Organizations that operate without a definitive and clear security awareness plan in place for file transfers, emails, or internet usage, open themselves up to big security risks. However, these risks are easy to prevent with a bit of training and forethought.
If this habit of overlooking sounds like your workplace, never fear. Even without a policy to follow, there are simple ways you can implement better security practices in your current role and workspace to protect yourself, your information, and your company’s data from prying eyes and malicious scams.
Here are 10 easy ways to promote better security in your role, without needing permission to do so:
- Never download unapproved software
Although that free screen capture application or photo editing software may seem tempting, don’t download it without approval first from your IT department. Free software is rife with malicious code, which can introduce malware, ransomware, and other threats to your computer and company’s network.
If you aren’t sure whether the software is safe to download or not, contact IT. If you’re on your personal computer, always check trusted online resources, such as forums or software review websites. They can be useful to find information on the application you’re considering. Most of the time, if it’s not safe, you can find an alternative option that is.
- Send files (in and out of network) securely
If you need to send a file to someone in your, or through, a remote network, always be sure to send it securely. Use a managed file transfer solutionto protect sensitive company data. And instead of using FTP, email, or other unsecured methods to transfer files, use a secure protocol like Open PGP or SFTP to encrypt the information.
- Don’t send sensitive information in emails or online messages
Even though email and online messaging are fast and convenient methods of sending information to someone, they’re not secure. A single spear phishing email or instant message containing a bad link can give hackers access to the information on your computer. And if you send sensitive information through messages and your workspace is compromised, you’re doing the work for them. Hackers won’t have to go far to retrieve your private data.
It’s important to remember that emails and online messages can be forwarded with just one click of the mouse or intercepted during transmission. Once that username/password combination, credit card number, or completed W-2 form is out of your hands, the information can be forwarded to just about anywhere. So instead of transmitting data across the network, cut out the middleman. Identify situations where you can deliver the information directly, whether by a phone call or in person. Can’t do that? Send the data via an encrypted folder-to-folder transfer or through a secure form with a link and password.
- Follow best security practices for application passwords
Although it may be tedious, changing your password every 60-180 days is a standard industry practice, and when followed, can notably limit the access hackers might already have by cutting them off after a specific amount of time. It’s particularly limiting for hackers who may come in and quietly monitor business processes before making any sudden moves.
However, when employees do change their passwords, they often rift off their original password, such as adding an extra number or switching out the capital letters. Work professionals may use a weak password or use the same password across multiple websites, which is a huge security risk. If hackers can access one account, they can access them all.
With all the data breaches happening today, it’s important to create strong passwords, use a different one for each account, and change them every so often, at work and at home. Your personal data is just as important as company data—and remember, anyone can have their information stolen.
- Clarify sender intentions if you receive a questionable email or attachments
Overall, approaching your inbox with a critical eye can be a good practice. It’s not a bad idea to be wary of every attachment you don’t recognize or didn’t perhaps anticipate, even if it’s from a trusted sender. If you aren’t sure about the contents, follow up in person, over the phone, or in a separate email thread.
Although it may add unwanted time to your day, it’s worth the extra thought and attention. Phishing and spear phishing emails are some of the main avenues hackers take in order to gain access to company accounts.
- Install computer updates whenever they’re available
Depending on the operating system you use, updates and security patches may be frequently available. Microsoft, for instance, ships new updates for Windows on the second Tuesday of every month (find a detailed list here). Apple’s updates come a bit more sporadically, though are still shipped often enough to maintain OS security.
Installing these updates and patches is a key part of keeping your system up to date with the absolute latest security concerns and improvements. Some companies choose to automate this process, installing updates in the background. If you’re not sure whether this is applicable to you, check with your IT department.
- Avoid using external flash drives to transfer information
Despite how common and easy it is to use USB flash drives, they’re not secure. USB drives can be flooded with malware or reformatted with tampered firmware (the USB’s permanent software). Unless you know where the USB has been before it was delivered into your hand, it’s best not to use it.
Why not just wipe it clean? IT teams can scan a USB drive, delete files on it, and give it back to you under the presumption that it’s clean. But the truth is that the cleaning process doesn’t even touch the files in the firmware. Once the firmware has been affected, it’s nearly impossible for most people to find the corruption and resolve it.
Then there’s the glaring danger with USB drives – you can’t control where they go or who may have access to the files once it leaves your hands. Even if it’s stored safely in your desk, can you guarantee that no one will take it when you’re away or not looking? Or that extra copies won’t be made of the file if someone else uses it? No. Better safe than sorry.
- Lock your computer whenever you step away from your desk
This is a simple, but serious step you can take to mitigate risk in your workspace. Anytime you choose to step away from your computer, even to grab a cup of coffee, it’s a good idea to lock your computer. This may not prevent external hackers from stealing sensitive data, but it can deter a renegade employee or a potential “visiting guest” from snooping through your information while you’re away.
If you’re concerned you’ll forget to do so while in the rush of a busy workday, most computers allow you to set a default lock whenever your session has been inactive for a certain amount of minutes. Ask your IT team how to configure this, then set it to the ideal amount of time that can create a balance between security and usability. Ten to fifteen minutes is typically adequate.
- Ensure your connection is secure if doing work at home
If you have the ability to work from home, make sure you set up a secure connection that adequately meets your company’s standards before accessing any sensitive information, such as email and user accounts. Avoid working on devices that haven’t been approved by the IT department, such as a personal phone or laptop that could be compromised with malware or questionable software. And as always, use protected Wi-Fi, as open Wi-Fi connections (especially public Wi-Fi) are extremely vulnerable.
- Make security a topic for discussion in your role, department, and organization
Last, but definitely not least, be an advocate for security in your organization. If you recognize the need to protect your own data, as well as your company’s, others will start to recognize it too. Ask leadership or the IT team if they plan to create a security awareness program or keep their policies documented for internal reference. Share what you learn with your coworkers or bring them into the conversation by inquiring how they handle security in their own role(s). And, apply the same work practices in your personal life – your data is important too!
Protect your data at work and debunk common cybersecurity mythsby downloading our free whitepaper.