1. Lock it up
You step away from your computer to grab another cup of coffee - did you lock your computer? While this best practice seems trivial, one would be surprised at how often it is not done in the workplace. Our computers house sensitive information and business processes and when a workstation is left unlocked there is a possibility an attacker could have unrestricted access to the system. To avoid possible information leaks, embarrassing photos being spread, or the occasional practical joker, simply remember to lock your computer before leaving your desks
Quick tip - Press the Windows Key + L to quickly lock your screen
2. Protect your machine
How do you know if your machine is safe? A firewall is the first line of defense when it comes to guarding confidential digital information. It is imperative to properly install and continually update software firewalls on every machine that contains digital information.
Patching your operating systems and applications is another vital security practice. Although patches are often released on a scheduled basis, there are times when patches are sent out "off schedule" to defend against new found threats. Keep in mind, as time passes new threats will be found, so system patching will be a constant security measure.
3. Think before you click
You just received your 50th email of the day! In your eagerness to get it out of your inbox, did you take a second to investigate the link before clicking? Once a link has been clicked there’s not going back; it is possible that malicious software can install itself on your computer. Don’t click on any link unless you know you can trust the source and you are certain of where the link will send you. If you are unsure about a link, the best thing to do is call the sender prior to clicking on the link.
4. Watch for the "S"
This message is brought to you by the letter "S". That simple letter makes a difference when it comes to secure online communication. "Http" stands for hypertext transfer protocol, while the "s" at the end stands for security. It is important to make sure that "https" is displayed as part of a URL you visit, as it shows the authenticity of the security certificate on that webpage. If you access a webpage without a certificate or one that is expired, there is a chance you are accessing a website that could be loaded with malware, viruses, trojans, or eavesdroppers.
5. Be a cautious surfer
The web can be risky if you aren’t careful. It is easy for users to pick up malicious code that can infect a computer with viruses and other unwanted malware simply by clicking on a link. It is important that you do not surf the web if you are on an account that has administrator privileges. If you pick up malware using a computer with administrator privileges, you have successfully given the malware the same administrator rights that you have on your user account.
6. Be smart with your phone
Smartphones are everywhere, and hackers know that. Although your smartphones make it far easier for you to surf the web, check emails, and look at your bank account, they have become yet another avenue for hackers to access sensitive data.
What you can do:
- Don't open email if you don’t know the sender
- Don’t answer text messages asking for personal information
- Use the guest Wi-Fi network at the workplace
- Using strong phone passwords
- Turn off Bluetooth when you aren’t using it or when entering sensitive data.
7. Be aware
Social engineering is a non-technical approach hackers use to get sensitive information. Social engineering techniques include phishing emails, fake phone calls, and physical impersonation. Employees must be trained to be helpful, but stern when it comes to giving out information, as well as how to identify a potential social engineering attack. 8. Passwords
Two of the most common passwords are "123456" and "password." Having more complex passwords can help protect you and your data.
- Contain at least 12 characters Include upper and lower case letters, numbers and special characters
- Be unique to one person - never be shared
- Not be reused on multiple account logins
- Change every 60 to 90 days
Having all employees well-trained in the basics of network, system and information security is a huge step in today’s cyber world and is one of the best investments that can be made. If you have a basic understanding of security or know how to identify a potential incident you are less likely to fall victim to an attack. At the office, each employee should be kept up to date on information security policies and their role in protecting sensitive information. They should know the expectations when it comes to the limitation of personal use on company provided equipment and should sign a statement acknowledging that they understand the policies and penalties that result if guidelines are not followed.
10. Backup
Disasters that could cause data loss don’t usually give much of a warning, so consider this your friendly warning. Businesses are often not prepared for fires, floods, power failures, employee errors, or even malicious programs. In each of these instances it is entirely possible for businesses to lose some, if not all data and information stored on the computer systems. The best way to ensure all data/information is safe is to automatically backup all critical data at least once a week. Data backups should be stored in a secure, off-site location.
