Security in the Office
Security in the office is at an all time low. Many employees do not realize how their seemingly harmless actions can compromise the integrity of their employer’s data network and their own home network, as well.
By now, everyone is aware that opening email attachments from an unknown source is dangerous, yet there are many activities that most would consider harmless, which could spell trouble for the employer’s network. Most employees do not know or have forgotten security policies and protocol. Therefore, the first tip should be to take out the company’s network policy materials and read or reread those now, and then come back and finish reading these tips.
These tips should give employees the ammunition needed to defend against possible compromises.
Tip #1 – Avoid the Spam Folder
A good personal policy would be never access the spam folder at work. Setting up a strong contact list will help avoid the possibility of an item going to the spam folder. Normally, items are in the spam folder because the sender is not on your contact list, but that is not the only reason. Another reason for spam folder placement is that the computer identified the email as a security risk.
Therefore, if you must look into the spam folder for an item, only view the subject line and if you identify an item you believe should not be in the spam folder, contact technical support to retrieve the item and ensure it is safe.
Tip #2 – Never Open an Email Attachment without Scanning it First
Emails are the biggest threat to your company’s network. Hackers are constantly looking for ways to intrude on business systems and leave malware to gather information, either personal or profitable. The most common method to deliver malware is through a delivery system everyone uses every day, email.
By using social networks, hackers are able to gather information on their targets and create an email account very similar to friends or relatives. This is particularly fruitful when using it to deliver malware to people while they are working; while they are busy, they do not pay as much attention to the sender’s address. A good way to avoid this deceit is to make a habit of sending a new email, not replying, and ask the friend if they sent an email before opening that attachment.
However, there is no guarantee that your friend or client’s attachment is clean either. The best method is to scan every email attachment before opening.
Tip #3 – Never bypass a Company Firewall
Internet surfing at work can be frustrating, even when it pertains to work, certain domain and site filters will not allow access. However, violating the company’s internet or acceptable use policy by circumventing the company firewall is not the answer. Wait until after work or utilize a personal tablet or laptop with a wireless internet provider that is separate from the employer’s network, and then you can utilize that site while on break.
Tip #4 – A Possible ticking bomb, the Flash Drive or USB Stick
Although very convenient, a flash drive or any portable drive can be a potential disaster. Once a flash drive becomes infected, every machine it is plugged into has the potential to become infected as well. Scanning for viruses and malware before and after every use will help avoid spreading infections. Even if you delete a file from a portable device, if you lose that device, the deleted file can be recovered by the new owner with Pandora or another recovery tool and you may have just compromised confidential information. The safest approach is not using portable devices for work.
Tip #5 – Social Media is meant for Socializing, NOT work
There is really only one thing to say about this, and that is do not put anything on social media that you would not want your fellow workers or boss to see. Social media is not private.
Tip #6 – Never link a Mobile Device to a Company Computer
Many do not realize that even just charging their mobile on a company computer puts the network at risk. The cable used to charge the device is also capable of transmitting and receiving data, viruses, and malware. The computer will recognize the mobile device as a storage medium, which it is, and confidential files could be unintentionally saved to your smart phone or tablet, just do not do it.
Bring a cable that plugs into a power outlet to charge mobile devices. This may seem like a lot of hassle, but imagine if a malware or virus is traced back to you because you used a cable to charge your phone and a malware was uploaded to the system through that cable. How much hassle would that be?
Another problem area is using Bluetooth or Wi-Fi to act as an unfiltered internet connection on a company computer. This is known as tethering and is certainly a violation of the company information assurance and security policy. Restrict its use to personal devices.
Never send emails to a company account while using Wi-Fi, unless it is a secured home Wi-Fi. Hackers setup in Starbucks and other places that use Wi-Fi, create a false account, such as Starbucks, and wait for someone to login to gather login information.
Tip #7 – Unauthorized Installs of Software
That accounting or project management software you use at home would come in handy at work and make life so much easier. Before you load that on the work computer however, check the company end-user policy or take it to the Information Technology (IT) crew and let them get approval to load it on your workstation. It may be a little extra work; yet taking those extra precautions is worth the effort to prevent trouble down the road.
Tip #8 – Do not Download while at Work
Even though the internet service at work is much faster than your home service and the download is legal and paid for by you, many of the music and movie exchange services are crawling with malware. Simply accessing one of these sites put your employer’s network at risk. Many innovative hackers are using a hover method to intrude on the network and download malware without arousing the suspicion of the user, simply hovering over an advertisement or image can initiate a download. The best choice is to avoid using company equipment to do personal tasks on company time.
Each employee must ensure the “intellectual property” or trade secrets of the organization are protected from the competition. That includes all the information stored in the company database or server, as well as on the workstation assigned to them. Information assurance and security policies are written to protect those assets. Knowing and applying those policies, as well as utilizing the aforementioned tips will go a long way toward assisting employees live up to that responsibility.
At CourseVector, we realize that not all employees are conscious of security restrictions. That is why our technicians go the extra mile to ensure web application firewalls are monitored and periodic backups are completed. Contact CourseVector for more security tips, help solving in-office security issues, or assistance with security policies.