Educating your staff on security awareness is essential to protecting your organisation. We’ve put together the following 5 steps to keep your information secure. You can also download this as a PDF flyer to share amongst your colleagues.
1. Physical and Digital Safety
Keep Your Devices Safe
When taking any electronic devices out of the office, take stringent measures to ensure these don’t fall victim to theft.
Don’t leave devices in unattended vehicles. If they do have to be left, hide them.
You’ll usually be required to take company issued portable devices off site at the end of the day. This ensures disaster recovery and business continuity plans can be implemented in case of loss of access to the building(s).
All devices should be protected by a PIN or password at start-up and unlocking.
Physical Security – Restrict Building Access
If your office has a door entry policy, honour this and politely query the intentions of any unaccompanied visitors.
Take care to not let unknown persons slip through coded doors behind you.
Inform security immediately if you lose your entry badge or key fob.
2. Access Information Securely
Passwords
Passwords are the first defence in protecting your information. Common passwords like “123456” or ‘Password1”, along with your favourite pet’s name or your son’s birthday are surprisingly easy for an attacker to figure out with a little prying.
- Create a strong password: Make it suitably lengthy, with a mix of upper and lowercase, numbers and punctuation. Try joining together some unconnected words, you won’t remember random characters, e.g. Swim4unIcorn!puppet
Change your password immediately if you think it’s been compromised. It’s not advisable to use the same password for multiple accounts, but if you have, change it on all affected accounts.
Public WiFi
Public WiFi connections are not all secure. When working on sensitive information, ensure you’re using a secure connection or a VPN (virtual private network).
3. Protect Yourself from Attacks
Social Media
No matter how locked down your privacy settings are, you can never be too sure who is really seeing the personal information you post online. The more detail you share the easier it is for a criminal to infiltrate your life.
Phishing
Treat any unexpected emails with suspicion – particularly those with file attachments or links. Hover over any links to see if the web address looks legitimate or related to the email content.
Always check the email “from” address matches the person or company you expect it to. Look out for misspellings and numbers used in place of letters.
If there’s an unusual urgency or phrasing from a colleague, check with the sender in person if their request is genuine.
Phishing isn’t just limited to email. Callers can impersonate a business to phish for details, then use that information to either trick a real customer or exploit the information gathered.
4. Maintain a Secure Working Environment
How secure is your office?
The ‘office’ is a more fluid working environment than it used to be. For some, it will be the kitchen table, for others the local coffee shop and for many the typical open plan working space.
Regardless of the environment you’re in, you’ll need to stay vigilant about keeping your company information secure.
- Lock Devices: Log off or lock your screen on all devices when leaving your working space. From the curious 3 year old, to the disgruntled colleague, an open device invites prying fingers and deleted files, or worse.
- Clear Desk: When leaving your desk for any length of time, file and lock away all important paperwork on display, shred any company sensitive handwritten notes and don’t leave post-it notes of passwords lying around.
- Mobile Devices: If you leave your working space, secure or take your portable devices with you.
5. Store Information Securely
File Storage
Your company will likely provide you with a secure, cloud-based storage facility for your data. Saving documents on your desktop or in local folders circumvents the security and backup provisions set up by the business.
If you’re unsure where you should be saving your files, check with your IT department or line manager.
Don’t store company related data on public cloud storage platforms (Dropbox, Google Drive, iCloud), without prior permission.
—
To illustrate security awareness within an organisation we’ve designed a poster highlighting all the ways security could be improved in the scene. Read our take on each issue and download the poster in our Increase Staff Security Awareness blog post.
M-Tech Systems offer ongoing IT support services and technology solutions for businesses and educational establishments of all shapes and sizes across the UK. We can work with you however you need; stepping in for one-off projects, working together on your IT strategy, supporting your day to day operations. Drop us a message about keeping your information secure, we’d love to chat.