As mentioned in Part I of this post, security breaches are an imminent threat and danger. While there are many types of data that should be secured, finding concise ways to improve technology security can be difficult.
Here are some steps and tips to improving your company’s information technology security.
Companies can help improve information technology security first and foremost by strongly encouraging and monitoring that employees follow all policies and procedures put in place. As an employee, at some point you will come across confidential and/or restricted information and it is your duty to ensure that this information is protected appropriately from unauthorized disclosure. Some ways to ensure sensitive information is protected:
- Lock your workstation and/or laptop when you are away from your workspace (hold down window key and L simultaneously)
- Store all sensitive information in locked file cabinets and shred when its useful life is over
- Secure laptops with locking cable
- Remove sensitive information from printers immediately and securely dispose of (shred) when no longer needed
- Do not leave any sensitive information unattended
- Secure confidential documents on your desk
Email is a tool most people frequently use and should be used appropriately and with proper etiquette:
- It is recommended not to use work email for personal purposes
- Only send relevant information to relevant people
- ALWAYS check for confidential and/or restricted information before sending and/or forwarding
- Be aware of phishing attacks that could be used to deceive you
Also, by keeping yourself aware of social engineering you can utilize the following methods to prevent it:
- Educate yourself on how social engineering works
- Comply with password policies
- Do not disclose any information without proper validation of one’s identity
- Lock your computer when you are away
- Be aware of and confront visitors who are not escorted or wearing a visitor badge
Utilizing the items above will help ensure a company’s information technology security, which can only be effectively achieved as a whole through employee engagement and active participation.