When on the job at a corporate office, a\u00a0healthcare organization, or an\u00a0academic institution\u00a0or\u00a0government agency, or even when you are working from a local coffeshop, restaurant, or home office, your organization\u2019s online safety and security is a responsibility shared by all. However, as mobile computing\u2014especially using personal devices\u2014becomes more common, the potential for network compromise is increasing.Think about this: around the world,\u00a020 percent\u00a0of employees now do some or all of their work from home. Employees increasingly demand flexible and seamless enterprise access, making mobility a top global priority in order to attract talent and provide competitive advantages. While this trend gives employees increased access to the network without tying them to a cubicle, it also introduces new security risks to the organization.As mobility and digital transformation demands have made business networks more accessible than ever, cyberattacks are also becoming more\u00a0frequent and sophisticated, taking advantage of the expanded attack surface. As a result, employees can unwittingly cause severe damage to a business due to a lack of cybersecurity awareness. A compromised device or an unreliable remote connection can leave your network vulnerable.To minimize risk as work and home, especially as connectivity and digital resources become more intertwined, organizations need to promote security hygiene best practices that will\u00a0minimize risk, data leakage, and non-compliance while still allowing for operational flexibility and efficiency.Building a Culture of Strong Cyber HygieneAs we use our own devices to remotely connect to the corporate network, we must all play a role in helping to keep the network secure. Here are a few strategies that everyone can practice to promote top-notch cyber hygiene. Use Secure Access Points & Create a Work NetworkWhen remotely connecting to your corporate network, cyber hygiene best practices recommend using a\u00a0secure access\u00a0point. One way to minimize the risks of connecting to your work network over public Wi-Fi is to use a virtual private network (VPN). VPNs allow you to extend your private network across the public Wi-Fi using an encrypted virtual point-to-point connection which enables and maintains secure access to corporate resources. However, it is still critical to remember that if either end of that VPN is compromised, like the unadvertised Wi-Fi access point at your local coffee shop, then VPN cannot prevent things like man-in-the-middle attacks. This is why it is also imperative that you ensure the integrity of any access point you connect to. While public Wi-Fi connections are often harmless, it only takes one malicious connection for a cybercriminal to intercept all of your browsing data as you move across sites and accounts.Another best practice is to create a secure network for business transactions in your home office. Most businesses have two separate networks\u2013 one that only employees can access and one for guests. This same protocol is easy to replicate at home. Most home routers allow for the creation of multiple networks, such as a home and a guest connection. Adding a password protected network for work connections means that your corporate resources will never share the same connection as your gaming systems, home laptops, your children\u2019s smart devices. By keeping your home devices separated from the network on which you access sensitive work data, compromised devices or applications cannot be used as an point of vulnerability to attack the corporate network. Update RegularlyInstalling updates across devices, applications, and operating systems on a regular basis is an integral step to achieving strong cyber hygiene. Though it\u2019s easy to ignore updates when you need to meet a deadline or help a customer, failure to keep your devices updated can drastically simplify the process for cybercriminals seeking to corrupt your device. One of the most effective\u2014and easiest\u2014ways to avoid that tendency is to simply add patching and updating to your work schedule. It\u2019s hard to fit something in if its not on your calendar for the day. If you don\u2019t schedule it like you do other tasks and meetings, it\u2019s easy to push it to another day.\u00a0Regularly applying updates and patches ensures that the operating system and applications you are using are protected against known vulnerabilities. One recent attack that demonstrates the importance of these updates is\u00a0WannaCry, which leveraged known Microsoft vulnerabilities\u2014for which patches were readily available\u2014to distribute\u00a0ransomware. Had the targeted organizations and remote end users simply administered updates and patches to their devices they would have been far less susceptible to this attack.In this same vein, it\u2019s also important to ensure all of the programs and applications that run within the business network are still supported by the publisher, and that you retire or replace those that are not. Strong Access ManagementAccess management\u00a0is a simple but very effective cyber hygiene best practice. You should be using strong passwords and two-factor authentication across all devices and accounts.Passwords should be complex, incorporating numbers and special characters. And try to avoid reusing passwords across accounts \u2013 especially on devices and applications that are used to access sensitive business information. This is because if your account