One of the most important ways to protect your assets is to educate employees on personal security. Today’s attacks are much more sophisticated, and it is much easier to become a target of any number of scams which could leave the company at risk. These risks include user-level computer vulnerabilities and social engineering attacks.
Personal security starts with creating a strong password for logging into any computer. A password should not use regular dictionary words, family member names, pet names, birthdates, or any personal information. It is best to use a long password that is a minimum of twelve characters long. If possible, special characters in your password along with capital letters, lower case letters, and numbers can help to create a strong password. Ciampa (2014, p. 52) states that, “Any password that can be memorized is a weak password.” Consider using a free secure password management tool, such as KeePass or LastPass, to help manage all of your passwords. This way only one password needs to be remembered for all the passwords used online.
Another risk of using a computer is phishing. Phishing is one of the most common forms of social engineering and occurs when someone sends an email that claims to be a legitimate organization or business but is not. The intent of the email is to get the recipient to click on a link that directs them to a website to update personal information; however, it is a bogus website set up to steal personal information. Never click on any link that is contained in an email since this link could be malicious and put the company at risk.
Be aware that in social situations there is a risk from someone impersonating someone else. This could happen at work or outside of work. Usually when this is done at work, a person tries to impersonate someone of authority in order to gain access to important information or to intentionally cause harm. When this occurs outside of work, the impersonator tries to convince the victim that they can be trusted by being friendly and using flattery. The main goal is to get the victim to do something or provide personal information.
Here are some additional precautions that should be taken to ensure proper security for the business. Never give out passwords to anyone. Never leave an unlocked computer screen unattended. Be sure to shred printed documents that pose a threat if they were to fall into the wrong hands. People have been known to dumpster-dive or pick through trash for any type of valuable information, so simply throwing away documents with any private or confidential information that a hacker could use is a bad idea.
It is important that each employee understands the importance of these specific areas of personal security. If all these steps are followed, employees can aid in supporting good security procedures and reduce the risk of becoming a victim of cybercrime.
Desktop Security/Windows Hardening
Many businesses today...