Ever since Moses received the Ten Commandments (in the original tablet form), mankind has resorted to using top ten lists to summarize (and prioritize) key principles and ideas. When it comes to expressing security awareness concepts, security professionals tend to overwhelm their business peers with information and best practices. In trying to tell them everything about security awareness, we end up telling them nothing.
Delivering security awareness tips in bite size top ten chunks increases the likelihood that your colleagues will absorb and understand foundational security awareness concepts. With apologies to David Letterman (and to Moses), the following top ten presents practical IT security tips for employees:
- Never give out login credentials (over the phone, in person, email). Any competent IT department would never ask for your login credentials in any circumstance.
- Roll the mouse pointer over a link to reveal its actual destination, displayed in the bottom left corner of the browser. In Microsoft Outlook it is displayed above the link.
- When using public Wi-Fi, refrain from sending or receiving private information.
- Report any loss or theft of your company issued smartphone/tablet/laptop immediately to IT.
- Be leery of items from unknown sources or even suspicious links from trusted sources. When in doubt, chuck it out!
- Stop. Think. Click. Think twice before clicking that link.
- Report any security incident (ex. responding to a scam email with your login credentials) to IT immediately. Do not fear reprisal or be ashamed, such incidents are expected given today's threat landscape.
- Use a different password for every website. If you have only one password, a criminal simply has to break a single password to gain access to all your information and accounts.
- If you have difficulty remembering complex passwords, try using a passphrase like "I love getting to work at 7:00!" Longer passwords are harder to crack than shorter complex passwords.
- Never leave your smartphone, tablet, or laptop unattended in a public place.
What quick security tips have you shared with your co-workers and fellow employees? Which ones would you add/remove from the security top-ten list? I'd love to know your thoughts!
Dominic Vogel is currently a security analyst for a financial institution in beautiful Vancouver, British Columbia.