Employees are crucial to safeguarding an organisation’s assets, which is why they must receive proper training and become familiar with fundamental security protocols that are often neglected. Relying solely on systems like firewalls for information security neglects the human element; untrained employees can become the institution’s most vulnerable point. Why is it important to focus on best practices and cultivating effective habits among staff? Consider some typical workplace scenarios:
1. An attacker impersonates a tech support staff member, contacting an employee to inform them of changes being made to the company’s computer system that could impact their account details.The attacker requests the employee’s name and password under the pretext of needing it for reactivation purposes, and the unsuspecting employee complies.
2. A bank branch manager is processing a customer’s loan application using sensitive credit report data in an Excel file when a colleague invites him out for lunch. He leaves without securing his computer or locking his office door.
3. An employee downloads an attachment from an unfamiliar sender while using their email, despite knowing company policy prohibits such actions. Thinking he won’t be caught, he disregards this rule, only for a virus traced back to that attachment to later infect the company’s network.
To combat these risks, here are some straightforward daily practices employees should adopt to grasp basic security principles and understand their role in safeguarding both institutional assets and reputation:
– Password Management: Choose strong passwords wisely.
– Best Practices: Incorporate numbers, letters (both uppercase and lowercase), punctuation marks, and symbols (e.g., use Fl4 6r instead of Flower).
– Regular Updates: Change your passwords periodically.
Email Security: Email can be a pathway for viruses and other malicious attacks.
Recommendations:
– Exercise caution with attachments.
– Regularly update your antivirus software.
– Manually scan attachments with antivirus software before opening, but only if necessary.
Warnings:
– Refrain from opening attachments unless it’s essential, mainly if they come from unknown senders.
—
Web Browsing Safety: Surfing the web may result in data theft, password compromise, and virus infections.
Recommendations:
– Limit personal browsing during work hours.
– Avoid downloading cookies and software.
– Steer clear of chat rooms while at work.
Warnings:
– Do not utilise web-based email services for transmitting sensitive information.
—
Backup Practices:
Recommendations:
– Regularly schedule backups and save frequently.
– Securely store essential documents on disks or CDs.
—
Malware Protection (Viruses, Worms, Trojans):
Recommendations:
– Update anti-virus and anti-spyware programs weekly.
– Perform comprehensive disk scans with antivirus software monthly.
– Scan all external media (floppies, CDs) that have been used on other systems carefully.
—
Instant Messaging Safety:
Recommendations:
– Keep your instant messaging software up to date.
Warnings:
– Never share confidential information or inappropriate content through instant messaging.
—
PDA Security Practices:
Recommendations:
– Physically secure your devices.
– Use passwords and encryption.
– Disable automatic wireless connections.
Guidelines for Remote Work Security
Remote Access Best Practices:
– Implement a personal firewall for enhanced protection.
– Utilize encryption methods to safeguard data.
– When sharing documents, opt for safer file formats, such as RTF or plain text, to minimise the risk of virus transmission and malware.
– Regularly back up your files on a ZIP disk or CD-ROM to protect critical information from loss due to viruses or hardware malfunctions.
Handling Sensitive Information:
– Use high-quality cross-cut shredders to ensure the paper is cut into tiny pieces.
– Feed CD-ROMs into a dedicated shredder designed for that purpose.
– Break floppy disks and backup tapes into small fragments after opening them.
Maintaining an Organized Workspace:
– Keep your desk tidy to easily notice any missing items.
– Secure sensitive documents and digital media in locked drawers or cabinets.
– Use security cables to secure laptops physically.
– Always lock your workstation before stepping away (using Ctrl + Alt + Delete or the Windows key + L).
What Not To Do:
Avoid posting sensitive documents online. This includes User IDs and passwords, IP addresses, contracts, account numbers, client lists, intellectual property, and employee records.
Phishing and Identity Theft Awareness:
Both phishing and identity theft involve deceitful attempts to obtain sensitive information like usernames, passwords, and credit card numbers by pretending to be a trustworthy source in electronic communications or by using someone else’s identifying details without permission.
Recommended Actions:
– Report any suspicious emails or unusual phone calls that request personal information (such as your mother’s maiden name, birth date, or last four digits of your Social Security Number) to the relevant authorities.
Precautions:
– Refrain from opening attachments unless necessary—especially if they come from unknown senders.
– Do not share sensitive information (including your mother’s maiden name, birth date, and last four digits of your Social Security Number) in any written communication or electronic format.
Workstation Security – Leaving a workstation unlocked violates security protocols and makes the system vulnerable to breaches.
Recommendations:
– Set up a password-protected screensaver that activates after 10 minutes of inactivity.
