Safe Computing Tip #1 – Understand Your Role in Corporate Cybersecurity
As an employee you are your company’s first line of defense against cybersecurity threats. While IT administrators will do everything they can to make your day-to-day work experience as secure as possible, it is ultimately your responsibility to practice safe computing in the workplace.
Safe Computing Tip #2 – Avoid Using Shadow IT in the Workplace
Shadow IT – also known as Stealth IT, Client IT, or Fake IT – is any system, solution, or software you use for work without the knowledge and approval of your IT department.
Shadow IT poses a unique threat to cybersecurity as the technologies are not under the control of the IT department. These applications, Software-as-a-Service (SaaS) products, and other shadow technologies put corporate data at risk because they are not being appropriately secured.
Examples of Shadow IT
Transferring corporate data to personally managed cloud storage accounts and USB storage devices
Signing up for corporate SaaS accounts without approval of the IT department
Using personal devices for work purposes without a formal Bring Your Own Device policy
Using unofficial communication tools for work (Slack, Discord, etc)
These shadow IT safe computing tips do not just apply to software with viruses and other malware, either. The shadow technologies themselves may not even be inherently insecure. Platforms, services, and applications that are widely used in business settings may simply become insecure due to the lack of visibility and control the corporate IT department has over them.
A personal cloud storage account, for example, could be used to transfer work-related files to a coworker. However, if that data falls under a protected class such as personally identifiable information (PII) then your ability to access that data outside of work would be a violation of corporate and regulatory data security compliance standards.
Shadow IT Cybersecurity Tips For Employees
Do not use unapproved technology in the workplace.
Encourage your coworkers to use officially supported solutions.
If a particular shadow technology fulfills a highly desired need in the workplace, advocate for its official adoption.
Report suspected shadow IT usage to your IT admin or manager.
Safe Computing Tip #3 – Beware of Phishing Emails & Social Engineering
These phishing safe computing tips are absolutely essential for any employee with internet access. According to the Verizon report a vast majority of malware is delivered via email. Business email compromise (BEC) is a pervasive threat that you need to be aware of to use computers safely.
A report from Tessian found that a staggering 1 in 4 employees have admitted to clicking on a phishing email at work. According to a report from PhishMe employees who have opened a phishing email in the past are 67% more likely to fall for a future phishing attempt.
Phishing is a type of fraud that uses fake emails, text messages, or social media messages to convince you to click a link, fill out a form, provide sensitive information, transfer funds, or take other actions that benefit the attacker.
Phishing is a constant threat to data security. It is responsible for 22% of the data breaches studied in the Verizon report. Cybercriminals use phishing attacks to compromise accounts, steal company funds, and breach sensitive data.
Social Engineering is an advanced form of social manipulation where an attacker convinces an employee to provide confidential information or unauthorized access to corporate systems.
Social engineering can be as simple as pretending to be a contractor in order to gain physical access to the office or as advanced as impersonating an executive to trick you into providing them with confidential information.
Phishing Cybersecurity Tips For Employees
Learn about anti-phishing best practices and follow them. Your employer should provide you with anti-phishing training that includes phishing simulations, examples of phishing emails, and procedures for reporting phishing attempts to your IT department.
Treat every email that demands non-public information, files, or unexpected requests with suspicion – especially if it tries to force you to rush the request. If a request sounds dubious, take the time to call the requester and verify that their demands are legitimate.
If you receive a suspected phishing email, report it to your IT department so they can investigate. Your employer may even be performing a phishing simulation that tracks how well employees respond to phishing attacks.
Safe Computing Tip #4 – Use Strong, Unique, & Confidential Passwords
Following these password hygiene computing tips is essential for protecting data. Unfortunately poor password hygiene is far too prevalent – a shocking 59% of users surveyed in the LastPass Psychology of Passwords Report admit to reusing passwords!
Your passwords must be unique, private, and easy for you to remember without being easy for an attacker to guess. Along with a strong password you should use multi-factor authentication (MFA) wherever possible; this forces a would-be attacker to bypass multiple authentication measures (a password + biometrics, a PIN number, etc) before they can breach an account.
Password Security Tips For Employees
Do not reuse passwords. If a data breach ever leaks one of your accounts the attacker could gain access to other accounts using your reused passwords.
Use company-provided authentication measures such as a password manager or Identity Access Management (IAM) solution.
Do not leave passwords in an insecure location such as a post-it note, journal, or unencrypted text file.
Do not share your passwords or accounts with coworkers. Every employee must have their own unique login credentials so that their activity can be accurately monitored and managed by the IT department.
Make long and simple passwords. Think of your password as more of a passphrase. Use a series of unrelated words to create long, simple passwords rather than short and complex ones. Passphrases are easier for you to remember and harder for attackers to brute force or guess.
Safe Computing Tip #5 – Avoid Using Company Devices for Personal Use
Browsing social media or accessing your personal email from a work computer might seem benign, but it can actually be a potential source of danger for sensitive data. The websites you visit for leisure may potentially be not as secure as the ones that are normally accessed during the workday.
Personal email accounts are especially dangerous as they are not protected by enterprise-grade secure email gateways. This means that it is far more likely for you to receive dangerous phishing emails and malicious attachments in your personal email inbox than your work-only inbox.
In terms of personal privacy, if your employer monitors computer activity on work devices they may also inadvertently capture your sensitive personal information. If you must use company devices for personal use, ensure that it follows any guidelines provided by your employer.
