Beware of Phishing
Only open email attachments that you are expecting. Even email attachments from known contacts are sometimes infected, so be wary. Before clicking a web link in an email, hover your mouse over the link and look closely at the domain name to determine if it is the correct site, not an imposter with a similar name. Use Secure Sites for Sensitive Data On websites that require any sensitive information including bank accounts, credit cards, or social security numbers, verify there is an ‘s’ after “http” to ensure the web site is encrypted.
BE EMAIL SMART
Information sent via email can be intercepted or forwarded, so always consider the content before you click send. Email encryption software and services provide a more secure alternative for sending information. Only designated recipients can read an encrypted email’s contents and authentication is often required.
Follow Good Password Practices
Passwords should be 8-12 characters long. Choose complex passwords that include upper and lower case letters, numbers, and special characters. Create a unique password for each application. Passphrases are an easy way to develop a complex password, e.g. I am Aw3some3!!! Never share your password.
Protect Company Computers
Lock your computer (Windows Key + L) when away from your desk. Be mindful of where you place company computers or smartphones to minimize the risk of loss or theft. Report missing or stolen devices immediately to your employer. Never allow others to use these devices for non-business purposes as it could expose them (and the company network) to infection.
KNOW WHO YOU’RE TALKING TO
When asked for sensitive data or credentials over the phone, online, via email, or even in person, exercise caution. Always use the phone number your company has on file to call back institutions that deal with sensitive data.
AVOID PORTABLE MEDIA
Portable media drives (e.g. flash drives) are risky. Never use them for sensitive data as they could be lost or stolen.