Maintaining security and privacy requires a blend of technology and people. On the technology side, organizations often implement a variety of solutions designed to secure networks, filter out unwanted emails, and prevent unauthorized access. Technology is, of course, imperfect. It can’t prevent every threat, especially considering many external attacks are designed to circumvent technology. That’s why the people element represents such a vital part of security. After all, people are the last line of defense.
Here are five simple actions you can take to reinforce that line.
One: Following Policy
Policies are designed to maintain the security of everyone associated with an organization. They’re the guidelines that exist to minimize costly mistakes and identify threats targeting systems, data, and people. Always following those policies represents one of the easiest actions any individual — from the CEO to the front desk — can take.
Two: Locking Workstations
Regardless of your role or location, it’s important to immediately lock workstations and devices when not in use. This simple step takes almost no time at all and helps protect the access entrusted to you. Additionally, ensure all devices are protected with strong, unique passwords, and never share those passwords with anyone.
Three: Keeping a Clean Workspace
Don’t overlook the importance of maintaining a clean, organized workspace. It might not seem like a security risk, but a messy desk could lead to mistakes such as misplacing ID badges or sensitive documents. Keep your workspace organized, and be sure to properly store anything that might contain confidential information.
Four: Avoiding USB Devices
Cybercriminals also prefer to keep things simple. That’s why they install malicious software on USB drives and leave them in areas where they’ll be found. They’ll also mail those drives to organizations and hope somebody will plug one in, which could infect their computer. Avoid this attack by only using the USB devices that you own, including charging cables.
Five: Reporting Incidents
An incident refers to anything suspicious or out of the ordinary. Finding a random USB drive, for example, is an incident that should be reported immediately. Why the urgency? The longer an incident goes unreported, the more harm it could cause. Timely reporting helps organizations quickly review what happened and mitigate potential damages.
Article retrieved from Non-Technical and Physical Security by The Security Awareness Company – KnowBe4, Inc. (2023)