Data Security Rules for the Office

A trusted client recently forwarded an outline of computer security rules that he asked his organization to follow. Some of the rules are obvious, but often ignored.

Here are his data security rules, supplemented with a few of our own.

Computer Security 101

Passwords

1. Do not put passwords on Post-it Notes near your computer. If you must use them, keep them far away from the computer and locked away, if possible.
2. Do not share your passwords with anyone.
3. Add numbers and symbols. Passphrases (the first letter of each word in a favorite saying or lyric) are harder to crack, but easier to remember than random letters and numbers.
4. Change passwords 3 to 4 times per year.

Attachments

1. Do not open any attachments unless they are from a known and reputable party.
2. Be wary of an attachment from a known person if it serves no business purpose. It is possible the virus has copied your email address book.
3. Use https email encryption for all sensitive communication.

Cookies

1. Beware of cookies and the possibility of security breaches.
2. Check out browser alerts requesting plug-in installation.
3. Do not install any software without the consent of the boss.

Telecommuting

1. Avoid unsecure Wi-Fi connections for sensitive information in coffee shops, airports or hotels.
2. Turn off file and printer sharing when using public Wi-Fi hot spots.
3. Keep track of all devices. It only takes a few minutes of physical access to gain permanent access to your system. Mind where you leave portable units unlocked or readily available.
4. Encrypt all information and data transmitted or stored on laptops, mobile devices, USB drives and SIM cards.

Desk

1. Log off and lock your computers when stepping away, even for a few minutes.
2. Power off or disconnect your computer from the internet when finished for the day.
3. Keep confidential information off your desk and in a secure place.

Social Media

1. Never post confidential information on social media.
2. Don’t criticize the organization or its officers or employees in a post.
3. Visit only company approved social networking sites at approved times.

General

1. Download software updates as soon as they become available.
2. Beware of social engineering attacks using coercion or persuasion to gain access.
3. Store data only on company servers and approved cloud storage provider accounts.

Security is more than data security rules.

The above cover most of the bases, but remember that a security-first mindset that is communicated regularly to employees is essential to preventing data loss or theft.

In addition, be aware that wireless networks are a common point of attack, so secure wireless networks properly. And, make regular, secure, off-site backups of critical business data.

The best thing to do to ensure data security is to hire a data security expert to help you develop security policy and acquire the right technology. In the long-run it will save time, money and potential catastrophic data loss.