The Ten Commandments of IT for everyone
As we continue to hire more colleagues and embark on new projects, we have to think harder about security at our company. You never know when our company might become the target of corporate espionage or a cyberattack.
Security is important at all levels of a company, and it starts with individuals.
The ten things that each of us can and must do to improve the security of our company.
1. Lock Your Computer, or the Clean Screen Policy: You know how it goes. You finish your task, happily get up from your desk to make a DoubleShot++ espresso, and when you come back, you look in your sent mail and discover that you just invited the whole company to lunch. The reason is that you forgot to lock your PC and your colleague took advantage of the opportunity. A lunch together is a great thing, but a data leak is not.
2. Two-factor Authentication: Secure your credentials with two-factor authentication. Sure, this means it takes you longer to log in when you come to work in the morning, but at least you always have to confirm that it’s you signing in, and not an unauthorised person.
3. Think before You Click: Strange emails from rich princes don’t fool anyone these days. The scammers know this, so they are now trying to write emails that look plausible. They often place you under psychological pressure in order to make you click, quickly and without thinking, on a URL that seems real, but is actually subtly different; it can lead to a site that installs software on your PC that can then download information and seriously damage our company or our clients. This also applies to blindly providing permissions when you install apps on your PC or your phone.
4. Encrypted Hardware: A large amount of the data stored on our work computers is considered protected (personal details, databases, credentials, etc.). If such a device were to be stolen, the data could be exposed and sold to a third party. So encrypt your drives.
5. VPN: The digital age brings various conveniences in terms of remote working. If you are connecting to your corporate network, corporate infrastructure or even your private internet banking via an unauthenticated public network (e.g. at a café or airport), then use a VPN. This eliminates the risk of theft, misuse of data and often also money.
6. Curiosity Doesn’t Pay: You find an unmarked USB drive on your desk. You’re very curious as to what secrets it holds. Well, it could be unwanted software that copies your entire drive. Always be careful about what devices you plug into your computer. If you don’t know the origin of a USB drive and don’t want to risk it, bring it over to the IT team, who will look into it on an isolated device.
7. Keep Your Device Tidy: You’re working on a project that you need to test against the production database. Or you have a client’s personal information in your inbox. When the project ends, delete all sensitive data from your PC and mailbox. This way, you don’t have to worry about storing data that could damage the company, and you save a few GB of disk space in the process. It’s a win-win situation.
8. Clean Desk Policy: Don’t leave any documents on your desk when you go home. Unauthorised persons may be present in the premises and take or copy the documents.
9. Unauthorised Person: Is there someone moving around you don’t recognise? Are they unaccompanied? Ask them what they’re doing and whether they’re looking for someone, then take them to this person or directly to the exit.
10. Don’t Get Caught: Phishing is the most common technique used to obtain unauthorised data through emails. Look out for suspicious signs: mistakes, typos, urgency, informal modes of address, a suspicious domain or URL. Protect data and personal information. If you have any suspicions, contact the IT team immediately.