– Always lock your workstation before stepping away by:
a. Pressing Ctrl + Alt + Del
b. Selecting Lock Computer
Be Firm in Upholding Policies:
– If someone requests that you breach policies or procedures, stand your ground and act ethically, management will back your choice.
Laptops:
– Losing a laptop can severely damage an organisation. It is crucial to secure laptops and use them responsibly to safeguard sensitive data and prevent unauthorised network access.
Recommendations:
– When leaving a laptop unattended in places like hotels or offices, secure it with its security cable to an immovable or heavy object.
– Utilize firewall software for protection against hacking attempts on public networks and the internet.
– Update antivirus definitions weekly to maintain effectiveness and avoid system failures during travel.
– Avoid saving passwords in files, web browsers, VPN applications, or any other insecure platforms; instead, use encrypted password management software.
Visitor Escort Policy:
– Unaccompanied visitors pose a significant security risk to an organisation.
Recommendations:
– Visitors should always be escorted while on the premises. Monitor them closely; if you must leave, ensure another person takes over their supervision.
– Frequent visitors should receive identification badges for easy recognition.
– Under no circumstances should visitors be granted access to the company network without explicit authorisation from senior management.
Share Information Wisely:
– Unauthorized sharing of sensitive information can severely threaten an organisation’s security. The saying loose lips sink ships is well-known for a good reason.
Recommendations:
– Only share sensitive information with individuals who have a legitimate need to know it.
Share Information on a Need-to-Know Basis
The unauthorised release of sensitive data poses a significant risk to an organisation. Many are familiar with the saying loose lips sink ships.
What You Should Do:
– Share sensitive information only with individuals who require it to fulfil their responsibilities.
– Carefully evaluate the distribution of information to business partners, consultants, and clients. Besides adhering to confidentiality and need-to-know principles, make sure that a non-disclosure agreement safeguards all information.
What You Should Avoid:
– Only share sensitive information with colleagues if they have a legitimate business-related need for it. Key considerations include What is the purpose of this information? And Who else will have access to it?
– Refrain from disclosing sensitive details to friends, family, or anyone lacking a need-to-know.
—
Proper Use of Company IT Equipment
What You Should Do:
– Treat office equipment and software with care and heightened awareness.
What You Should Avoid:
– Only change settings on the operating system or CPU with prior notification from authorised personnel.
– Avoid using office equipment for personal tasks.
—
Piggybacking & Tailgating
Piggybacking happens when an authorised individual permits someone else to follow them into a secure area, while tailgating occurs when an unauthorised person sneaks in before the door closes.
What You Should Do:
– If you encounter a door that doesn’t close automatically or has a malfunctioning lock, notify building security.
What You Should Avoid:
– Do not hold doors open for strangers; ensure no one enters behind you without your knowledge.
—
Personnel Screening
What You Should Do:
– Conduct verification and background checks on permanent employees during the job application process. This should encompass character references, validation of claimed academic and professional credentials, and independent identity verification.
All employees should be required to sign confidentiality or non-disclosure agreements as part of their initial employment terms.
Maxthon
When it comes to safeguarding your online banking information while using the Maxthon browser, there are several essential practices to keep in mind. First and foremost, it’s crucial to create strong passwords for your banking account. These should be unique and complex, incorporating a mix of uppercase and lowercase letters, numbers, and special characters. Steer clear of easily guessable details like birthdays or the names of pets.
Another vital step is enabling two-factor authentication (2FA) if your bank provides it. This feature adds an extra layer of security by requiring you to enter a code sent via text or email alongside your password.
Keeping your Maxthon browser updated is also important; regularly checking for updates ensures you benefit from the latest security patches and enhancements designed to protect against vulnerabilities.
Additionally, make it a habit to clear your browsing data frequently. By regularly deleting your history, cache, and cookies, you minimize the risk of leaving behind sensitive information that could be exploited by hackers if they gain access to your device.
Taking advantage of Maxthon’s privacy mode can further bolster your security while conducting online banking transactions. This feature allows you to browse without saving any session data like cookies or site information.
You might also want to consider installing reputable security extensions or antivirus plugins available for Maxthon. These tools can offer real-time protection against phishing attacks and malware threats.
Always remain vigilant about phishing scams as well. Before logging into your banking site, double-check the URL carefully. Be cautious with links sent through emails or messages that claim to be from your bank unless you’re certain they are genuine.
Finally, remember to log out after completing any transactions in your online banking session. This simple act helps prevent unauthorized access should someone else use your device afterward.
By adopting these strategies while using Maxthon, you’ll significantly enhance the security of all your online banking activities.