Boost your security awareness!
Security is often defined as consciously taking acceptable risks. But what is acceptable to your organisation? Everyone has a different view of acceptable risk. No one would disagree, however, that you need to look after your passwords. Otherwise, you run the risk of your data and/or your money being stolen. To make you and your staff more aware of on-line security issues, we've produced a set of practical tips.
Use complex passwords with at least ten characters, or use passphrases: sentences with added numbers and special characters.
Don't re-use passwords.
Use two-factor authentication if possible.
Train your staff to recognise phishing mail, so that they don't use unsafe links or open dodgy attachments.
Always look to see whether a message's sender matches the contents.
Avoid clicking on links wherever possible. If you want to visit the linked page, don't click, but copy and paste the link into your browser and check it before going ahead.
Enable safe browsing mode. Then you'll get an automatic warning if a website you visit is insecure.
Even when safe browsing is enabled, ask yourself whether any website you visit might be unsafe.
Use an ad blocker.
Secure workplace set-up
Use antivirus software.
Use a firewall.
Always keep your operating system (OS) and applications updated to the latest version.
Always lock your screen if you leave your computer unattended.
If working in a public place, use a screen filter on your laptop to stop people snooping.
Wherever possible, keep your data on your own secure server.
If you do save data in the cloud, encrypt it.
Download securely, or don't download at all
Use programs that send data securely. Protect things that you send with passwords.
Place restrictions on application downloading in your network environment, so that unsafe applications are kept out.
Removable media security
Keep use of USB sticks to the minimum. They can transfer viruses to your computer and, if you lose one, other people can access your data. If you must use a USB stick, encrypt it. Then, if a stick does get lost, your data will still be safe.
Wi-fi en bluetooth awareness
When working away from your office, take care with open or guest wi-fi networks. It's usually better to use a 4G connection. If you have to use an open wi-fi network, use a VPN connection. Crooks can also use Bluetooth to send things to your phone without you being aware of it. So don't use Bluetooth in busy and/or public places.
Only use company-approved apps. You may find a particular app really useful, but that doesn't mean that its security is good. Stick to the standards that the company provides.
Social media security
Don't share customer data via social media.
Don't accept unsafe attachments via social media.
Social engineering alertness
Make your staff aware of environmental factors that could lead to sensitive information leaking out. For example, they should beware of outsiders looking at their laptop screens while they are working away from the office. And suspicious calls or e-mails about things such as unpaid invoices should be treated with caution..
Trust is good, control is better:
A healthy dose of mistrust is always a good idea when working with computers.