Security Practices for Employees
We recommend the following security practices for employees. We suggest you download these policies for employees to sign.
Limit the amount of sensitive data you leave on your machine. Try to minimize how many times you use that nifty “Remember my login for next time”, in the event your system is compromised you will be happy to know they can’t get into your bank, eBay, amazon account, & Gmail. Also, try not to download personal emails, photos, and videos. Once they are on your work machine it may no longer be considered yours depending on your workplace policy; moreover, you may lose them all in the event IT has to wipe and reload your machine for any reason. Limiting the possibilities of items that are important to you from being lost, stolen, or destroyed might save you down the road.
Handle all personal and confidential information with necessary caution and due care. Clear your desk of all confidential printed information when you are away. Lock up important data and equipment when you are not present. Securely dispose confidential papers in a shredder or locked bin and not in the trash can at your desk. Follow this policy at work and at home.
Create strong passwords and do not share them. The most commonly used practice is a password with at least 6 to 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number, & a special character. Usernames and passwords should never be written down on paper, especially on post-it notes or scratch sheets of papers left on your desk for anyone to find when you are not present. This can lead to major repercussions such as network wide malicious attacks and identity theft. If you have trouble remembering passwords especially when you are required to update them frequently, you can always ask your IT department for approved password managers to assist you.
Be alert for people trying to pry sensitive information from you via the internet, email, phone, mail or in person. Always check the senders email address and reply address to confirm where it is coming from. Don’t open unexpected email attachments or click on unsolicited links or unknown websites. If an email looks suspicious or you have an attached compressed file such as a .rar or .zip, it never hurts to check with your IT department to confirm it is safe. Email is one of the top culprits when dealing with intrusions and attacks. A double-take at an email is all the suspicion you need to have it examined by your IT department, they will thank you for it in the long run!
Always check the website you are on! If you are entering sensitive data never enter it on a website starting with (http://) if you can help it, you definitely want to use the secure version of that site if available (https://). That way all information transferred from your machine to that site is much safer. Always check if the new webpage you were taken to is within the same domain, if you are on (Microsoft.com) and were taken to (Microsoft.nand.com) you are no longer on Microsoft domain, remember the last word right before the .com on any website is your primary website you are on! So as long as you are on (whatever.microsoft.com) you know the parent site is Microsoft.
Hold only the access rights you need at your job. Don’t retain access you no longer need.
Do not allow strangers to follow you into the office. Ask visitors to follow your office guest policy such as signing in at the front desk or calling the person they are there to see.