Cybersecurity Do’s and Don’ts
Every employee and business unit shares responsibility for the cybersecurity of their company.
As an employee, YOU play a key role in protecting sensitive information and resources. Following these Do’s and Don’ts is the best way you can help defend your workplace from hackers.
DO use hard-to-guess passwords or passphrases.
A password should have at least 10 characters using uppercase letters, lowercase letters, numbers and special characters. To make it easy for you to remember, but hard for an attacker to guess, create an acronym. Pick a phrase that is meaningful to you, such as “My son’s birthday is 12 December, 2004.” Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
DO use different passwords for different accounts.
If one password gets hacked, your other accounts stay safe.
DO keep your passwords or passphrases confidential.
DON’T share them with others or write them down. You are responsible for all activities associated with your credentials.
DON’T leave sensitive information lying around the office.
DON’T leave printouts or portable media containing private information on your desk for anyone to see. Instead, lock them in a drawer.
DON’T post any private or sensitive information.
Do not post credit card numbers, passwords or other classified information on social media platforms or other public sites. Also, DON’T send these through email unless your manager tells you to do so.
DO use privacy settings on social media sites to restrict access to your personal information.
DO pay attention to phishing traps in email.
Watch for telltale signs of a scam AND pay extra attention to the email address. Also, beware of spoofing emails that forge the Email Address field.
DON’T ever change banking information or approve or send money via an email or phone call request that you receive.
Call back the person you routinely work with at the number where you usually reach them to verify that the request is legitimate. In some cases, bad actors manage to gain access to employees’ company email accounts. If that is the case, the request could come from your contact’s real email address, which is why the follow-up phone call is so important.
DON’T open mail or attachments from an untrusted source.
If you receive a suspicious email, the best thing to do is to delete the message and report it to your manager.
DON’T click on links from an unknown or untrusted source.
Cyber attackers often use links to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.
DON’T be tricked into giving away confidential information.
It’s easy for anyone to call and pretend to be an employee or business partner.
DON’T respond to phone calls or emails asking for confidential data.
DO destroy information properly when it is no longer needed.
Place paper in designated confidential destruction bins throughout the office, or use a crosscut shredder. For all electronic storage media, consult with IT.
DO be aware of your surroundings…
…especially when printing, copying, faxing or discussing sensitive information. Be sure to pick up pages from printers, copiers or faxes right away.
DON’T install unauthorized programs on your work computer.
Malicious applications often pose as legitimate software. Contact your IT support staff to check if an application may be installed.
DON’T plug in portable devices without permission from your agency management.
These devices may be compromised with code just waiting to launch as soon as you plug them into a computer.
DO lock your computer and mobile phone when not in use.
This protects your company and personal data from unauthorized access and use.
DON’T leave devices unattended.
Keep all mobile devices, such as laptops and cell phones physically secured. If a device is lost or stolen, report it immediately to your manager.
DON’T leave wireless or Bluetooth turned on when not in use.
Only do so when planning to use it and only in a safe environment.
DO report all suspicious activity and cyber incidents to your manager.
See someone you don’t know wandering around your office? Find out if they are supposed to be there. Also, keep all areas containing sensitive information physically secured with access given to authorized individuals only. Part of your job is making sure data is properly safeguarded, and is not damaged, lost or stolen.
For Cybersecurity Protection, talk to i-Tech Support
i-Tech, your Managed IT Services partner, is dedicated to
- protecting your privacy,
- safeguarding your organization’s information assets and infrastructure,
- identifying and mitigating vulnerabilities,
- detecting, responding to and recovering from cyber incidents,
- and promoting cyber awareness and education.
We stand ready to help and support you in your cybersecurity risk management efforts.
To assess your organization’s technology security with a penetration test or for more information about our managed security services, please contact us.
Remember – cybersecurity is everyone’s responsibility!