SaberCo, LLC
Security Awareness
Written by Andrew Kallenbach
Thursday, 27 January 2011 18:34
PDF Print E-mail

One of our clients needed some help putting together Privacy and Security Policies along with a Security Awareness program. This is really a great topic that all employees should be familiar with. Don't miss the Password Tips at the very bottom of this article!


Don't disclose information

Keeping personal information private is an important liability today. Don't put your job or employer at risk by disclosing this information outside those who need this information.

Some examples of personal information...

  • First or last name
  • National, State ID, or License number
  • Age and Gender
  • Address Location or City of Residence
  • Name of school they attend or workplace
  • Salary or position
  • Criminal or financial records
  • Birthday
  • Birthplace
  • Credit cards
  • Handwriting

E-mail Security

Businesses need to have adequate security measures to catch spam and viruses delivered via e-mail, but most importantly employees need to recognize suspicious e-mails.

Be careful if an e-mail fits the criteria below..

  • An attachment from someone you don't know
  • Spelling errors - Companies are unlikely to send out unprofessional letters
  • E-mail does not address you personally, but starts as Dear Customer
  • States your account will be disabled
  • Links inside the e-mail do not match the tool-tip hint when your mouse floats over the link
  • You have won the lottery!
  • Verify your account

End of Day procedures

A good habit to be in at the end of each day is to either "logoff" your computer or "Lock" the screen with Ctrl-Alt-Delete | Lock this computer. Don't forget not all information is inside a computer. A clean desk is another good habit to prevent privacy breeches.

Backup Security

Employees that backup their work or handle backups for the organization should keep these items in secure locations. Also, don't let a backup tape melt in a hot car!

Guard Passwords

Passwords should be committed to memory not sticky notes. I know silly IT people give you complicated passwords, but it is the best solution we have right now. I do have some tips afterwords to help make keeping passwords easier. If you must keep a copy, put it somewhere safe (wallet, purse).

Strong Passwords

  • Passwords should ideally be 8-16 characters or longer while able to be memorized.
  • Don't use your first, middle, or last name
  • Don't use your pet's name
  • Use capital and lower case letters
  • Don't use words in a dictionary
  • Use at least one number
  • If possible use symbols and punctuation
  • Double a character to prevent a bystander from observing your password

Illegal Software

Really? This can add up to a crushing offense for a business. Don't put your job or business in jeopardy by using illegal software.

Unauthorized Software

Yes, downloading songs and movies from Mininova or peer-sharing network during work time on work equipment is not a smart idea.

Password Tips

I understand that passwords are difficult to use. MIS policies and procedures often make life difficult for the employees and customers, but strong passwords is the best strategy we have right now without enforcing some Global ID card.

Essentially, my own method of passwords is to have only one password with a small variation depending on the situation...

Between work and home, all my passwords fit into the following categories....

  • Work - Known to be secure and is related to my position at work
  • Personal - Used for personal needs and known to be secure. (On websites, make sure your login address starts with https:// not just http://)
  • Unsecure - Used for sites I am uncomfortable with. They may not have an https:// link, related to a forum posting site, or from a questionable organization

So, lets pretend my password is 123456abxY

Now, lets break this password up into three parts...

123456 | ab | xY

  • 123456 - Is the base password
  • ab - Is my personal variation
  • xY - Is my secure variation

So if I wanted to access a site in one of the above categories... it would be the following...

  • Work - 123456xY
  • Personal - 123456abxY
  • Unsecure - 123456ab

The gist is to setup one or two passwords that you can commit to memory and fit into a scheme or category like I did above.
 

© 2011 SaberCo, LLC