Week two of National Cyber Security Awareness Month is focused around security in the workplace. What can individuals and companies do to keep their employees and their confidential information protected? I have a few tips for everyone regarding workplace cyber security.
There are a few things I’ve noticed that shock me at workplaces I’ve visited over the years that are huge issues, but easy to fix. First and foremost is everything to do with passwords. I’ve seen it all: passwords written down on sticky notes on laptops and monitors, written on the whiteboards of cubes, written on pages of notebooks left open for anyone to see — you name it. This is something that just needs to stop. A laptop with a password written on a Post-It is begging to be stolen and breached. It’s bad enough to have a laptop stolen; it’s far worse for your password to be written down on it as well. Just don’t do it. Make a password that you can remember — phrases are great and complex. Just whatever you do, fight the urge to write down that password!
The next password related foul I see in the workplace is the sharing of passwords with other users. Never let anyone have your password, never tell anyone your password, never let anyone log in using your password. I’ve seen colleagues giving their password to each other, and I’ve even seen employees giving their password to vendors to login to their Salesforce account. Your account is your account, it’s personal just to you. If someone else does something on your account, it will be accredited to you. Make sure you keep those passwords private!
A good rule of thumb in any company is a simple one: When you’re away from your computer, lock your screen with a password. When you walk away from a logged in computer, you’re inviting anyone to sit at your machine and do anything they want with your account. It’s really difficult to disprove you did something malicious, since it’s your machine and your accounts. Please always make sure to enable a lock screen and lock your computer when you step away for any reason.
The workplace is a great target for phishing schemes as well. Since in the course of a day you’re likely required to open documents sent to your email, such as Excel, Word and PowerPoint files, it’s easy to trick someone into opening a malicious file, or clicking on a malicious link. Take caution when doing either of these tasks. Stop and look at who is sending this. Do you know them? Does it look like an email they would write? Is their signature the same as it usually is? If you’re at all suspicious, contact your IT department and they can see if it’s safe to open or not.
Practicing these simple security strategies will help keep you and your company significantly safer from threats.