The document provides a list of top 10 IT security dos and don'ts aimed at helping employees maintain data security. Key points include not giving away confidential information, using protected devices, keeping sensitive data secure, and reporting suspicious activity. It emphasizes the importance of strong passwords and being cautious with personal devices and unauthorized software.

1. IT Security DOs and DON’Ts
From your helpful IT Team

2. A note for you
We have created this presentation for you, the outstanding employee who has
IT security on the brain.
We want to help you spread the word about IT security, so we’re giving you our
top 10 IT Security DOs and DON’Ts to help you in that effort.
Take this content and tailor it to your business. Use it for new employee
training, quarterly IT updates, or even general company meetings. It’s up to you.
And we’d love to hear your feedback on how we can make this better.
Visit www.sophos.com/staysafefeedback
Your friends @ SOPHOS

3. 1. Don’t be tricked into giving
away confidential information
• Don’t respond to emails or phone calls requesting
confidential company information
• Always keep in mind that bad guys are successful
because they are convincing.
• Recent news stories out of Canada reported scammers
were tricking people into giving away information with
fake tech support calls claiming to help.
• Keep on guard and report any
suspicious activity to IT.
Video tip 1: Don’t get tricked

4. 2. Don’t use an unprotected
computer
• When you access sensitive information from a non-secure
computer you put the information you’re viewing at risk.
• Malicious software exists that allows people to easily
snoop on what you’re doing online when accessing
unprotected sites.
• If you’re unsure if the computer you’re using
is safe, don’t use it to access corporate or
sensitive data.
Keep your personal computer safe with
Sophos Virus Removal Tool or
Sophos Anti-virus for Mac Home Edition
Video tip 2: Stay secure

5. 3. Don’t leave sensitive info lying
around the office
• Don’t leave printouts containing private information on your
desk. It’s easy for a visitor to glance at your desk and see
sensitive documents.
• Keep your desk tidy and documents locked away or
shredded when no longer needed.
• It makes the office look more organized, and reduces the
risk of information leaks.
Video tip 3: Put things away

6. 4. Lock your computer and
mobile phone when not in use
• Always lock your computer and mobile phone when you’re
not using them. You work on important things, and we want
to make sure they stay safe and secure.
• Locking these devices keeps both your personal
information and the company’s data and contacts safe
from prying eyes.
Video tip 4: Lock it

7. 5. Stay alert and report suspicious
activity
• Sometimes suspicious activity isn’t as obvious as we think.
• A recent news story reported that a supermarket manager,
who was randomly befriended by a mysterious woman on
Facebook, ended up on a “date” with two men who
overpowered him and robbed his store.
• Be cautious of people you don't know
asking for things, especially online.
• Always report any suspicious activity
to IT. If something goes wrong, the
faster we know about it, the faster we
can deal with it.
Video tip 5: Stay alert

8. 6. Password-protect sensitive
files and devices
• Always password-protect sensitive files on your
computer, USB flash drive, smartphone, laptop, etc.
• Losing a device can happen to anyone. But by protecting
your device with strong passwords, you make it difficult for
someone to break in and steal data.
Video tip 6: Protect it

9. 7. Always use hard-to-guess
passwords
• Many people use obvious passwords like “password,” “cat,”
or obvious character sequences on the qwerty keyboard
like “asdfg.”
• Create complex passwords by including different letter
cases, numbers, and even punctuation.
• Try to use different passwords for
different websites and computers.
So if one gets hacked,
your other accounts aren’t
compromised.
Video tip 7: Use strong passwords

10. 8. Be cautious of suspicious
emails and links
• Hackers try to steal email lists from companies, which
happened recently to Toshiba. Company email addresses
are valuable to attackers, allowing them to create fake
emails from "real people.“
• Always delete suspicious emails from people you don't
know. And never click on the links.
• Opening these emails or clicking on
links in them can compromise your
computer without you ever knowing it.
Video tip 8: Think first

11. 9. Don’t plug in personal devices
without the OK from IT
• Don’t plug in personal devices such as USBs, MP3 players
and smartphones without permission from IT.
• Even a brand new iPod or USB flash drive could be
infected with a nasty virus.
• These devices can be compromised
with code waiting to launch
as soon as you plug them into
a computer.
• Talk to IT about your devices and
Protect your personal Android device with
let them make the call. Sophos Mobile Security Free Edition
Video tip 9: Don't plug it in

12. 10. Don’t install unauthorized
programs on your work computer
• Malicious applications often pose as legitimate programs
like games, tools or even antivirus software.
• They aim to fool you into infecting your computer
or network.
• If you like an application and think it will be useful,
contact us and we’ll look into it for you.
Video tip 10: Don’t install it

13. Get more
IT Security DOs and DON’Ts
View the online handbook at www.sophos.com/securitytips
Get quick tips to create strong passwords
Connect with us:
facebook.com/securitybysophos
twitter.com/Sophos_News
Sophos on Google+
linkedin.com/company/sophos