As IT professionals, we are fighting a never ending battle to keep our customers networks secure. Here are our top 10 tips that end-users can undertake to help keep your systems secure.
1. Don’t give your password out to anyone
Be very mindful when a colleague or IT professional asks you for your password. Wherever possible type your password for them, or get them to use their own. The IT security industry uses the term Social Engineering to describe a process where bad guys pose as an IT professional to get regular users divulge passwords or other security related information.
2. And Watch out for web “phishing” attacks
Phising is when you get an email that pretends to be from a bank or other reputable institution, that leads you to a false website that prompts you to enter your account information. Banks will never send you such an email, and if you do think it is legitimate, give them a call to confirm. A commercial anti-spam filter will block a lot of these emails, but you still need to be vigilant.
3. Use different password for each account
We all do it. We all have one, or even a number of favourite passwords that we use (or rotate) on different systems. If even one of these passwords gets compromised, it leaves the door open to a multitude of systems. Once you are aware of a breach, you have to go and reset your passwords everywhere you can think of. Better to keep the passwords different from the start. Password management software can help track these passwords, and even generate unique passwords for you.
4. Change passwords regularly
Some systems and websites, such as banks, require you to change your password on a regular basis. For any system that has potentially sensitive information, it’s best practice to take a pro-active approach and initiate the change yourself.
5. Put a password on your mobile and tablet
If you use your mobile or table for work emails, or file sharing through dropbox or one drive then it goes without saying that you should have a password or pin to access your mobile device. Losing your mobile is bad enough. Allowing thieves enough information to gain access to your bank accounts would be disastrous.
6. Create passwords that include Capital letters and special characters with numbers
And avoid common passwords and dictionary words. A brute force attack is where an attacker uses software that goes through a list of common usernames and passwords to see if they get a “hit”. So don’t leave you password blank, or use “password” or “12345”
7. Don’t leave passwords on sticky notes
You never know who is looking around the office when you are not there, so keep you account details and passwords out of plain sight
8. Update your anti-virus and anti-malware software
A current subscription for anti-virus software may help detect and prevent some phishing and key logger attacks. The software is cheap compared to costs of rebuilding a compromised PC, let alone the cost of lost data
9. Use password management software
There are a number of free and commercial password management solutions available that will store your passwords in a “vault” on your PC or in the cloud, depending on your preferences. Talk to your local IT support company if you need guidance on this.
10. Spread the word
Pass these tips onto your colleagues and staff. A chain is only as strong as its weakest link. Even if a low level users account is compromised, hackers often use this as a stepping stone to get access to an entire system.