Information Security Awareness: Tips for Securing Your Workforce

In a previous Stone Carlie blog we focused on Information Security Awareness as it relates to emerging cyber security threats, the risks they present and the financial implications cybercrime can have on you and your business.  Stone Carlie's goal in this edition, is to provide you with a top 10 list of ways to safeguard your workforce from emerging cyber threats.

Encrypt all hard drives, especially hard drives that leave your premises. One way to add an additional layer of security is to require a password to boot the computer.  As an added benefit, this additional step encrypts all information on the hard drive making it inaccessible without the password.  The hard drive is even protected if removed from the original computer.  TrueCrypt is a free open-source disk encryption program for Windows 7/Vista/XP, Mac OS X, and Linux.

Use a virtual private network (VPN).  Internet usage outside of the work place is convenient and necessary, but also makes your data vulnerable.  To protect the integrity of your  information, it is highly recommended that you use a VPN.  Wikipedia defines a VPN as a computer network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.  More simply stated, a VPN encrypts all data before it leaves your laptop and keeps it encrypted until it reaches a trusted environment.  Airports, coffee shops, hotels, etc. are all potentially hazardous if a VPN isn't used.  OpenVPN, HotSpotVPN, GoToMyPC, and LogMeIn are inexpensive VPN solutions.

Run firewall and anti-virus software. Consider using supplemental firewalls and anti-virus software that offer specialized protections.  Intrusion prevention, intrusion detection, and anti-spam are recommended.

Update and patch your software.  Enable your operating system to download and patch your system automatically to ensure your software is up to date and any security vulnerabilities are fixed.

Back up your data and keep it secure.  Many companies back up their data; however the backup is often unencrypted and stored in an unsecured location.  Also, most companies are unaware of the extent to which critical data is stored locally on employee computers.   Try using an encrypted external USB drive; they are inexpensive and recommended for those who travel.

Use strong passwords.  Strong passwords should be lengthy and have complex symbols.  Passwords should contain as many as 14 characters, and the characters should include upper and lowercase, numbers, and symbols.  Instead of using your children's or pet's names or common words (such as your street name, company name, etc), try using pass phrases.  For Example: M@ryH@dA!itt!e!@mb.  Changing your password every 45 to 60 days should be company policy.

Practice safe computing.  Use caution.  Though it may seem common sense in today's world, avoid opening attachments or clicking on links from unknown senders or un-trusted websites.

Restrict access to your corporate data.  Limit the number of physical and electronic locations where your data is stored.  Keep paper records in a locked cabinet and when assigning system access use the least privilege methodology.

Adopt and enforce sound security policies.  Senior Management should set a strong tone and provide regular security awareness communications to all employees in your organization.

Start a risk assessment and vulnerability management program.  As education is probably the greatest protection against security breaches, we will devote our next blog to providing tips on how to effectively set up and implement a Risk Assessment and Vulnerability Management Program.