Data security is an extremely important aspect of any thriving organisation. Especially for digital and software enterprises. It’s a responsibility that falls on the shoulders of both the management as well as the individual units of an organisation – the employees. Each individual is key in the way the company functions. So, it’s important that everyone understands the necessity of protecting the work they do. And the tools they use to complete those tasks. By following a few simple precautions, not only can it help avoid any potential data leaks, but also keep individuals safe.
More Light on Physical security
Risk 1: Theft through unknown Sources
DOs:
- Use your own ID cards and swipe on Entry and Exit of office premises
- Always display your ID cards and co-operate with security checks if any. As it is for your own safety.
- Know your office premises.
- Avoid photographs on production floors.
- Be aware of data sensitivities and handle floor with care.
- Inform Admin in case of loss of ID cards.
- Follow IT Assets undertaking policy and sign the relevant documents if you are using an official IT asset.
- Ensure safety stickers are placed in the office assets before you sign the Undertaking form
DON’Ts:
- Don’t follow piggy backing, i.e. entry or exit using someone else’s card or following someone else’s swipe.
- Don’t bring storage or media devices without concerned approval
- Don’t bring visitors inside production floors without approval or need
- Don’t bring in personal parcels unless verified
- Don’t let a stranger walk around in the premises without a visitor/vendor pass
- If you lose your ID, inform the admin about the loss as soon as possible, instead of looking for it quietly on your own.
- Don’t hesitate to question a stranger, vendor, visitor carry an office asset (including notepads) without a relevant purpose or admin authorization/pass.
Risk 2: Use of Office assets by Employees
DOs:
- Use office assets inside office premises and for office use only unless specifically approved to carry it outside office premises.
- Inform relevant team on any change to the existing system and the change needs to be performed with concerned approval.
- Handle it with care as the signed person would hold sole ownership of the device in case of damage.
- Use your assigned official assets such as Keyboard, mouse, laptop or any Cables
- Contact IT Support in need of any additional or to replace assets
DON’Ts:
- Don’t misuse official assets
- Don’t carry devices without concerned approval or without proper business need/justification
- Don’t remove any devices without intimating IT team and Admin.
- Don’t demand assets unless required for justified business purpose
- Don’t delay in informing IT team in case of damage or loss as the data in every system is organization’s crucial asset.
- Don’t grab unattended cables, mouse, keyboard or any assets which does not belong to you, though in need for an official purpose.
Cybersecurity shouldn’t be ignored as well
Risk 1: Passwords
DOs:
- Use hard-to-guess passwords or passphrases.
- Have a minimum of 10 characters using uppercase letters, lowercase letters numbers and special characters. To make it easy for you to remember but hard for an attacker to guess, create an acronym.
- Use different passwords for different accounts. If one password gets hacked, your other accounts are not compromised.
DON’Ts
- Don’t share your password with anyone. Keep it confidential at all costs.
- Don’t write your password down anywhere.
- Don’t use the same password for every account.
Risk 2: Breach of confidential data
DOs
- Lock your phone and laptop when not in use.
- Avoid using Wi-Fi hotspots. When you must, use agency provided virtual private network software to protect the data.
- Keep an eye out for phishing traps sent through email and for tell-tale signs of a cyber scams.
- Be aware of your surroundings when printing, copying, faxing or discussing sensitive information. Pick up information from printers, copiers or faxes in a timely manner.
- Destroy information properly when it is no longer needed. Throw paper in designated confidential destruction bins throughout the office or use a crosscut shredder. Erase whiteboards after use. For all electronic storage media, consult with IT.
DON’Ts
- Don’t leave sensitive information, like printouts or portable media containing private information lying around the office. Lock them in a drawer to reduce risk of unauthorized access to them.
- Don’t click on links from unknown or untrusted sources. Or open suspicious mails/attachments
- Don’t respond to phone calls or emails requesting for confidential data. It’s easy for an unauthorized person to call and pretend to be an employee or business partner.
- Don’t plug in portable devices without permission from your agency management. These devices may be compromised with code just waiting to launch as soon as you plug them into a computer.