is breached on one site, and your information is leaked, credential stuffing and brute force attacks can use this leaked information to target other accounts.The biggest challenge for this sort of password strategy is simply remembering or keeping track of them. Because of this, many of the stronger passwords are actually easier to guess. Instead, use acronyms or phrases to help with remembering passwords. And as the number of passwords you need to remember increases, consider employing management software to help you keep track of them.Strong passwords augmented with two-factor authentication is even better, ensuring that only authorized people can access business-critical systems and sensitive data. Recent advances in biometrics, such as fingerprint scanners and facial recognition software, provide similar multi-factor authentication. Additionally, use segmentation, network admission control, and role-based access controls to limit the users and devices that can access high-value, sensitive information. Practice Safe Email UseThe most popular attack vector still being leveraged by cybercriminals today is\u00a0email. Because of its uniquitous use, it remains the easiest way to distribute malware to unsuspecting users. Though there are many ways cybercriminals leverage email for malicious activities, ultimately, they largely rely on tricking recipients into clicking on malicious links and attachments, often by impersonating another employee or someone they know.Some of the most popular\u00a0email scams\u00a0are phishing and spear phishing. Phishing attacks include links to websites that look legitimate, such as a bank, business, or government office, which then ask users to log in\u2014thereby stealing credentials or infecting the device with malware. Spear phishing increases the effectiveness of such attacks by impersonating an employee or trusted user before requesting login information, sensitive employee data, money transfers, or simply asking them to open an infected attachment or click on a malicious link.To combat such threats, you must be vigilant when responding to emails, especially those with links and attachments. Never click on a link or attachment from an unknown sender. And even if an email seems to come from a trusted source, be sure to look closely lat the email address or website URL they refer you to. Often, names or URLs will have misspellings, which indicate an attack. Even if things look normal, stop and ask yourself if this looks or sounds like something this person would send to you or ask you to do. Most of the time, links are only provided after a request has been made, or as part of a larger or longer conversation. Unexpected requests are ALWAYS suspect, and may warrant directly contacting the sender to not only verify the request, but if it is legitimate, to also suggest that they use a different process besides distributing unannounced attachments and links. Install Anti-MalwareWhile anti-malware software cannot stop unknown attacks, the vast majority of attacks and exploits reuse attacks that have been previously successful. Installing anti-malware\/anti-virus software across all your devices and networks provides protection in the event of a successful phishing scam or an attempt to exploit a known vulnerability. In addition, look for tools that provide sandboxing functionality, whether as part of an installed security package or as a cloud-based service, to also detect\u00a0Zero-Day\u00a0and other unknown threats. Have a Cyber Response Plan in Place and Understand the DetailsAll businesses, regardless of size, should have an incident response and recovery plan in place to minimize downtime in the event of an attack. Make sure you and all other employees are aware of this plan so there are no questions about the next steps during an attack. This includes having a hotline prominently displayed so employees know who to contact if they suspect there has been a breach. You also need to ensure that this hotline is either manned 24\/7 or that an after-hours number is readily available. Waiting to learn about a breach until after your support team arrives for work may be too late.Having a streamlined plan combined with a staff that are all on the same page will allow you and your business to quickly stop an attack from spreading throughout the network, reduce dwell time, minimize the exfiltration of data, and get everyone back online faster.Final ThoughtsCybersecurity is no longer the sole responsibility of the IT and security teams. As employees interact with and rely on technology every day, often from remote locations, they all play an integral role in the security of the organization.In order to ensure security and compliance, especially as trends such as digital transformation and mobility continue to expand, each individual employee must understand and practice cyber hygiene. By being aware of common attack vectors and utilizing the tips provided above, your users can help stop the spread of malware and keep your business running smoothly.Educate YourselfCheck out\u00a0our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today.\u00a0Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning.\u00a0Also learn more about the\u00a0Fortinet Network Security Academy\u00a0available to educators and students or the\u00a0FortiVets program\u00a0for Veterans.Download\u00a0our latest Fortinet Global Threat Landscape Report to find out more detail about recent threat landscape trends.\u00a0Sign up\u00a0for our weekly FortiGuard Threat Brief.