Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

12 Golden Cyber Security Rules


  • Please log in to reply
6 replies to this topic

#1 Brandon2017

Brandon2017

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 28 June 2017 - 09:21 AM

During my time in IT services, I've seen the a lot of employees make the same cyber security mistakes while at work.

 

Because of this I put together the 12 fundamental rules to live by to avoid getting into trouble. While these are written with the workplace in mind, they are also applicable to your personal computing. Here goes:

 

  1. Utilize the company network to store files. - All company-related data should be stored on the network. Files on your desktop might not be backed up. You should not use personal cloud accounts, such as your own Google Drive or Dropbox, to save or share company documents.
  2. Do not leave your workstation unlocked and unattended. - When leaving your workstation, press WINDOWS KEY + L to lock your desktop.
  3. Do not connect unknown devices to your computer. - Small devices, especially USB thumb drives, can present a very real danger to the company’s devices and infrastructure.
  4. Do not download or install software without approval. - Unapproved software can cause problems that affect the entire network. Speak to management first to ensure that it will not cause an issue with something else that has been implemented.
  5. Do not respond to unsolicited, unfamiliar emails. - If you get an unsolicited email, do not react or respond, as they could contain ransomware disguised as attachments. Instead, notify IT so they may investigate. This tends to be common with unsolicited proposals and resumes.
  6. Do not accept unsolicited support from an incoming caller. - If you receive an unsolicited phone call from someone claiming to represent Microsoft support (or any generic tech support), hang up. These calls are often fraudulent attempts to gain illicit access to company assets.
  7. Follow password guidelines. - Make sure your passwords are appropriately strong and complex. You should never reuse your passwords.
  8. Clear all mobile devices with your manager. - Before beginning to use your smartphone/tablet/laptop for work purposes, make sure you have the approval to do so. This is to ensure the safety of company data.
  9. If you see someone, tell someone. - Do not hesitate to question the presence of an unfamiliar face in the workplace. Ask management if there was the expectation of a visitor, and do not allow the visitor to wander around unattended.
  10. Think before you click. - Take a moment to consider any links you receive in correspondence before clicking on them. Is it coming from a trusted source? Have you confirmed the legitimacy of the link through another means of communication? Links can often be disguised cyber threats.
  11. Never hesitate to report an issue. - If you encounter an issue as you progress with your tasks, you should report it to management as soon as possible. Remember, vigilance could very well save the network from disaster.
  12. If you have a question, ask. - There is no such thing as a dumb question when it comes to IT and security. Check with your manager to see if you can reach out to your IT support provider directly for help with your computer.

 

Hope you find this of use, and safe computing. This is just an extract but you can view the original blog post here.



BC AdBot (Login to Remove)

 


#2 Just_One_Question

Just_One_Question

  • Members
  • 1,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:15 PM

Posted 28 June 2017 - 09:33 AM

Solid advice, thanks! Can I also add, going off-line as much as possible - in my experience it is a pretty safe way of computing different data; it eliminates the various risks of the Internet. :)

 

BTW, what is up with computers getting into every job nowadays even some that don't necessarily require the use of a computing device? It would appear that every little store has a computer these days. For example, I've seen/used computers at school in the classroom for Literature. Pointless...


Edited by Just_One_Question, 28 June 2017 - 09:34 AM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 28 June 2017 - 10:32 AM

1 - Totally agree. Where I work, the "Documents" (%USERPROFILE%\Documents) folder for each user points to their folder on our file server. Which means they can access it on any workstation they log on to (roaming profiles). They are told multiple times during the year to save all work-related data there, yet a lot of them still save their work on the desktop, or somewhere else (locally on the system) that isn't backupped and when the computer crashes and we can't recover their work, they complain.

4 - Totally agree. Users shouldn't be allowed to install programs themselves unless the program have been vetted and approved by their IT services. And even there, when possible, a package should be made and pushed by the IT staff on their workstation if they need the said program.

7 - Totally agree. There's so many users that reuses the same passwords over and over again, or take the "default" one that is being given on their first login and never change it. Our Security Analyst is currently setting up a workstation that will be used to crack the passwords used here, and I'm sure that with only 2-3 different words and an autoincrement of the number (1, 2, 3, etc.) he'll be able to crack a good % of them.

I agree with all the points you listed, though #1, 4 and 7 are the ones I face pretty much everyday at work, hence why I highlighted them.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:04:15 PM

Posted 28 June 2017 - 10:57 AM

Well, now I'll come in playing "the stupid or contrarian user" and stick to the points that Aura highlighted first:

 

1.  If you can re-point "Documents" to the network is there not a way to do the same thing with "Desktop"?  People are going to do what comes naturally, and for some Windows users that means they're going to automatically use the desktop "because it's what I've always done."   IT needs to be taking common behaviors into account, not trying to change those that they will never succeed in changing.  [BTW, because I hate a cluttered desktop I never elect to store anything except very temporary files there.]

