Computer Security Day is a time of reflection for both IT teams and their end-users before the holiday-rich month of December begins. It’s time to take a few minutes to identify your security risk level and how to minimize it. Here are eight “smack you in the face” considerations that you can use to increase and update your security posture:
- Find a security buddy and cube/office swap. You don’t have to officially “buddy up” like summer camp. Instead, find a fellow employee in your department to change cubes or offices to see what potential violations might be easily observed and remediated. Such things might include passwords written on yellow stickies or paper under your keyboard, in your drawer or elsewhere. These make it very easy for unauthorized people to access your computer.
- Auto complete passwords become auto enablers. By having all your auto completes set up for all your devices or, especially, secured networks, SharePoint, etc., means that you give nearly open-door access to any person using your computer.
- Enable 2FA whenever possible. Sure, this ties your cell number to your work accounts, but this drastically improves the level of security. It also closes the loop on potential unauthorized access from another device.
- Get a password storage app. Most people now have a smartphone. There are a wide variety of password apps that can easily help you securely store all your passwords in one place. Yes, this ESPECIALLY includes IT and NOC teams. They’re safe, offer corporate-type levels of encryption, easy to use and with a broad selection of apps, users can find a UI that best suits them.
- Watch your company’s security videos. Yes, boring. Yet, it is a good way to rediscover what your corporate compliance rules are, how you’re aligning to them and how you can further increase your company’s security.
- Nag your non-secure co-workers. We’re not going to tell you to NARC on your co-workers (that’s #7) but if they’re leaving their computer completely open over the weekend or for long lengths of time, feel free to remind them.
- When nagging doesn’t work, report the violation. Let’s face it, corporate access is a privilege and not a right. If a co-worker is acting completely negligent of the rules and increasing the potential for a breach or unauthorized access, reach out to your security team. They can tell you what can be done to alert the user, or they can find another reason to check their access remotely. Often, this can remain an anonymous request.
- It’s yours, not your family’s laptop. Your device is often secured to your account and it is yours to secure. If you happen to work over a vacation or somewhere where someone needs your company-sanctioned device, just say no. Since your spouse does not understand the training or rules you’re complying with, why let them use your device. Note: IT teams will treat any violation on your work device as your responsibility. This especially comes into play with children who often don’t fully understand the ramifications of being secure, only to decide to download an old version of Flash so they can play an old browser-based game.