As the year comes to a close I wanted to take this opportunity to offer tips to help achieve security serenity. The best security technologies can be undone in a moment through poor user practice. In addition to the obvious instructions to users to choose high quality passwords and not to share them, I’d like to outline some Internet specific behaviors to prevent introduction of malware and to help safeguard your company’s data.
1. Bookmark frequently visited sites: It is easy to fat-finger a URL and find yourself in a parallel world of trouble. Instruct your employees to bookmark approved sites and how to navigate to them safely.
2. Don’t click through embedded links: Instruct your users never to click through on a link that comes in an unsolicited email (or from anyone you don’t know well). This is often an attack.
3. Don’t download software: Be suspicious if a website asks you to download software – modern browsers come equipped with all the software that you will reasonably need to use.
4. Never divulge sensitive information: Teach your users to never give out any confidential company information.
5. Understand what constitutes personally identifying information (e.g., name, address, social security number, bank account numbers, and credit card numbers) and NEVER provide it online without strict safeguards in place. No legitimate site will ever ask you to provide this content except in a registration process.
6. SSL is your friend: You don’t have to be technically savvy to understand that modern browsers have a built-in way to keep your Internet traffic safe from prying eyes. It is a protocol referred to as SSL. Anything sent across the Internet using SSL will be automatically encrypted. Teach your users to look for URLs that start with HTTPS://… whenever they are sending sensitive information.
7. NEVER send important personal documents across the Internet in clear text: Use an encrypting archive tool such as WinZip to protect sensitive content in transit across the Internet.
These suggestions, which can be implemented with just a little bit of effort, will allow you to achieve significant improvements in your enterprise security.