IT Security DOs and DON'Ts
•Download as PPTX, PDF•
0 likes•850 views
IT Security DOs and DON'Ts
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to IT Security DOs and DON'Ts
Similar to IT Security DOs and DON'Ts (20)
Recently uploaded
Recently uploaded (20)
IT Security DOs and DON'Ts
- 1. IT Security DOs and DON'Ts James Lee
- 2. 1. Confidential Information • Don’t respond to emails or phone calls asking for confidential company information. • Always keep in mind that bad guys are successful because they are convincing. • Keep on guard and report any suspicious activity to IT. • Recent news, Snapchat’s payroll department was targeted by an isolated email phishing scam in which the scammer impersonated their CEO and asked for employee payroll information.
- 3. 2. Sensitive Information • Don’t leave printouts containing private information on your desk. It’s easy for a visitor to glance at your desk and see sensitive documents. • Keep your desk tidy and documents locked away or shredded when no longer needed. • It makes the office look more organized, and reduces the risk of information leaks.
- 4. 3. Unprotected Computer • When you access sensitive information from a non-secure computer you put the information you’re viewing at risk. • If you’re unsure if the computer you’re using is safe, don’t use it to access corporate or sensitive data.
- 5. 4. Lock your device • Always lock your computer and mobile phone. You work on important things, and we want to make sure they stay safe and secure. • Locking these devices keeps both your personal information and the company’s data safe. • Exit running applications and close opened documents on the workstations prior leaving the office.
- 6. 5. Stay Alert • Sometimes suspicious activity isn’t as obvious as we think. • Be cautious of people you don’t know asking for things, especially online. • Always report any suspicious activity to IT. If something goes wrong, the faster we know about it, the faster we can deal with it. • Users must report all lost or stolen devices to FUTEK IT immediately. • Also keep in mind to Keep food and drink away from computer to avoid accidental spills.
- 7. 6. Password Protection • Always password-protect sensitive files on your computer, USB flash drive, smartphone, laptop, etc. • Losing a device can happen to anyone. But by protecting your device with strong passwords, you can make it difficult for someone to break in and steal data.
- 8. 7. Passwords • Many people use obvious passwords like “password,” “cat,” or obvious character sequences on the qwerty keyboard like “asdfg.” • Create complex passwords by including different letter cases, numbers, and AT LEAST one punctuation. • Try to use different passwords for different websites and computers. • DO NOT SHARE YOUR PASSWORD! You alone are responsible for your account and activity generated by it.
- 10. 7. Passwords cont. • Use a password manager software (for example LastPass, Dashlane, 1Password, and others) to store and organize all your encrypted passwords in one place. • Always decline the use of the "Remember Password" feature of FUTEK related applications (e.g., Google Chrome, IE). • If someone demands a password, refer them to the IT Policies document and direct them to the IT Department. • If an account or password compromise is suspected, immediately change it and report the incident to the IT Department.
- 11. 8. Email Phishing Forward Simply forward the email to it@futek.com. DO NOT reply back DO NOT reply back to the email. DO NOT click on DO NOT click on any hyperlinks. DO NOT open DO NOT open any type of attachments. • Hackers try to steal email lists from companies. Company email addresses are valuable to attackers, allowing them to create fake emails from “real people.” • Always delete suspicious emails from people you don’t know, and never click on the links. • Opening these emails or clicking on links in them can compromise your computer without you ever knowing it.
- 12. 8.1 Email Phishing Examples
- 13. 8.1 Email Phishing Examples
- 14. 8.1 Email Phishing Examples
- 15. 8.1 Email Phishing Examples
- 16. 8.1 Email Phishing Examples
- 17. 8.1 Email Phishing Examples
- 18. 9. No Personal Data/Devices • Make sure to make any connectivity with your computer by clicking “Don’t Trust”. • Don’t connect a personal cloud storage onto FUTEK’s computer. • Don’t back up smartphone data on FUTEK’s computer. • We DO NOT back up computers. • Put all work related files on your network share drives (:J or :K) and save on the drive where your department is allocated to.
- 19. 10. Unauthorized Programs • Malicious applications often pose as legitimate programs like games, tools, or even antivirus software. • Don’t install unauthorized software on workstations. • If you like an application and think it will be useful, contact us and we’ll look into it for you.
Editor's Notes
- Don’t respond to emails or phone calls requesting confidential company information Always keep in mind that bad guys are successful because they are convincing. Keep on guard and report any suspicious activity to IT. (Recent Story 2/16/17 2 months ago: Snapchat leaked, payroll information can include SSN, bank details, addresses, emails, and other personal ID, which in the hands of the wrong people can cause headaches for those affected) https://techcrunch.com/2016/02/29/snapchat-employee-data-leaks-out-following-phishing-attack/
- Don’t leave printouts containing private information on your desk. It’s easy for a visitor to glance at your desk and see sensitive documents. Keep your desk tidy and documents locked away or shredded when no longer needed. It makes the office look more organized, and reduces the risk of information leaks.
