In the Digital Society we live in, everything is networked. We are with family and friends on WhatsApp, Facebook, Messenger, Skype, Instagram, Twitter, etc. Living without Internet access these days is almost impossible. We live online, send and receive information in a carefree and fearless way because the Internet is easy to use, “without mysteries and safe”.
But is it really simple and safe?
In a business environment, it is essential to prepare employees with the necessary knowledge, so that they can verify and adopt good practices and digital security procedures in the information society in which we live.
We are all responsible for information security and we all have a responsibility to protect our data and those entrusted to us, so it is very important to implement systematic procedures aimed at reducing risks and instilling responsibility for information security.
Therefore, I leave you some tips on how to ensure and maintain safety – for you and your company, in the workplace:
1. Clean Desk:
Computers and other equipment are made up of documents and tools that are part of a complex network, and it is essential to implement measures and procedures that protect the workplace, business information and personal data. The workstation must always be tidy and comply with the “clean desk” principle, confidential documents kept, and the computer must be locked whenever we are away from our workplace.
Thus, we guarantee the security of Information, both on the personal computer and of documents that may be on the desk or exposed.
2. Electronic Mail and Passwords:
Electronic mail (email) is a work tool and must be used professionally and carefully, reckless or inappropriate use can lead to attacks on systems and information.
Some good practices for using email are: Do not resend emails with chains or react on impulse to the content; Always check recipient addresses; Do not open emails and files of unknown origin, deleting them immediately; Never send personal information that is requested by email, such as: credit card number, username, password, names – no company will ask for this type of information by email; Never follow links from suspicious emails; Write the address directly into the browser; Send confidential information or personal data in encrypted format, among others.
The same level of care is required when it comes to Passwords, with the main objective of ensuring the security of confidential business and personal data. Here are some ways to ensure the security of your passwords:
- Maintain confidentiality, as well as not writing it down on paper or in visible places.
- Modify regularly (2 in 2 months).
- Save in encrypted software offline (eg KeePass Safe).
- Use a password only on one platform, and not use the same passwords for
- organization systems and personal systems
- If possible, enable dual authentication, and not automatically write to systems.
- Use secure but easy to remember passwords with at least 8/10 characters, uppercase, lowercase, numbers, and special characters (avoid names, birthplace, dates).
- Change – always – the original passwords.
3. Physical security of the company facilities
Safety at the premises is equally important, it must be posted and communicated to employees, suppliers and partners.
Instructions such as, in a meeting environment with sensitive topics, verifying that the room is correctly closed and protected so that the information is shared confidentially are important. Access to the premises itself must be controlled, and it must come from the employees, who must also be attentive to the presence of strangers, so that there are no less-desired visits. When Information Security also passes through External Partners, rules and good practices must be defined that guarantee the protection of data, and of the organization’s and partners’ infrastructure, before during and after the end of these partnerships.
Before, a clear and updated security plan must be presented by the service provider, an NDA – Confidentiality Agreement must be signed; data subject to exchange and secure channels must be defined and interlocutors defined, in order to communicate security incidents; During the assignment of local or remote access to partners according to the principle of “Minimum access allowed” and ensure the right of auditing to partners and suppliers. After the Termination, information relating to all entities involved by the organization’s interlocutor must be kept; immediate elimination of all privileges and accesses must be carried out, as well as collecting and disconnecting all used equipment. These are some ways to ensure the physical security of the premises.
4. Document security and information sharing
In Information Security, CISO (Chief Information Security Officer) or DPO (Data Protection Officer) are responsible for protecting information against breaches of confidentiality, integrity and availability. They implement holistic and structured information security best practices, contribute to and review information security norms, policies and standards, perform regular internal audits and controls, as well as collaborate directly with IT and project managers – with a focus on security, performance, strategy and monitoring.
It is important to be aware of the general principles of information security for the organization and always treat it properly, implementing systematic procedures aimed at reducing risks, instilling responsibility for information security and establishing appropriate measures for the organization, regularly checking the respective compliance and effectiveness. It is also important to know how to react immediately and appropriately in the event of a security breach and ensure the availability of information systems based on the requirements of business processes, implementing adequate procedures to ensure that activity is not interrupted in the event of a security breach.
There are also other precautions to be taken with Unwanted Mail – SPAM, Fake News, as well as the use of the Internet itself (namely on mobile devices). In communicating with external partners, as well as being alert to suspicious sites and security certificates – important information that should be left for a next article, who knows?
I hope you enjoyed the content, and that it helps you keep your workplace safe, always!
What's Your Reaction?
Jorge has a degree in Law but has been working in the technology field for about 20 years, dedicating himself mainly to the areas of compliance, data protection and quality. Whenever he can enjoy some free time he loves to play golf, ride BTT and sport shooting in which he is a federated athlete!