Your access badge could be used by a malicious insider. Always know where your badge is.

Someone inside the organization – including both coworkers and visitors – could use your access badge to reach confidential organization data. Always ensure your badge is on your person at all times. Wearing your badge at all times is the best way to avoid losing it. If your badge does go missing, report it lost immediately. This is true even if you find your badge again later; the badge could be taken, used and then returned.



Fake websites may masquerade as official ones. Navigate to your bank accounts by manually typing the URL.

A fake website will often look almost identical to an official website. You could click on a link that looks legitimate in an email and be directed to a site that is not the same URL. The only way to absolutely ensure that you log into the proper website is to manually type the URL into your browser. Do not click links to your financial institution’s website, as they are not always legitimate.



Kids may be in danger online. Teach them what they can and can’t share over the internet.

Children don’t always know what is and isn’t appropriate to tell people over the Internet. Make sure that your children know what personal information is in terms that they can understand and who they should and shouldn’t be speaking with. Explain to your children why certain information should not be shared. Having an open and honest discussion with your child is the best way to prepare them to be responsible and safe and to help them understand the importance of privacy.



Reducing access to your files keeps them safer. Use access control lists to ensure files are accessed properly.

Access control lists allow you to control who can view your files and whether they can read, modify or delete them. Using access control lists will ensure that only those who need your files can view them and that they can’t do anything to the files that you don’t desire. By reducing the overall exposure of your files, you can decrease risk.



Don’t allow others to follow you through secure entryways without swiping their own access card.

Everyone must swipe their own ID access cards. If they still refuse to swipe their ID access card, notify security and provide them with the details of the event. Most of these entry control systems record an audit trail of who enters, which door, and when.



Strangers on your computer may attempt to access confidential files. Never let a stranger use your computer.

Strangers may attempt to gain access to your computer so that they can access sensitive or confidential documents. They may give you a reason that they need to use your computer, such as a personal favor. Anyone on your computer will have access to the files and systems that you have access to. You should never let a stranger access either your work or home computer.



Phishing is a technique by which a scam artist asks you for confidential information. Never give personal or sensitive information to someone you don’t know.

Phishing techniques may vary, but they usually involve attempts to trick you into revealing personal or sensitive information. As an example, a scam artist may pretend to be an employee of your bank and ask you for your confidential bank login information. You should never give anyone sensitive or confidential data through email or instant messaging even if it appears to come from someone you know or a company you do business with. Call your bank directly if you receive a request.



Online bullying can become very serious. Talk to your kids about what to do when bullied.

Many children experience bullying online. Online bullying can be very harmful because it cannot be escaped, even when at home. In order to protect your children from the consequences of bullying, you should talk to them about the actions they can take to take control of the situation. Children should know that there are serious repercussions for bullying and that they should always tell an adult if bullying does occur. Let them know that they can always talk to you about it.



Hackers may know your router’s default settings. Immediately change usernames & passwords for new routers.

Wi-Fi routers usually come with default settings for the username and password. Hackers may be able to figure out your password using this default information. Once in your router, a hacker may be able to view your network traffic or even lock you out of your own network. When you get a new Wi-Fi router you should follow the manufacturer’s directions to change both the username and password. Make sure that the password is long, difficult to guess and not related to the network name.



Talk with your children about internet safety before they go online.

Your kids may have a limited understanding of potential dangers that they face when accessing the Internet. Before they go online, explain that they should never reveal personal information about themselves, such as where they live or their date of birth. Instruct them to tell you about anyone making inappropriate contact with them, such as through online chatting or email. And supervise your younger children whenever they surf the Web, to keep them from being exposed to harmful materials.



Social media is viewable by anyone. Do not post anything regarding the organization without prior consent.

Social media can be seen by anyone even if your account is private; anything you post could be shared on the Internet and it cannot be deleted once others have begun sharing it. You should get written permission before you post anything online.



Plugins can be security risks. Only use the plugins you need.

While plugins can make browsing easier, plugins can also represent security risks. Keep the number of plugins you use at a minimum. Uninstall or disable any plugins that you are not using and keep the plugins that you do use updated often to protect yourself against security issues. Only install plugins from reputable companies.



Legitimate emails usually don’t demand immediate action. Be skeptical if they do.

If an email is sent to you that requests that you take an immediate action, you should be skeptical. Rather than responding to the email, you should call or otherwise directly contact the sending party for more information. Immediate action is usually used to make you rush, so that you don’t notice other warning signs.


Acceptable use still applies at home. Follow all policies even when working remotely.

Acceptable use policies are designed to be used regardless of where you work. Whether you are working from home or on a business trip, you should still be following acceptable use policies to protect both yourself and the organization.



Investment fraud can be costly. Never invest money in something you don’t understand.

The majority of investment fraud schemes, such as Ponzi schemes, Pyramid schemes, and Pump and Dump Schemes, take advantage of an investor’s ignorance regarding the methods that they purport to use. Never invest in anything that you do not understand. It is likely that it does not work in the way that the investor says it does.



It’s important to password protect all sensitive information. Create easy to remember but complex passwords.

Longer, complex passwords are more difficult for a person to guess and thus will secure data much better than shorter, simpler passwords. Try to create password phrases and substitute letters for numbers and symbols to increase the complexity. A password phrase may be something as simple as “remember to buy milk.” With substitutions and symbols, this becomes “R3m3mb3r2buym1lk.” This is a very difficult to guess but easy to remember password.



