Always keep devices & laptops with you when working remotely.
Thieves will steal unattended equipment. When you are out in the field and working remotely, remember to keep a close eye on your smartphone and laptop. Don’t leave your device unattended, such as when getting up to order more coffee at a cafe or if you need to use a bathroom. It only takes a few seconds for a criminal to strike.
Only write down and store essential and necessary information.
Your organization has established rules for what kind of information is essential for storage, such as contracts, proposals, and financial statements. These types of documents constitute an official record that could be used in a lawsuit, so you’ll need to store them for as long as specified by governmental rules and your organization’s internal policies. After the mandated storage period, follow your organization’s rules for document destruction.
Stay one step ahead of thieves: devote a single credit card for online purchases to minimize your risk.
If you have more than one credit card, it might be tempting to use them all when you are shopping online at different sites. However, it’s prudent to designate one credit card for all your Internet transactions. That way, if an organization you’re buying items from is attacked by hackers, you will only need to report one credit card stolen to your financial institution and you’ll easily know which of your credit cards is affected. Additionally, you’ll still be able to use your other credit cards to purchase vitally needed goods and services while you await replacement of the stolen card.
New threats occur all the time. Protect your web browsing by keeping your plugins updated.
Keep your web browser’s plugins updated to protect yourself from threats. The newer versions of plugins will close security holes, ensuring safer web browsing. You can set your plugins to update automatically if you don’t want to keep them manually updated.
Public Wi-Fi Is insecure. Do not use banking websites when on public Wi-Fi.
On public Wi-Fi, any data you transmit could potentially be viewed by someone else. You should not transmit any personal, confidential or sensitive data when you’re using a public connection. This includes banking activities, bill paying, and anything else of a financial or private nature.
Do not use email or instant messaging to send or retransmit inappropriate content. Follow the acceptable use rules of your organizations for data transmission.
It might seem like harmless fun to forward an off-color joke or other inappropriate material that a friend has sent you via email or social media. However, doing so could result in a public relations disaster and even expose your organization to a lawsuit. When in doubt, ask yourself what your supervisor would think if he or she received a copy of the message you sent.
Change passwords often. Rigorous password management will protect your organization’s confidential data.
Your IT department will spell out the rules for password management and you need to follow their guidance to protect the safety of your organization’s computer network. Change your password as often as the IT department mandates. The longer you go between new passwords, the more opportunities hackers have to crack (guess) your password.
Use antispyware software to help prevent hackers from monitoring your computer activity.
Spyware often masquerades as a game or a free and useful utility to help you work more efficiently. But once installed, it will gather your keystrokes, usernames, and passwords, keeping track of what you write and sending the information back to criminals without your knowledge. Ensure your antivirus software also protects against spyware and is always kept up to date.
Keep your data secured from cyber criminals through privacy, encryption and good habits.
Cyber criminals are usually motivated by data itself; they aren’t usually attempting to obtain physical assets, merely information. For that reason, you should always take precautions to protect your organization’s data. Ensure that data is only accessed by those that need to use it, encrypt all of your data regardless of format, and keep good password habits such as changing your password often and always using different passwords for different applications.
Protect PII by only sharing information with those that need to know.
It’s extremely important to protect the Personally Identifiable Information (PII) of your clients; in some areas, it’s even a requirement. Personally, Identifiable Information includes, but isn’t limited to, names, addresses, dates of birth, and other biographical information. You can protect PII by operating on a need-to-know basis; only release Personally Identifiable Information to those that have a requirement and authorization for that information. This will reduce your overall risk.
Get prior approval before accessing workplace information on a personal computer or mobile device.
Sometimes you need to work from home, but this can sometimes represent a security risk if not handled correctly. To reduce your risk, always request prior authorization before working from home and only work from devices that have been approved for use, such as a work laptop.
Be suspicious of links posted by URL shorteners. Use a preview tool before clicking on shortened URLs.
In an effort to trick unsuspecting Internet users into clicking on links to websites that harbor dangerous malware, malicious hackers will use shortened URLs and post them via social media. Do not click on a suspicious link, even if a trusted friend has sent it to you (his or her account may have been compromised with malware to send you link Spam). Instead, use a preview tool to learn where a suspicious shortened link goes before you actually click on it.
Stick to reputable news sites during major events. Criminals use SEO to trick you into visiting malware sites.
Legitimate websites use search engine optimization, or SEO, to include relevant keywords to help Internet searchers find the information they want. Criminals create websites with SEO poisoning, stuffing pages with inappropriate amounts of popular keywords to get a boost in search engine results. Clicking on a link for this kind of site, you’ll be redirected to a malicious website.
Never forward emails that you think might be infected with malware.
When you receive an email or an instant message from someone, even a person you recognize and trust, never forward items that you think could be infected with malware. You risk infecting the machines of other people in your organization. Malicious hackers will send seemingly innocent messages with tempting subject lines, such as an invitation to look at a funny video. The message may come from a person whose account has already been attacked, enabling hackers to use it to automatically send messages to everyone in the address book.
Shorter passwords can be guessed easily by hackers. Always use long passwords.
Hackers often crack passwords using programs that try different passwords until they find the right one. Longer passwords take much longer to guess because they have many more possibilities. A six-character alphanumeric password, regardless of what the password is, has approximately 19 billion possible configurations. A seven-character password has over a trillion possible configurations. While both of these numbers may sound high, a program can crack a six-character password in under an hour.
Malware sometimes hides itself as anti-virus software solutions. Never install software from unsolicited alerts.
