STOP > THINK > SECURE Technology Security Guide
Don’t be intimidated. Bad actors prey on employees being distracted and feeling pressured. When in doubt for ANY reason, take a few moments of inconvenience to confirm verbally or through a trusted communication channel that the sender did in fact send you the message, the content, and the action requested.
- Someone you do not normally communicate with (internal or external)
- Context is out of character for the sender
- Someone you do not have a business relationship with and/or haven’t communicated with in a while
- You are CCed with an unusual or unknown mix of people
- Hover over the link to verify the link text and the destination align
- Look closely for discrete misspellings
- Never click on long hyperlinks without context
- Only safe files are .txt
- Question all attachments, especially if not requested or expected
Subject and content
- No relevancy between the sender, subject/content, and your job
- Message is unexpected or not requested
- Urgency is demanded
- Compromising or embarrassing information is communicated
- Threats or bribes are presented
Hyperlinks and Pop-ups
- Both pop-ups and links can be easily disguised, especially as a temping download – always investigate before clicking.
- Hover over the link to display the destination URL and verify the destination makes sense
- Verify the link prior to clicking it by contacting the sender or using a scan tool (e.g., safeweb.Norton.com)
- Check all shortened URLs with an expander tool (e.g., www.expandurl.net)
- Confirm the address bar shows HTTPS (the ‘S’ indicates that is has a security certificate) versus HTTP. This is especially important when submitting sensitive information
Maintain a Secure Home Wireless Network
Home wireless network security is essential for keeping your devices and the networks you are connecting to secure. Like any other security measures, your home network requires continuous updates to guard against attacks. Securing and performing regular maintenance on your wireless router is an excellent start.
- Turn on the firewall (likely in the console settings) or install a firewall. Good options an include intrusion detection system (IDS) and an intrusion prevention system (IPS) – even better if it includes a vulnerability scanner
- Check for firmware updates monthly
- Password protection
- Change the password from the manufacturer default – make it complicated and change it regularly
- Limit access to the password – service providers (e.g., plumber) should not need to access your network
- Customize your network name, but do NOT use personal information or identifiers (e.g., last name or address)
- Change the admin credentials from manufacturer default
- Boost WIFI encryption by choosing WPA2 in the first wireless security encryption field and AES in the second
- Turn off remote management
- Turn your router off when gone for long periods of time
Best Practices to make habits
ALWAYS connect to your organization’s network through VPN or RDS.
Your organization has taken care in protecting against digital attacks by setting up secure connections to the network. Using other methods to connect are more prone to breaches.
NEVER share your usernames or passwords
Bad actors may call, text, or email requesting your credentials to gain access to your organization’s systems – don’t fall for it.
ALWAYS follow procedures for file sharing, file storage, financial transactions, etc.
It is tempting to take short cuts to save time, but the procedures in place provide necessary security and back-ups
ALWAYS protect devices
- Lock your device when not in use
- Do not leave your device in your car or other unsecured locations.
- Use proper sanitation supplies and steps (see SSR’s Sanitizing Devices Guide)
NEVER forward phishing emails to colleagues
Although you may want to confirm or alert your colleague to the scam, we often don’t thoroughly read messages and assume they are trustworthy when received from a know sender. Forwarded phishing emails can easily lead to clicking a malicious link.
ALWAYS use strong, unique passwords for every system
Consider a password manager (e.g., Last Pass)
Summary: learn and maintain good IT security habits in the office and working remotely
- Spot signs of a phishing email and avoid falling prey to an attack
- Test hyperlinks, buttons, and ads before clicking
- Secure your wireless router to help prevent attacks when working remotely
- Remember best practices as you form good security habits