Viruses & malware may link computers together to perform tasks which is damaging to your system & others.

Some viruses and malware may not do anything perceivable to your computer but instead use your computer. A botnet is an amalgam of many computers that are linked together to complete a purpose, such as a malicious attack against a third-part target. While these viruses and malware may not harm your system, they may be used to damage another system or to commit some form of crime. Signs that your computer may be in a botnet include the computer running sluggishly or transmitting data when it should not be. Your virus protection software should be kept current and always on to protect you from this.



Classify all new documents and emails you create following the guidelines defined in data classification policy.

Apply the proper classification labels to the documents and emails that you create, such as private or confidential, and then protect the new information asset following the data classification policy. The labels will remind you and others who need to access the information that they must keep the data secured at the appropriate level.



Know where the nearby fire extinguishers are and know how to use them.

If a fire is detected, first sound the alarm to notify management and personnel of the risk to safety, and to begin evacuation procedures. If it is safe to do so, use the fire extinguisher following the prescribed procedures to attempt to extinguish the fire.



Do not install software on your work computer unless it has been approved and authorized for your computer.

Unauthorized software can contain viruses and other forms of malware, and can cause conflicts with other applications. The software must be properly accounted for and follow proper licensing requirements. If you need software that is not approved or authorized for your computer, contact your supervisor or the IT department.



Save your work regularly to ensure that you do not lose information.

Hardware and software can malfunction and power can be unstable. These phenomena can cause a computer to lock up or shut down unexpectedly, which makes regularly saving your documents essential. On a PC, type “Ctrl” and “S” at the same time to quickly save your work. On a Mac type “cmd” and “S” at the same time. Get in the habit of doing this regularly.



Never leave your ID badge or key card unguarded.

These items should be worn or with you at all times and never lent out. If you lose your ID badge or key card, report it as soon as you realize one of these items is missing.



Printed sensitive data should be shredded when it is being disposed of.

Attackers have been known to search the trash of potential victims to gain access to sensitive and valuable information. The data classification policy describes what classifications of documents must be physically destroyed (shredded) prior to disposal.



The internet is provided to increase work efficiency. Don’t let the internet interfere with your work.

Access to the Internet is intended to help you work more effectively. Though you are free to occasionally use the Internet for personal tasks, it’s important that you never allow Internet usage to affect your work. Never use the Internet at work for obscene, sexually explicit, threatening, or illegal activity, and avoid the consumption of excessive resources such as bandwidth. This includes websites, emails, instant messaging, and other online tasks. If in doubt, consult the Help Desk regarding acceptable use policies.



Passwords alone cannot provide sufficient protection. Use two-factor authentication for sensitive accounts.

Two-factor authentication is a special type of security that involves two separate types and stages of authentication. Usually, two-factor authentication uses something you “have” along with something you “know”. ATMs use two-factor authentication by requesting your ATM card and your PIN, while many online accounts require that you both have a password and verify your identity with your phone or another device. Other forms of two-factor security authentication might include a token or a removable media device, such as a USB drive.



USB drives can carry viruses. Never plug in a free or found USB drive into your computer.

Once plugged into a computer, a USB drive can transfer a virus or other malware to your system. You should never plug in a USB drive that you have received for free or found somewhere in your office; even if the USB drive was found at work, it might still have a virus on it. Keep your USB drives clearly marked to prevent any confusion between you and your coworkers and always keep them in a specific place.



Always follow governmental regulations and policies on retaining and destroying sensitive data.

Certain types of data must be stored securely for a set amount of time and then disposed of in a secure fashion. The amount of time for data retention varies from location to location and also depends on the nature of the information (such as medical or financial records). Always be aware of the data retention and destruction policies in your local jurisdiction as well as the information security policy. Determine whether data is public, private, or confidential when preparing it for storage and removal. Ask your supervisor for guidance whenever you are in doubt.



Protect your data with secure storage and transmission. Otherwise, your data may be vulnerable.

Most users have sensitive data on their computer that could be used for malicious purposes: bank account information, personal information, and more. To protect this data, you should always use the appropriate encryption protocols for both storage and transmission. Encryption protocols seal stored data behind a virtual lock, protecting the data from hackers. Storage devices, such as a hard disk drive or a flash drive, should be encrypted and you should use secure Wi-Fi and SSL (secure socket layer) protection when transmitting sensitive information. Look for HTTPS in the web address to verify the data is being transmitted securely.



Don’t display sensitive data on your screen in public places.

Mobile device security goes beyond simply ensuring that your data is encrypted and your connections are secured. If you display sensitive data on your computer screen in a public place, it may be read by others. Confidential data should never be viewed in a public place in a way that it can potentially be seen by someone else. Instead, you should always view your sensitive data in private. If you must complete work in a public location, face your back to the wall.


Items can be lost easily when traveling. Only take what you need with you and lock up your valuables.

It can be very easy to lose important items when you travel. Take only the credit cards, identification and cash that you need with you, and minimize the total amount of items that you carry at once to reduce the possibility that you might lose track of them. Any important or expensive items that are not carried on you should be locked up in a hotel safe. This includes a backup payment method, such as an additional credit card, that can be used if you lose your other items. Copy your identification information and leave the copies in the safe for additional security.