Some malicious programs will disguise themselves as an anti-virus solution. You may be browsing the web and receive a popup advertisement that says that your computer is at risk and that you need to install software to clean it. You should never install software that asks you to install it through an unsolicited alert. If you do install this software, it is likely to install malicious programs on your computer. our current antivirus and malware solution should be able to detect any real risks on your machine and will never ask you to install something to remove them.
People may be listening to you speak. Don’t talk about sensitive information when in public.
When you’re in public and speaking on your mobile phone anyone could be listening. Don’t discuss sensitive information such as workplace information or personally identifiable data while you’re in public. Someone could gather enough information from you to either log into one of your accounts or even steal your identity. Instead, excuse yourself from the conversation until in private.
If an email seems suspicious, delete it. Don’t open an email from unknown senders or unsolicited attachments.
Learn to recognize suspicious emails and delete them without opening them. An email is suspicious if it comes from someone you don’t know, if it has attachments on it that you didn’t request or if the subject line doesn’t appear to have any relevance to you. Think before you click: opening a suspicious email could expose you to viruses or malware.
Pirated copies are illegal. Never make pirated copies of software, movies, music, or other media.
Having and distributing pirated copies of media is illegal and leads to a violation of copyright laws. Never make pirated copies of software, movies, music, or other media, and do not download these items over the organization’s network. Even if you already have a purchased copy of the media, downloading it from a peer-to-peer network may still be prohibited.
Keeping your password secret will reduce risk. Never share passwords, challenge questions, or access tokens.
Your password’s strength cannot protect you if it is not kept a secret. You should never share passwords, challenge question answers, or access tokens with another person and there should never be a reason another person needs to access your account. If someone needs access to your device you can create a guest account with limited permissions instead. If there are files that another person needs to access that only you can access, you should inquire with a supervisor regarding granting these permissions to the other person.
Viruses cause more damage if left unaddressed. Notify the help desk immediately if you suspect an infection.
When a virus is not properly dealt with it can cause damage to your computer, compromise confidential information, and even infect other systems. To ensure that viruses are dealt with properly and quickly, you should let the Help Desk know the second you suspect that a virus has been introduced to your system. Signs of a virus may include your computer reacting in an unpredictable way, your computer running slowly, or your computer having programs installed that you do not remember installing on your own.
Deleted data is recoverable unless it is removed with a wipe program.
Your computers and mobile devices may have confidential or sensitive data on them. Simply deleting this data is often not enough to remove it entirely; the data may remain somewhere on the device even if it does not seem visible. You can use a data wipe program to ensure that your sensitive data is deleted before giving someone else your device.
Use access control lists to protect files stored on your organization’s network.
When it comes to storing files on your organization’s network, it’s crucial to control access to sensitive information. Use Access Control Lists or ACLs to safeguard your data. An ACL specifies the access rights each person has to any particular item on the network, including directories, groups of files, and individual documents. With an ACL, you can designate whether a person or a group (such as programmers or managers) can read or edit a file, copy or move files from a directory, or run an application.
Always turn off Bluetooth when it is not needed.
Hackers can use an open Bluetooth connection to compromise your laptop, tablet, or smartphone. They can then steal your personal information. Always turn off Bluetooth if you aren’t using it.
If you see someone without a badge in a restricted location, report it immediately.
Security may be compromised physically rather than digitally by intruders. You should always report anyone suspicious you see in a restricted location. Someone without a badge or someone attempting to access a location without the appropriate credentials may be attempting to steal information or physical items from the organization.
Websites requesting sensitive data may not be secured. Ensure it uses encryption before submitting your data.
There may be times when you need to submit sensitive information through a website. Even a legitimate website may still be dangerous if it is not using encryption to collect your data. Before submitting any sensitive information, make sure that the website is using an SSL connection. SSL connections use “https” rather than “http” in the URL.
A poorly secured Wi-Fi network can be very dangerous. Using a good password will minimize your risk.
It’s important to choose a good Wi-Fi password if you want to maintain the safety of your wireless connection. Do not use information such as your address or street name, as those nearby will easily be able to guess it. Also avoid naming your Wi-Fi connection something that relates to a password or your name. A proper password is long, complicated, unique, and random.
Information shared on the internet cannot be deleted. Never share data online you don’t want people to see.
Anything that is shared through the Internet cannot be truly deleted. This applies even to social platforms that claim to delete items, such as Snapchat. Once something is shared through the Internet, it can be saved and distributed by another person. Never share anything online that you don’t want everyone to see.
Protect yourself against drive by downloads with antivirus software and good habits.
Drive by downloads are downloads that occur either without permission or without your knowledge. They usually occur when you are visiting a site that is infected with malware. To avoid drive by downloads, only visit sites necessary to fulfill your duties.
Learn about the classification & sensitivity levels of data used in your organization, and protect it accordingly.
Your organization classifies data according to how sensitive it is to help users be aware of the protocols they must follow to protect it. Be aware of the classification levels to keep this information safe. The highest level of sensitive data includes health information, credit card numbers, driver’s license data, bank accounts and ID numbers issued by the state or other institutions. Exposure of this data violates people’s privacy and can lead to financial crimes as well as identity theft. Restrict access to this information on a need to- know basis and log all attempts to look at sensitive data.
Safeguard personally identifiable information. Follow your organization’s data retention and destruction policies for PII.
Personally, Identifiable Information (PII) that your organization keeps on file about customers, clients, and employees can be used by criminals to raid bank accounts and steal people’s identity. Understand and implement all the data retention and destruction policies for PII. For example, maintain a schedule for shredding confidential paper documents. Learn which systems are authorized