The simple – more obvious things:
- Don’t walk away from your computer without locking it. Would you leave your house door unlocked so that anyone could steal from you, or begin taking up residence in a back room of your house? Not likely… Leaving your computer unlocked when you walk away is essentially the same thing. Data can be stolen, and malicious content can be uploaded and be hidden in the background.Windows Hello can help you with this. Have a sudden potty emergency? Need a coffee break? Did you walk away and forget to lock your PC again? No worries! You can use Dynamic Lock to pair your phone or other Bluetooth device with your PC and when you’re out of range, your PC will automatically lock. Here’s how to set it up – https://support.microsoft.com/en-us/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from
- Don’t copy files to a portable storage device without your employer’s permission. If you have to work from home, it’s likely your employer would rather set up a Virtual Private Network (VPN) for you, which can allow you to access your work data more securely. Not sure how to set one up? Give us a call at Cyber Solutions and we’ll help you out!
- Don’t download software to your machine or device without employer permission. Downloading software without permission is probably the easiest way to introduce malicious software into your company. Chances are, you don’t want to be “that one” who allows a ransomware attack into the business that ultimately puts your company out of business.
- Don’t download music and videos onto a business device. This is right up there with downloading software on your business device – not a good idea at all.
- Keep it clean. It goes without saying, but don’t be viewing things you ought not to be viewing at work.
The not-so-obvious things:
- If you get an email from someone you don’t recognize, don’t click on a link. Would you let anyone in your home, just because they came to the door? Probably not. If you don’t recognize the sender’s address as being legit, it’s probably not a good idea to assume their intentions are worthy of your attention.
- If you get an email from someone you recognize, and there is a link, don’t assume the email hasn’t been hijacked by a hacker. If the link seems out of character for the sender, it probably is. Better to make a phone call to the sender, just to be sure.
- Consider Multi-factor Identification. Imagine what would have happened if the prince would have married one of Cinderella’s evil stepsisters. Surely, they wouldn’t have had a happy ending. When the prince wanted to try the glass slipper on Cinderella’s stepsisters, what happened? They all lied. But the story checked out… until the slipper didn’t fit. Multi-Factor authentication requires two or more pieces of evidence before access is granted. The factors could be knowledge (the evil stepsisters’ story was accurate), possession (the shoe didn’t fit), and inherence (there is only one Cinderella). In real life, generally a code (something you know) is sent to a user’s cell phone (something you have) or thumbprint or facial recognition (something you are) is used before access is granted.
- Ensure important data is backed up. If the unfortunate happens and you fall victim to a cyber security attack, your back up will be your saving grace. Just make sure it’s backed up regularly and make sure your backup is accurate.
- Be wary of external data devices from outsiders. Imagine you’re interviewing a potential employee for your company, but perhaps his intentions aren’t so wholesome. He tells you he forgot to bring his resume with him (red flag #1), but that he has it on his flash drive (red flag #2) and asks you if you wouldn’t mind downloading and printing a copy (red flag #3). As soon as you insert the USB device, it begins downloading malware to your machine, and you don’t notice it for a couple of weeks, and by then, your “potential employee” is long gone with your precious company information, because he’s been using malware to poke around in your files when you weren’t looking. Not good.
- Keep your server door locked, and by-golly don’t make it the same room as the janitor closet, especially if you are responsible for data that should remain private! Best case, you expose your own data. Worst case, you expose data that should remain private under the law. If you have important data, such as family court records or private health information, be sure your server room is secure. Giving a 3rd party janitor service a key to your janitor/server room is not secure. They might not be as diligent as you are, and they might just leave the door wide open to the public. Don’t laugh… we’ve seen it! Be wise.