Security awareness is an ongoing process and should be so incorporated into your everyday life, that you can do it without really thinking about it.
Consider the following list of our Top 10 Security Awareness Tips: How many are already part of your day-to-day functions? Are there any that you do without even realizing it? Which ones can you improve upon?
10. Always Be Alert
Don’t let busy work days and deadlines pull your focus away from security awareness. Stay alert at all times. That includes awareness of your surroundings and take notice of anything that seems off (such as someone who doesn’t belong, or secured doors left open).
9. Look Out For Shoulder Surfers
No matter where you are, use situational awareness to prevent people from looking over your shoulder and spying on your emails, your card information, your client documents, and whatever else may be on your screen. Most security awareness utilizes non-technical techniques.
8. Lock Your Workstation When You Leave It
Leaving a workstation unlocked, be it computer or desk, is an unnecessary security risk. Avoiding this risk is a simple yet vital part of your responsibilities.
7. Properly Store (and Destroy) Documents
Even in this digital age, there is sometimes a need for physical documents. Always store them in a secure location to prevent them from being misplaced, damaged or stolen. When you no longer need a document, you should destroy it properly according to organizational policy (such as with a shredder).
Backing up files is crucial. It’s also the standard. Most organizations have a method for backing up important data and may already do this automatically for you. In your personal life, we recommend the 3-2-1 method of backing up: 3 copies of your data, stored in 2 locations, with 1 of those locations offsite.
5. Don’t Click On It!
When checking emails, be sure to hover over links with your pointer to display the full URL to confirm that it’s legit. Never download attachments from people you don’t know, and if you DO know them, make sure they actually sent the files. In addition, try to avoid clickbait. (You know, those really tempting headlines that your curiosity is begging you to click.) At best, they’re a waste of time. At worst, they are links to malicious sites that will infect your computer or device.
4. Don’t Give Out Personally Identifiable Information
Don’t give out any PII that refers to you or anyone else (especially clients). PII is often used to steal identities and sometimes used to launch phishing campaigns.
3. See Something, Say Something
All of the above is great to know, but what do you do with all of those SA skills? You report incidents. If …
- … you spot a phishing email … report it.
- … you see a suspicious person … report it.
- … someone is pressing you for PII (like a social engineer!) report it!
2. Respect Privileged Access
There is a hierarchy to security awareness just like there is a hierarchy to every organization. Not every individual needs or deserves the same amount of access to sensitive info online or physical authorization to secured areas. But you should require every individual to respect the access they’ve been granted. Never allow someone else to use your credentials for any reason.
1. Always Follow Policy
This is quite possibly the most important tip on this list. Why? Because it encompasses all of the above and then some. Organizational policies exist to protect you, your co-workers, clients and associates. If you have a question about any policy or need more info, please don’t hesitate to ask!