During my time in IT services, I've seen the a lot of employees make the same cyber security mistakes while at work.
Because of this I put together the 12 fundamental rules to live by to avoid getting into trouble. While these are written with the workplace in mind, they are also applicable to your personal computing. Here goes:
- Utilize the company network to store files. - All company-related data should be stored on the network. Files on your desktop might not be backed up. You should not use personal cloud accounts, such as your own Google Drive or Dropbox, to save or share company documents.
- Do not leave your workstation unlocked and unattended. - When leaving your workstation, press WINDOWS KEY + L to lock your desktop.
- Do not connect unknown devices to your computer. - Small devices, especially USB thumb drives, can present a very real danger to the company’s devices and infrastructure.
- Do not download or install software without approval. - Unapproved software can cause problems that affect the entire network. Speak to management first to ensure that it will not cause an issue with something else that has been implemented.
- Do not respond to unsolicited, unfamiliar emails. - If you get an unsolicited email, do not react or respond, as they could contain ransomware disguised as attachments. Instead, notify IT so they may investigate. This tends to be common with unsolicited proposals and resumes.
- Do not accept unsolicited support from an incoming caller. - If you receive an unsolicited phone call from someone claiming to represent Microsoft support (or any generic tech support), hang up. These calls are often fraudulent attempts to gain illicit access to company assets.
- Follow password guidelines. - Make sure your passwords are appropriately strong and complex. You should never reuse your passwords.
- Clear all mobile devices with your manager. - Before beginning to use your smartphone/tablet/laptop for work purposes, make sure you have the approval to do so. This is to ensure the safety of company data.
- If you see someone, tell someone. - Do not hesitate to question the presence of an unfamiliar face in the workplace. Ask management if there was the expectation of a visitor, and do not allow the visitor to wander around unattended.
- Think before you click. - Take a moment to consider any links you receive in correspondence before clicking on them. Is it coming from a trusted source? Have you confirmed the legitimacy of the link through another means of communication? Links can often be disguised cyber threats.
- Never hesitate to report an issue. - If you encounter an issue as you progress with your tasks, you should report it to management as soon as possible. Remember, vigilance could very well save the network from disaster.
- If you have a question, ask. - There is no such thing as a dumb question when it comes to IT and security. Check with your manager to see if you can reach out to your IT support provider directly for help with your computer.
Hope you find this of use, and safe computing. This is just an extract but you can view the original blog post here.