- When you access sensitive information from a non-secure computer you put the information you’re viewing at risk. If you’re unsure if the computer you’re using is safe, don’t use it to access corporate or sensitive data.
- Always lock your computer and mobile phone when you’re not using them. You work on important things, and we want to make sure they stay safe and secure. Locking these devices keeps both your personal information and the company’s data and contacts safe from prying eyes. Exit running applications and close opened documents on the workstations prior leaving the office.
- Sometimes suspicious activity isn’t as obvious as we think. Be cautious of people you don't know asking for things, especially online. Always report any suspicious activity to IT. If something goes wrong, the faster we know about it, the faster we can deal with it. Users must report all lost or stolen devices to FUTEK IT immediately. Also keep in mind to Keep food and drink away from computer to avoid accidental spills.
- Always password-protect sensitive files on your computer, USB flash drive, smartphone, laptop, etc. Losing a device can happen to anyone. But by protecting your device with strong passwords, you make it difficult for someone to break in and steal data.
- Many people use obvious passwords like “password,” “cat,” or obvious character sequences on the qwerty keyboard like “asdfg.” Create complex passwords by including different letter cases, numbers, and even punctuation. Try to use different passwords for different websites and computers. So if one gets hacked, your other accounts aren’t compromised. DO NOT SHARE YOUR PASSWORD! You alone are responsible for your account and activity generated by it. Passwords should never be publicly displayed. If a password is compromised, it must be changed immediately. Passwords must not consist of commonly recognizable names or words, readily guessable sequence of letters or numbers, or data that can be easily associated with the user, such as birthdays, names of self, spouse, children, etc. Always use different passwords for FUTEK accounts from other non-FUTEK access (e.g., personal account, bank account, etc.). Do not share FUTEK passwords with anyone, except the IT Department as if required. All passwords are to be treated as sensitive, confidential FUTEK information. Use a password manager software (e.g., LastPass, Dashlane, 1Password and …) to store and organize all your encrypted passwords in one place. Passwords should never be written down or stored on-line without encryption. Do not reveal a password in email, chat, text message, or other electronic communication. Do not speak about a password in front of others. Do not hint at the format of a password (e.g., "my family name"). Do not reveal a password on questionnaires or security forms. If someone demands a password, refer them to this document and direct them to the IT Department. Always decline the use of the "Remember Password" feature of FUTEK related applications (e.g., Google Chrome, IE). If an account or password compromise is suspected, immediately change it and report the incident to the IT Department.
- Passwords should never be publicly displayed. (If a password is compromised, it must be changed immediately.) Passwords must not consist of commonly recognizable names or words, readily guessable sequence of letters or numbers, or data that can be easily associated with the user, such as birthdays, names of self, spouse, children, etc. Always use different passwords for FUTEK accounts from other non-FUTEK access (e.g., personal account, bank account, etc.). Do not share FUTEK passwords with anyone, except the IT Department as if required. All passwords are to be treated as sensitive, confidential FUTEK information. Use a password manager software (e.g., LastPass, Dashlane, 1Password and …) to store and organize all your encrypted passwords in one place. Passwords should never be written down or stored on-line without encryption. Do not reveal a password in email, chat, text message, or other electronic communication. Do not speak about a password in front of others. Do not hint at the format of a password (e.g., "my family name"). Do not reveal a password on questionnaires or security forms. If someone demands a password, refer them to this document and direct them to the IT Department. Always decline the use of the "Remember Password" feature of FUTEK related applications (e.g., Google Chrome, IE). If an account or password compromise is suspected, immediately change it and report the incident to the IT Department.
- Hackers try to steal email lists from companies. Company email addresses are valuable to attackers, allowing them to create fake emails from "real people.“ Always delete suspicious emails from people you don't know. And never click on the links. Opening these emails or clicking on links in them can compromise your computer without you ever knowing it.
- Don’t plug in personal devices such as USBs, MP3 players and smartphones without permission from IT. *Even a brand new iPod or USB flash drive could be infected with a nasty virus. *These devices can be compromised with code waiting to launch as soon as you plug them into a computer. Not connecting a personal USB Memory Stick to FUTEK’s computer. Not connecting a personal cloud storage on FUTEK’s computer. Not backing up a smartphone’s data on FUTEK’s computer. Talk to IT about your devices and let them make the call.
- Malicious applications often pose as legitimate programs like games, tools or even antivirus software. They aim to fool you into infecting your computer or network. Not installing unauthorized software on workstations. If you like an application and think it will be useful, contact us and we’ll look into it for you.