Using Common Cyber Sense to Stay Secure

Your IT department’s regular pleadings and how-tos about cybersecurity and safety may sound like a broken record, but there are important reasons behind following these practices and advice.

Staying secure while connected is not just about how your system is set up by the techs- it is also about how you use it.

Here is information security wisdom about using common cyber sense to stay secure, along with background information regarding why these deserve your attention.

Lock your computer screen when you are away from your desk

You are ultimately responsible for everything done under your login. If you don’t adhere to a screen locking policy, an attacker can simply walk up and start manipulating or stealing information without having to even work at getting in to your system. Leaving your computer “open” for even a short time can provide the opportunity needed by a bad actor. Though physical intruders are rare during daytime and in conventionally secured offices, intrusions do happen. Screen locks also thwart insider attacks from employees who may seek access to data beyond what they normally have rights to retrieve.

Don’t write down your passwords or user credentials

If a physical attacker gains access to your desk area, they will immediately look for written passwords and authentication material. Post-it Notes and the like aren’t secure from attackers even if they’re out of sight under your keyboard or in a desk drawer. Writing your password down provides an open door into your sensitive protected office systems. This threat isn’t only from an unknown outsider but could be coming from contractors or internal staff with malicious intent.

Don’t use the same password for other systems and services

One of the riskiest things you can do in your professional and private cyber life is to use the same password across multiple accounts or systems. Hackers are constantly stealing login credentials from less secure system. These credentials are often leaked online for other cyber criminals to exploit. They then take these stolen credentials and use them to try to access more secure systems, like online banking, or your office systems. If you re-use your work password elsewhere, you leave yourself and your organization open to this type of compromise.

Don’t install unauthorized software on any office systems

Your IT department researches and vets office systems before deploying them. Unauthorized software, including everything from stand-alone programs to plug-ins for your web browser, can pose a direct security threat. This can be either because the software itself is malicious, or because it introduces software that is not part of the patch management system in your environment. If this unauthorized software makes you vulnerable to cyber attacks in the future, but IT isn’t aware of it and, therefore, isn’t implementing regular patches or fixes, you leave a door open for attackers to easily leverage these known vulnerabilities to access business systems and steal data.

Don’t check your personal email while on office systems

By checking your personal email on your office computer, you are extending the risk profile of your workplace to include your personal activities. Your office email account is carefully managed and secured by policies and your IT staff’s vigilance in minimizing risk from suspicious emails, links, and attachments. Once you open your own email account on your office computer, you bypass many of these defenses or render them less effective. Opening a suspicious attachment in your personal email on your office computer can infect your system and possibly move to the network and others’ computers. Spreading malicious software like ransomware may prevent you or your colleagues from performing their duties and cost your company a lot of money.

If you follow these ways to stay secure using common cyber sense, you will lead a much more secure and productive life in the workplace. Remember, if you are handling your organization’s information, you play a big part in its protection and safety.

Sword & Shield Enterprise Security conducts security awareness training to help companies educate their workforce on these best practices and more. Request a consultation to get started today.

 


Comments are closed.