public wifi. These actions can be as risky as writing your password on a sticky note and leaving that on your desk.
Make 2020 the year you take your customers’ security awareness to the next level
Here are some tips:
- Be specific in your communications about security – using examples or scenarios helps to highlight risky behavior (see examples below)
- Send a series of communications (at least one per month). Pick a theme and coordinate messages across all communication channels
- Keep it relevant to the specific customer. You don’t want to send mobile app security tips if they don’t use your app
- Keep it simple and understandable to a non-technical person or provide links to more information and detailed instructions
- Provide clear actions
- Include Instructions of what to do if your customers suspect a security issue
Mobile phone security is a great place to start
Mobile phones are computers too. They are often overlooked as a device that needs protection, yet they are used extensively to interact with your company’s communications, apps, and portals.
How to educate your customers on mobile phone security:
Ben received a new phone for Christmas, which he is going to use to receive emails, access your app and log in to your website.
Give Ben advice on how to secure his new phone:
- Set your phone to auto-lock after 3 minutes
- Make sure it’s only accessible with a password, pin or biometric info
- Use caller protection apps to identify unwanted callers
- Install an antivirus application
- Encrypt your device, so that the phone’s data is unreadable if stolen without the password
- Use two-factor authentication on all apps and portals that offer this security option
- Activate biometrics
Ben also needs to know how to secure his old phone:
- Reset to factory settings or wipe the device remotely
- Notify companies whose apps are linked to a device
Jillian is at the airport and realizes she hasn’t downloaded anything to read, and doesn’t have enough battery to last for the duration of the flight
As convenient as public services are, they also come with risks. Give Jillian advice about using her phone in public.
- Don’t access public Wifi without a VPN
- Avoid charging your phone in public ports – connecting to a public port does more than charge your phone — it also transmits data
- Beware of shoulder surfing when accessing personal or confidential information
- Turn off your BlueTooth and Wi-Fi when not in use
- Password protect your hotspot, so it cannot be used by random devices
Jillian could also benefit from some tips on security maintenance:
- Update your phone’s software regularly
- Only download apps from the official app stores and don’t ever jailbreak or root your device
- Store passwords in a password security tool that encrypts them
- Regularly review apps’ access permissions
- Remove unused apps
Remember, it helps to link to more information, that includes detailed instructions to the less tech-savvy audience.
To check it off your list once a year is not good enough. Design full campaigns of useful, actionable information, based on all aspects of cybersecurity to help educate and protect your consumers from cybercrime.