Scorpiones Group

10 Tips for Information Security Awareness

Employees play a crucial role in running a successful business.
An untrained and negligent workforce can put your enterprise in danger of multiple data breaches.
Organizations must adopt an easy to accomplish security training program that should have the essential guidelines needed to stop Information Security Threats.

Before implementing an effective and reliable security training program, you should give your employees the next few tips about Security Awareness.

  1. Clean Desk Policy
    Sensitive information on a desk such as sticky notes, papers and printouts can easily be taken by thieving hands and seen by prying eyes.
    According to the mandates of a clean desk policy, the only papers that should be left out are ones relevant to the current project you are working on.
    All sensitive and confidential information should be removed from the desk at the end of each working day.
    During lunch or any emergency departure during office time, all critical information should be placed in a locked desk drawer.
  2. Removable Media
    It’s more common than you think for employees to find a removable thumb drive or external hard drive in the parking lot,
    bring it inside and plug it into their computer to see who it belongs to, only to find the device was planted there to either destroy or take over their computer with malware.
    Unauthorized removable media may invite data security issues, malware infection, hardware failure, and copyright infringement.
  3. Safe Internet Habits
    Almost every employee, especially in tech, has access to the Internet.
    For this reason, the secure usage of the Internet is of paramount importance for companies.
    Security training programs should incorporate safe Internet habits that prevent attackers from penetrating your corporate network.
    Employees must be aware of phishing attacks and learn not to open malicious attachments or click on suspicious links.
    Users should refrain from installing software programs from unknown sources.
  4. Social Networking Dangers
    Nowadays, enterprises use social networking as a powerful tool to build a brand (either locally or globally) and generate online sales.
    Unfortunately, social networking also opens the floodgates for phishing attacks that can lead your company towards an immense disaster.
    To prevent the loss of critical data, the enterprise must have a viable social networking training program that should limit the use of social networking and guide employees with regard to the menace of phishing attacks.
  5. UnAuthorized Applications
    From a security perspective, each mobile device is not 100% secure, Unlocked devices are more vulnerable than locked devices.
    In addition to the devices themselves, the installed applications on them should also be specified. Many freeware mobile applications are insecure.
    Don’t download any App outside GooglePlay or iOS AppStore.

  6. Information Security Awareness at Work
    1. Keep software up to Date
      Installing software updates for your operating system and programs is critical.
      Always install the latest security updates for your devices:
      • Turn on Automatic Updates for your operating system.
      • Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
      • Make sure to keep browser plug-ins (Java, etc.) up to date.

    2. Email Phishing
      Phishing campaigns leading to breaches have been steadily rising for the past two years,
      In 2019, we expect phishing attacks to surpass web application attacks to become the number one attack vector leading to a breach.
      Do not trust unsolicited emails, Always filter spam, Configure your email client properly, Install antivirus and firewall program and keep them up to date,
      Do not click on unknown links in email messages.
      Want to learn more about protecting yourself from Email Phishing? Read this article.
    3. Multi-Factor Authentication Mechanism
      Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is an additional security layer for your business assets – helping to address the vulnerabilities of a standard password-only approach.
      Multi-factor Authentication, also known as MFA or multi-step verification, adds another layer of security,
      supplementing the username and password model with a code that only a specific user has access to (typically sent to something they have immediately to hand).
      This authentication method can be easily summed up as a combination of "something you have and something you know”.
    4. Login Credentials
      Do not store your login credentials in a text file.
      Storing all your passwords in a plaintext file means that a hacker can simply steal the entire list of passwords in one fell swoop and truly wreak havoc on your digital life.
      If you’re a business owner, storing passwords in plaintext also increases the risk of an internal security issue as employees are freely able to access login credentials.
      Don’t keep your passwords in the browser as well. Just don’t do it.
      At the same time, remembering dozens of lengthy random, unique character combinations is more or less impossible.
      The most secure way to store passwords in 2019 is to use a dedicated password manager (as KeePass.)
      Here is an article about Keeping your Passwords safe.
    5. Using Open Wi-Fi
      The problem with public Wi-Fi is that there are a tremendous number of risks that go along with these networks.
      While business owners may believe they’re providing a valuable service to their customers, chances are the security on these networks is nonexistent.
      The best way to know your information is safe while using public Wi-Fi is to use a virtual private network (VPN), when surfing on your PC, Mac, smartphone or tablet.
      However, if you must use public Wi-Fi, follow these tips to protect your information.
      • Don’t Allow your Wi-Fi to auto-connect to networks.
      • Don’t Log into any account via an app that contains sensitive information. Go to the website instead and verify it uses HTTPS before logging in.
      • Don’t Leave your Wi-Fi or Bluetooth on if you are not using them.
      • Don’t Access websites that hold your sensitive information, such as such as financial or healthcare accounts.
      • Don’t Log onto a network that isn’t password protected.

    6. Your organization should also set monthly training meetings, provide frequent reminders, train all new personnel on new policies as they arrive,
      make training material available and implement creative incentives to reward employees for being proactive in ensuring the security of the organization.

      Tags: Information Security Awareness Information Security Malware Email Scam Phishing Social Engineering

Contact Us