3 min

Top 3 Fundamentals of Being a Smart Digital Citizen

How employee cyber hygiene can make or break an organization’s security posture.


Cybersecurity awareness has – to no surprise – been on the rise since 2020, when many Canadians packed up their cubicles and brought the office home with them. Today, cybersecurity remains one of the most well-recognized and enduring issues facing Canadians. According to our latest Security Study, the risk of data loss, lockouts and service disruptions are top of mind for business leaders across industries, and the importance of safeguarding customer, employee and partner data and ensuring the continuity of business operations is paramount.

Despite its notoriety, cybersecurity exposure and concerns continue to rise, especially as financial and personnel challenges remain key barriers for Canadian businesses. The commercialization of cybercrime has made it easier for criminals to exploit vulnerabilities on a massive scale, and while cybercrime is a very conspicuous issue, hackers are inconspicuous, and have refined their tactics to cleverly evade detection.

The threats of data breaches and ransomware are not going away, and neither is our work-from-anywhere reality. This Cybersecurity Awareness Month, we are going back to the basics of how to help employees instill healthy habits that reduce not only their own cyber risk, but that of their employer.

1. Make sure networks are secure

The most robust cybersecurity hygiene begins by proofing day-to-day activities. In fact, our Rooting out Risks report on penetration testing found that 49 percent of Canadian IT professionals believe the shift to a hybrid/remote work model has heightened their organization’s security risks. As the lines between work and home continue to be blurred, situational awareness is key. Be wary of public Wi-Fi networks, such as ones at local coffee shops or in airports and trains. In these instances, it’s safer to use a mobile hotspot to keep your work and employer secure.

2. Keep your devices up to date

For cybercriminals, finding new ways to avoid detection while they derail an organization’s business operations is a full-time job. To keep hackers out, it is critical for employees to stay up to date on device updates and schedule regular reminders to reset passwords. Better yet, activating multi-factor authentication systems across all devices – both personal and professional – is recommended to further strengthen identity and access management.

3. Know who to call for recovery

Ransomware as a Service has become an industry of its own, and phishing has expanded to install undetected backdoors to allow repeat attacks. Phishing emails are one of the most common and successful cyberattacks, as they often imitate real and familiar emails such as delivery notifications, invoices, or even requests from a manager or CEO. These scams can be hard to detect and are easy to engage with by mistake. With just one click on a link, hackers not only gain access to the employee’s information, but also the information of anyone else connected to that email - such as customers, partners, suppliers and coworkers.

While preventative measures are key, it is equally important for employees to understand the protocol for recovery in the event of an incident. If an employee does fall victim to a suspicious link or phishing email, it is critical to:

  • Have help on speed dial. When in doubt, employees should be able to pick up the phone and know who to call. Addressing the issue in real time is critical to minimizing risk and the spread of impact.
  • Don’t be shy – be safe. Create a culture where employees are not embarrassed about making mistakes and asking for help. Rather than blaming or shaming them, help find a safe solution and empower employees with the education and resources to be better equipped moving forward.