 

4.  I agree that users should not be allowed to install programs willy-nilly.  But any organization of any size that doesn't enforce this via group policy is getting precisely what it deserves.  There was never a place that I worked that allowed me to install programs on my own work PC, and that's the way it should be.   At the same time, there needs to be a realization that individual users will have reasons, and valid ones, for requesting the installation of "non-standard" software.  IT Departments tend to be the worst examples of the old saw, "A foolish consistency is the hobgoblin of little minds."   Computers are tools, and one customizes tools to the job.  Any large organization should have a "basic setup" but allow for specific users to request that specific non-standard software be installed and that it be installed absent some very good reason that it should not be.   In addition, if you have an employee that needs to use assistive technology there needs to be an explicit exception to the "you can't install anything," rule or there needs to be a virtually immediate capability to have someone come and tweak their setup.  Upgrades and changes to assistive technology, or the need to experiment with alternatives as the user's needs change, is a constant.  I have yet to work in any organization that claims it supports accessibility that actually understands this.  IT is about supporting employees and the business's mission, not vice versa.

 

7.  The problem with passwords is that no sane person can remember an individual password for the number of systems, sites, etc., that they need to access unless they use what I call the "portmanteau" method to create a secure password that has a pattern that makes sense to them, and most don't do this, either.  I try to teach people that if their first address as a child was 123 Main St, their first pet was Fluffy, and their mother's birth year was 1947, that creating a password, 123Fluffy{insert something that makes sense to you about what you're trying to log in to that you'll remember, and that's a few characters long here}1947* makes a great portmanteau formula for a password that virtually no one else in the world could figure out or break.  123FluffyAmazon1947* has an almost zero probability of being broken by someone who doesn't have intimate knowledge of your early life and your mother's birth year if we're talking about logging in to Amazon.  You could increase the difficulty by always capitalizing third character, e.g., 115FluffyamAzon1947*, making things even less obvious.  You don't want the darned things to be sentence length, but it's amazing how quickly you get used to typing the "fixed" prefix and postfix parts and knowing them by heart.  For what it's worth, even a good, reused portmanteau that's composed of trivia that only the user themselves would know is better than the crap like 123456 that far too many people use as passwords.

 

Now, on to #10:  This should be expanded beyond just the context of e-mail.  "Think before you click" should apply to virtually any control, link, etc., that presents itself, unbidden, always and even to things that turn up in intentional web searches you've done that just "don't look/seem right."


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#5 Just_One_Question

Just_One_Question

  • Members
  • 1,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:15 PM

Posted 28 June 2017 - 11:23 AM

Well, now I'll come in playing "the stupid or contrarian user" and stick to the points that Aura highlighted first:

 

1.  If you can re-point "Documents" to the network is there not a way to do the same thing with "Desktop"?  People are going to do what comes naturally, and for some Windows users that means they're going to automatically use the desktop "because it's what I've always done."   IT needs to be taking common behaviors into account, not trying to change those that they will never succeed in changing.  [BTW, because I hate a cluttered desktop I never elect to store anything except very temporary files there.]

I asked practically the exact same thing a friend of mine who works in IT and the explanation I received was the following: The idea is that the desktop of everyone's computers at the office is the place where they do their 'dirty' work, their drafts, their temporary files, their 'asdasdasda' documents, so to speak. Once they have completed the document/spreadsheet, etc. that they've been working on, then they place it in the shared Documents folder, so that only the finished, clean files are stored there. In a way it makes sense, since it would theoretically shelter the shared folder from becoming a chaos (if there were a lot of people's desktops' files being shared there). However, it increases the risk that the temporary files that are placed on the people's desktops become suddenly extinct, as the desktop is not automatically saved.:)



#6 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:04:15 PM

Posted 28 June 2017 - 02:16 PM

JOQ,

 

        I am not proposing "a group desktop" but everyone's individual desktops.  If you can redirect windows to look for Documents on the network you can do the same thing for any of the libraries or folders like Desktop.

 

        I guess my central point was that there are certain behaviors that one has zero chance of changing, and the use of the desktop is one of them.  There are ways to have the desktop folder not be local to the machine itself like it usually is, and if the fear is loss of data and the network drives are used to prevent this for Documents it could also be used in the same way for Desktop.

 

        After all my decades in this game I have figured out that there are some behaviors that it is futile to attempt to change.  I personally think the dictum regarding never repeating a password between any two venues is followed by virtually no one, even those who promulgate it.   I actually have a variety of passwords, but a constrained variety, and all are strong (or strong enough for what they protect).   To my knowledge, no one knows what any of them are, and at least one of them has been in "my portfolio" since the 1980s.  I'm not about to try to memorize over 100 passwords or constantly have to turn to a password manager (even though I do use one) every time I need to log in.  I guess if someone tortured me to extract "my portfolio" I'd be royally [insert favorite term for coitus in the not fun sense here], but I'd be far more worried about my immediate situation than anything that could be done with those passwords.

 

         I follow the general precept that one has to take reasonable precautions against the probable.   One does not need to go to extreme measures to protect against the remotely possible, but highly improbable.   Accurate risk assessment is key, and not everything that's password protected is earth-shatteringly important nor would its compromise necessarily matter much.  Given that I haven't had an account hacked since I started in this business in the mid-1980s I have to be doing something right.  My luck is not particularly good.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#7 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 28 June 2017 - 02:41 PM

Windows 10 S might be one solution...browser-based applications another.

 

At some point, I think the browser will be the OS.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users