Companies still skimp on security issues and have difficulty raising awareness among employees about adopting basic measures to protect sensitive data. One finding of this is that 60.8% of the problems faced in this area are leakage of information, according to a study conducted by the ESET laboratory with Latin American organizations
Here are the 10 best practices recommended by the “Employee Safety Guide”:
- Follow Security Policies Every company must create rules for how all employees must deal with the protection of corporate information. The rules have to be written and very well explained at the time of hiring. It is recommended to request the signature of a contract for compliance with these measures.
- Lean on tools installed on the machine
Technologies are the basis of enterprise information security. Thus, a cautious employee should be aware of the alerts issued by antivirus, firewall, antispam and other tools.
- Protect against common malicious code
Currently, malware – malicious software – is one of the most common attacks against businesses and users. Although professionals are not always aware of the impact that these virtual plagues bring to business, they can represent the risk of loss of information, time, and money.
- Avoid falling into the blow of social engineering
This is still a widely used way for developers of malicious code and digital criminals to deceive people and compromise the security of the company. Among the most common tactics are email scams, sending malicious links that try to refer people to some interesting or curious content.
- Store and transport data correctly
The loss or theft of information is often the result of an oversight by the employees themselves, from the diversion of data transported or stored on physical or digital media.
- Create locks for corporate mobile devices
It is recommended to have a password to access corporate devices – such as smartphones, notebooks or tablets – to prevent unauthorized access to information. In addition, care should be taken to download only applications from trusted locations, rely on a security solution, and encrypt the storage drive of the devices.
- Adopt strong passwords
For the password to be considered strong, it must be easy to remember and difficult to break. It is also important not to use the same personal and corporate passwords, as well as not to store them in visible or easily accessible places.
- Block untrusted links This minimizes the possibility of being infected with malicious code and being a victim of phishing, stealing personal or financial information from the user through the falsification of a trusted entity.
- Take care of company data, including outside the corporate environment. When transferring important documents and papers to work outside the office, care must be taken to avoid theft or loss. In addition, documents must be handled taking into account the level of confidentiality required. In case of use of USB devices or external memories, it is necessary to perform a product analysis with an antivirus at the time of its insertion in the equipment.
- Access Wi-Fi network securely
When accessing public Wi-Fi use Virtual Private Network (VPNs), which increases security in data transmission. If it is necessary to use mobile work devices connected to these networks, it is recommended not to make sensitive connections to access corporate email, as information can be exposed. In the case of use of public computer, one should not access confidential files, preventing them from becoming available to other users of these machines.