Always Lock Your Computer
-
When you step out of your work area, if only for a minute, lock your computer. If you lock your computer, you can ensure that no one has accessed your email and other work files while you were away.
Don’t Allow Unknown People Into Secure Working Areas
-
Make sure everyone badges into secure areas to ensure they are authorized to be there. Make sure any secured areas are locked behind you. Do not let others walk through after you swipe your badge (tailgating).
Do Not Share Your Passwords
-
Never give your password out to anyone, including your IT staff. Your IT staff should not need your password to assist you. If you give your password out, you are giving someone complete access to your account. Depending on the account type, they will have access to your email, work files, and other personal data. In addition, do not write down your passwords and place them in or around your workspace. If you must write down your passwords, keep them in a secure location.
-
If you must connect to public Wi-Fi, always ensure VPN is enabled to ensure your traffic is being encrypted.
Encrypt Sensitive Information
-
If you have information that needs to be protected, encrypt it. Applications that “zip” files usually offer the option of adding a password. If you use a laptop, external hard drive, or USB flash drive, make sure that encryption is being used. Lastly, if you need to send sensitive information, ensure that the transmission is encrypted. Do not send sensitive information using unencrypted protocols like telnet or ftp.
Use Caution When Sending Sensitive Information
-
Before you send sensitive information to someone, make sure that you understand the risks involved. Ensure that the recipient is a trusted individual and that you have encrypted the sensitive information prior to sending it.
Use Approved File Storage
-
Only use approved file storage for saving sensitive information. Storing information on unapproved storage devices, such as personal USB drives, can lead to data loss.
-
Report any suspicious emails in your inbox to your cybersecurity team. Validate that the email was sent from a trusted sender and do not click on any suspicious links or attachments. Pay close attention to the intent of the message. Any requests to provide sensitive information or make unusual purchases are red flags.
Be Cautious of Unsolicited Phone Calls or Text Messages
-
Do not provide sensitive information to unsolicited callers or texts. Hang up and do not engage with the caller. Do not grant the caller any access to your data or systems. If you are unsure of the caller, verify by hanging up and calling them back using a known good contact number for them. Malicious actors can leverage artificial intelligence (AI) to create very realistic voice messages that sound like a trusted source. Be suspicious of any recorded messages that contain unusual requests. Always validate and verify the source.
-
If you have fallen for a social engineering scam, contact your office of cybersecurity immediately. and disconnect your device from the network as soon as possible by disconnecting the network cable or disabling Wi-Fi. Do not power off your device, as this can destroy forensic evidence stored in memory.
-
If you see anything suspicious report it to your office of cybersecurity.