Zenzero
Zenzero
Guernsey
Jersey
United Arab Emirates
United Kingdom

10 Cyber Security Tips for Employees to Stay Safe at Work

13th September 2021

Why Cyber Security Awareness Matters for Employees

In today’s digital workplace, cyber security isn’t just something that sits with IT in the background. It’s something every employee interacts with daily – often without realising it. And increasingly, it’s employees who are being targeted.

Cyber criminals tend to look for the easiest way in. That often means exploiting human behaviour rather than breaking through technical defences. Phishing emails, stolen credentials, social engineering tactics, even something as simple as unsafe browsing habits – all of these are common entry points.

The Verizon Data Breach Investigations Report found that around 60% of breaches involved a human element. That’s a clear reminder that awareness across the business really matters.

Put simply, cyber security is a shared responsibility. The small decisions people make each day – clicking a link, downloading a file, using a password – can have a big impact on keeping systems, data, and operations secure.

1. Understanding Your Role in Cyber Security

Employees are often the first line of defence. While IT teams put tools and policies in place, attackers usually go after individuals directly.

Having a basic understanding of your organisation’s cyber security policies, and knowing what “doesn’t look right”, can help stop issues before they turn into something more serious.

What to keep in mind:

  • Follow company policies around data protection and security
  • Report anything unusual – emails, login alerts, or system behaviour
  • Play your part in building a positive security culture
  • Treat cyber security as part of your day-to-day role, not an afterthought

2. Avoiding Shadow IT

Shadow IT” is the use of apps, tools, or systems that haven’t been approved by your IT team. It’s more common than you might think.

This could include uploading work files to a personal cloud account, signing up for software without approval, or using personal devices and messaging apps for work.

These tools aren’t always risky by design – but they sit outside your organisation’s security controls, which creates gaps.

Good habits:

  • Stick to approved tools and platforms
  • Encourage others to do the same
  • If something new would help, raise it with IT rather than going around them

3. Spotting Phishing and Social Engineering

Phishing is still one of the most widely used attack methods – and it works. These emails or messages are designed to look legitimate, often impersonating trusted organisations or colleagues.

They typically try to get you to click a link, download something, or share sensitive information.

Things to watch for:

  • Urgent requests for login or payment details
  • Suspicious links or unexpected attachments
  • Messages asking for confidential information out of the blue
  • Pressure to act quickly without thinking

Best approach:

  • Don’t click links or download files unless you’re confident they’re safe
  • Double-check unusual requests through another channel
  • Report anything suspicious to your IT team straight away

4. Using Strong Passwords and MFA

Passwords are still a weak point in many organisations. Reusing passwords or choosing simple ones makes it much easier for attackers to gain access.

The National Cyber Security Centre (NCSC) suggests using three random words to create passwords that are both strong and memorable.

Adding multi-factor authentication (MFA) gives you an extra layer of protection – something you know (your password) plus something you have (like your phone).

Simple steps:

  • Use a different password for each account
  • Turn on MFA wherever possible
  • Use a password manager if one is provided
  • Never share your login details

5. Keeping Work and Personal Use Separate

It can be tempting to use work devices for personal browsing or email, especially when working remotely. But this can introduce unnecessary risks.

Personal sites and services don’t always have the same level of protection as business systems, making them an easier target for malware or phishing.

Better practice:

  • Use personal devices for personal activities
  • Avoid downloading files or software onto work devices
  • Follow your company’s acceptable use policy

6. Locking Devices When You Step Away

It sounds simple, but it’s often overlooked. Leaving a device unlocked – even briefly – can expose sensitive information.

Whether you’re in the office, at home, or in a public space, it’s good practice to secure your device whenever you’re not using it.

Quick reminders:

  • Lock your screen when you step away
  • Don’t leave devices unattended in public
  • Keep badges and access cards secure

Further guidance:
https://www.cisa.gov/resources-tools/training/protect-physical-security-your-digital-devices

7. Avoiding Unknown USB Devices

USB drives can carry malware or be used to gain unauthorised access. Attackers sometimes leave them in public places, hoping someone will plug them in out of curiosity.

It’s a simple tactic – but it can be effective.

Stay safe by:

  • Only using approved USB devices
  • Never plugging in unknown drives
  • Avoiding storing sensitive data on portable devices unless authorised

More information:
https://www.cisa.gov/eviction-strategies-tool/info-countermeasures/CM0115

8. Following Company Security Policies

Security policies are there for a reason – they help protect systems, employees, and customer data.

These might cover acceptable use, remote working, data protection, and access controls.

What helps:

  • Reviewing policies regularly
  • Asking questions if something isn’t clear
  • Helping others follow the right processes

9. Being Careful on Social Media

It’s easy to overlook how much information is shared online. But even small details can be useful to an attacker trying to build a picture of your organisation.

The NCSC recommends limiting what you share publicly, particularly when it relates to your work.

Think about:

  • Avoiding sharing confidential or sensitive information
  • Checking your privacy settings
  • Being cautious about posting job details, projects, or travel plans

10. Avoiding Public Wi-Fi for Work

Public Wi-Fi – like in cafés, airports, or hotels – is convenient, but it isn’t always secure. Attackers can intercept data or set up fake networks.

If you need to work remotely, it’s better to use a more secure connection.

Safer options:

  • Use a personal hotspot where possible
  • Connect via a company VPN if you must use public Wi-Fi
  • Avoid accessing sensitive systems on unsecured networks

Final Thoughts

Cyber security isn’t just about systems and software – it’s about people. Even with the best technology in place, awareness across the organisation plays a huge role in preventing incidents.

The good news is that it doesn’t take much. Small, everyday actions – reporting a suspicious email, using a strong password, following company policies – can make a real difference.

Building good habits across your team helps reduce risk and keeps your organisation better protected.

Need Help Strengthening Your Cyber Security?

At Zenzero, we work with organisations to improve cyber resilience in practical, meaningful ways. Our services include:

  • Cyber security risk assessments
  • Vulnerability management
  • Penetration testing
  • Security monitoring and threat detection
  • Cyber Essentials certification

If you’d like to understand where your risks are – or how to strengthen your defences – our team is here to help.

Discover more from Zenzero

Subscribe now to keep reading and get access to the full archive.

Continue reading