Personal Use Computer Security Tips For Employees
Follow your employer’s internet use policies. They will provide you with guidance regarding the personal use of company devices.
Wherever possible you should use your own personal devices for non-work web browsing and applications.
Do not install or use unauthorized software on company computers.
Understand that anything you do on the corporate network can be monitored.
Do not visit high-risk websites such as file sharing sites on company devices.
Safe Computing Tip #6 – Never Leave Devices Unlocked When Unattended
Any workplace that takes cybersecurity seriously will force you to use a unique login to access company property. To prevent unauthorized users from accessing your account (and anything your account can access), lock out your workstation any time that you will not be physically present.
On a Windows computer you can quickly lock your computer by pressing the Windows Key + L at the same time. On a Macintosh computer you will use Control-Shift-Power to lock your screen; on older MacBooks with an optical drive you will use Control-Shift-Eject.
Physical Security Tips For Employees
Lock your workstation whenever you will not be physically present.
Do not leave mobile devices unattended. This includes leaving devices in your car, in checked luggage, or on a table of a coworking space or coffee shop.
Do not provide anyone with unauthorized access to the premises. If they need access they should have been provided with a designated contact.
If a door requires a keycard or similar device to get in, ensure that you close the door behind you rather than holding it open for someone else.
Keep any secure cabinets locked at all times; do not leave them unlocked unless you are immediately accessing its contents.
Keep any keys, keycards, ID badges, or related access tools on you at all times.
Do not store sensitive or confidential data on any portable storage device. These devices are easily lost or stolen, making them a valuable target for hackers.
Follow your organization’s data security policies. They may include encryption requirements, specific procedures for USB devices, and designated devices.
Do not insert unknown USB devices into company computers. Your organization should have policies and procedures surrounding USB devices such as requiring that they are scanned for malware using an air gapped computer.
Only use company-authorized USB devices. Do not bring personal USB flash drives to work and avoid using any USB devices that have been provided at conferences or trade shows unless they have been approved by your IT department.
Do not bring company-provided USB devices home with you without prior approval and a legitimate need to do so. Instead, keep it locked in a secured cabinet in your workplace.
Do not plug company-provided USB devices into personal computers. If your computer is infected with malware it could transmit it to your company’s network.
Safe Computing Tip #8 – Follow Company Policies and Procedures
Following your employer’s policies and procedures is paramount to safe computing. These policies may include a work from home policy, acceptable use policy, or data security policy. If you are uncertain about your employer’s data security expectations you can request clarification from your employer or review these policies at any time.
Policies & Procedures Tips For Employees
Read and understand every security policy you agree to. Re-review them as necessary to ensure you do not pick up bad habits over time.
Request clarification or further training whenever you are uncertain about a given policy or procedure.
If you see a coworker not following proper procedure, help educate them on the correct procedure or inform their supervisor.
Safe Computing Tip #9 – Beware of Disclosing Personal Information on Social Media
Social networking tools have changed the way we interact both at the professional and personal level. With their increasing popularity, they also bring tremendous opportunities for network threats and scammers.
Be prudent about not sharing personal or company information on social media platforms. The more information you share, the more likely it is that someone could impersonate you and entice your circle of friends/associates to share personal information, download malware or gain access to restricted assets.
Social Media Security Tips For Employees
Follow any applicable social media policies that are provided by your company.
Do not share nonpublic information about your workplace, coworkers, vendors, etc.
If you use social media for work, ensure that you are clear about your intellectual property rights. Accounts that are created for work purposes may be considered your employer’s property even if they represent you as an individual.
Limit the amount of personal information that you may publicly available on social media. This information could be used by an attacker to impersonate you in a social engineering scam.
Do not openly complain about your workplace on social media. A potential attacker could use this information to persuade you to become a malicious insider threat. It may also cause damages to your reputation as a professional.
Safe Computing Tip #10 – Stay Away from Public WiFi
If you’re travelling for work or you want a change of scenery you may be tempted to use one of many publicly available Wi-Fi hotspots.
These convenient wireless internet connections are provided by places such as hotels, coffee shops, and airports. These may be fine for low-risk personal browsing but there are dangers you should be aware of.
Honeypots. Attackers could make a “honeypot” where they spoof an existing hotspot. Once you connect to their hotspot they can perform a man-in-the-middle (MITM) attack to intercept your connection with a fake domain that looks like the one you were trying to visit. Once you login to the fake domain they now have your login credentials.
Traffic Sniffing. Other users of the hotspot could potentially see your traffic on unencrypted websites if the provider of the public WiFi does not have adequate security controls in place.
Ideally you will have access to your own private mobile hotspot that you can use to connect to the internet while working remotely.
WiFi Security Tips For Employees
Do not use public WiFi hotspots. Instead, make a password secured personal hotspot by tethering to your cell phone’s data network or by using a dedicated mobile router.
If you do not have access to reliable mobile internet you can use an enterprise-grade VPN to reduce, but not eliminate, the security risks of public WiFi.
Where possible you should only use public WiFi for low-risk web browsing on a personal device.
Never leave your equipment unattended if you are working in public space. Even a short bathroom break can provide a thief plenty of time to steal a laptop or cell phone.
There are many data security risks that employees can help prevent. By following these 10 safe computing tips for employees you can do your part to keep sensitive data safe and protect your workplace against malicious hackers.
Did you enjoy this article? These computing tips are just a start. Click the links below to learn more cybersecurity tips and keep sensitive data safe.
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.