Shared Responsibility – Online Safety at Work

At some point, all computer users on the job will discuss the unseemly topic of passwords

but do we really think about why passwords, as well as other online behaviors, can affect not only our own personal security but also that of our company? Network security while on the job is often an afterthought of the standard computer user but it is everyone’s job to ensure online safety at work.

Because of the blur of lines between our personal and professional lives, weak personal security habits can quickly put the financial livelihoods of not only ourselves, but our employer’s and co-workers at risk. While we all know that passwords should safeguard our various personal accounts, we don’t always realize that a breach of one such personal user account, or an intrusion from visiting sites that we know, deep down, are not sites we should be on, can lead to the placement of malicious software which can spread and lead to catastrophic network failure, compromised sensitive internal company and client data, and the potential legal liability that results. ….and when our company falters, our personal livelihoods do to.

A compromised computer on the network, whether from weak password security or personal behavior, can quickly spread its malicious payload to network servers and other user’s computers. Because of this we’d like to remind everyone of each user’s responsibility, not only to his or her self, but to everyone, and offer a few tips for keeping yourself as well as your company and work friends safe:

1) Monitor your own behavior.  If your company doesn’t regulate the web, take the responsibility yourself and use only authorized and reputable web sites. While obviously important for all users, this is especially important for users of offsite work laptops. Mobile users tend to have a higher rate of questionable website use. When the laptop returns and connects to the network (or perhaps it’s already on a vpn connection), malicious software (viruses!) can very quickly and easily spread across the network. We’ve seen entire file systems become encrypted and unusable, bringing a company to a full stop because of a single computer infection.

2) Speak up.  Report any suspicious email or computer behaviors so potential problems can be dealt with before they spread across the network. If you think your accounts or your devices have been compromised, let your employer know and contact your IT helpdesk before re-connecting to the network. If your computer is always on the company network, let them know right away.

3) Trust but verify.  If you receive a suspicious email which you were not expecting, and it is from someone you don’t know, run it by the helpdesk before opening attachments or clicking links. …especially if it’s asking for an action from you such as clicking a link or opening an attachment (fund transfer requests from a “spoofed” co-worker address and resume attachments are very common ploys). Make note that banks and other such financial institutions will ask you to visit their web site and log in as usual rather than asking for a user to click on an emailed link. …careful not to fall for such phishing schemes. Be alert. If you hover over a link in an email you can typically see where the link really goes. If it doesn’t look like it matches what you were expecting, don’t click on it. Ask your IT help desk to inspect the email.

4) Make sure you have protection.  If you feel that your antivirus software is not installed, not behaving properly, or alerting to a problem, contact your IT Helpdesk.

5) Practice good password hygiene:

     -Change your personal and work passwords frequently or choose a strong enough password or passphrase so you can change them less frequently
     -Don’t use the same passwords everywhere. It’s especially important to use different
       passwords at work than you use in your personal life.

6) Check if you have been compromised. Contact a company like us who can use tools to see if any of your passwords have been published to the dark web.  We can scour the internet to see if your credentials are lingering in shady areas.

7) Use a password manager.  This may be the best thing you’ve never heard of for finally finding relief from our life with annoying passwords. Passwords are very uncomfortable but there are simple tools which will save and manage complex passwords for you, so you don’t have to remember them yourself. Click a button and the tool will open a site and log in with your username and a complex password for you! Talk to your IT help desk about such tools and how you can begin using them. Proactively pursuing a better security habit for yourself can protect not only you but your entire company …and when your company is safe, your paycheck is safe.