It’s National Cyber Security Awareness Month, an important time to remind employees to be vigilant when comes to the online safety and security of personal and company information. The recent breach at credit reporting agency Equifax has left us all too aware of our personal vulnerability to identity theft, and should also be a reminder of the precautions we must all take at work to protect our clients, partners, employees, company and our own personal data. Here are eight friendly reminders to share broadly with employees and to reflect upon:
- Keeping information safe is a major part of your job. You are the best defense against hackers. Technological measures do help to protect information, but the most common breaches come from human error. No matter where you work or what you do, do not disclose or give anyone else access to Personally Identifiable Information (PII), Sensitive PII, Intellectual Property (IP), or proprietary information.
- Use common sense approaches to protecting your physical workspace. Lock printed materials and digital storage items in a cabinet or drawer. Shred confidential documents and handwritten notes that you no longer need. When you leave your desk, lock your workstation or log off the network to prevent unauthorized access. Retrieve sensitive documents from printers and copiers immediately.
- Good password security defends your computer and the network. A good password is difficult for others to guess but easy for you to remember. It should contain at least eight characters and include uppercase and lowercase letters, numbers, and special characters. Don’t share your passwords with anyone, including help desk and IT staff, and change them often.
- Avoid using public Wi-Fi networks. Don’t use public Wi-Fi networks to do company business. Before you provide information to a website, make sure it is secure. The web address should start with “https” (the “s” stands for secure), not “http.” If your bank’s website doesn’t have a lock at the beginning with green shading in the web address bar, it isn’t your bank (or anyone else’s).
- Don’t open e-mail attachments or click links from unknown sources. Malware is short for malicious software and includes dangerous programs like viruses, worms, and spyware. Even seemingly harmless attachments should never be opened when received from unknown parties. Even a friend can unknowingly send a virus, so make sure your malware protection files are up-to-date.
- Do not use personal cloud space for company work or material storage. Uploading work documents to a personal cloud storage application is a breach of trust and a serious violation of security. Don’t upload work files to your smartphones, tablets, laptops or anything else that might get lost or stolen.
- Use social media carefully and in compliance with company policies. Anything you post online could be seen by anyone and could end up anywhere. Never divulge personal data such as Social Security numbers, financial records, or account numbers, and think twice before posting things like your hometown and birthdate. Don’t post sensitive information about your company or other employees. Know your company’s online communication policies.
- Always follow procedures and protocols set up by your IT department. Your company’s approach to security is built around your system, with its particular devices, platforms, and security protocols. The most important part of that security is you. Along with your colleagues, you form a “human firewall” that only works if you and everyone around you pays close your company’s IT policy. Never download software and applications from the Internet unless it’s been approved by IT.
Among LRN’s vast library of customizable courses, videos and other educational tools is a series that addresses privacy and data protection. Contact us to learn more about our offerings.