Security Best Practices
USB Sticks/Thumb Drives
• USB sticks should be supplied by the company and used only with company devices.
• If you need company files (files, folders and documents) transferred, and there is no other secure way identified, then data should only be saved on to company USB sticks.
• USB/Storage cards and external drives that are being used should all be encrypted.
Transferring company data using USB Sticks and/or Thumb Drives supplied by the company should only be a last resort option due to the risks involved. USB and external drives are easily lost, and, more often than not include sensitive unencrypted data that can be used against an individual or company, and there is nothing IT/Microsolv can do to help you retrieve or erase that data once it’s gone!
Email Security/Attachments
• Be extra vigilant with unknown senders this can be SPAM/Hoax email.
• Some SPAM is obvious and is only looking to catch you out when you’re busy.
• If you’re unsure about any email and its authenticity, check with us or discard without opening immediately.
• Email and malicious files cannot always be blocked by your protection software and firewall.
• Should you require training on email security please get in touch, and we can help organise this for you at an additional cost.
Malware is being created every day to bypass security features. Sometimes the only thing preventing a fatal event will be a user’s vigilance and contacting IT/Microsolv.
AV and Security Software
• At the very least, the best way to secure any network or PC is with security software, such as antivirus, that can be installed by IT/Microsolv.
• Please do not uninstall security software.
• Please do not install security software of your own, this can conflict with what is already present on your system.
• If you suspect your Anti-virus software is not up to date/updating automatically call IT/Microsolv.
• If your system seems slower than usual or shows any symptoms of stress, call IT/Microsolv.
Users frequently think they are bothering IT/Microsolv with “pesky” low priority issues. Let us reassure you, you are not bothering IT/Microsolv, you are paying for the service, so therefore should use us! However, it is important to understand that numerous unlogged, ‘small’ problems often build up and turn in to one big one; which can ultimately end up losing you valuable time whilst we sort out fixing it for you.
AUP (Acceptable Use Policy)
• Browsing social media/gaming/online shopping websites can be dangerous to your network.
• Some hackers target such websites to grab information without user’s knowledge.
• If you’re allowed to browse such websites reduce the window to your lunchtime periods.
Depending on your companies AUP, users can browse these websites at any time of the day which means the company’s network is always at risk of exposure to viruses and data loss. User’s personal data is also at risk.
Firewalls and AV software are implemented to protect you from malicious code/traffic but if you “open the door” to allow the use of external websites outside of work related content then anything is possible.
System Updates
• Run your updates when prompted! If in any doubt contact us!
• If you receive a software update for any software that you use please call us to check before installing, so that we can first check it is a legitimate update, but also so we check your system is ready for it.
• IT/Microsolv will always try to run your updates for you’re at minimal disruption to users (out of hours).
• Updates keep your systems secure and reduce the event of exploits to your PC and apps.
• Putting off an update will only increase the window of attack and allow updates to build.
There will be times when a users PC will run off sync with updates due to user’s annual leave or hot desk PCs that aren’t always in use. This means IT/Microsolv won’t always be aware of when a PC is in need of an update. If you notice you’re getting alerts about updates of any nature contact IT/Microsolv.
Additionally, if you’re unsure of whether an update is genuine, pick up the phone and tell IT/Microsolv or send an email directly to support.
Password Policies
• Change your passwords often and make sure they are complex.
• Passwords don’t need to be challenging or difficult for the user, only for others.
• Having users with the same password only makes it easier to break into all systems.
No one should know your password, not your boss, not your colleague, not even your best friend. Everything becomes a risk if your PC is exposed. If a hacker or disgruntled employee attained a user’s password and this password was the same as every user in the company it would take under five minutes to bring the company down.
There isn’t any security protocol in the world that can help you fast enough once there is a breach!
Idle Workstation/User Away
• We all need to leave our workstations at some point and is actually encouraged.
• When you take a break, make sure your system is locked down.
• It takes two seconds to lock your PC and keep your session running upon return.
• Policies can easily be put in place to automatically lock your PC when idle.
• This can deter people who have been shoulder surfing and are looking for an opportunity.
Again, you are leaving yourself, your workstation, and your company network exposed when you step away from your workstation without locking it. You can have the strongest password in the world, however, this will not help if your workstation is idle and open.
This document should be your go to for anything you’re unsure about. Is it not created just to scare you, rather an incentive to help you engage more with IT and Microsolv for absolutely any issues.
One final thing, Microsolv strongly advise any company to complete a Penetration Test on the company network to ensure that the security breach risks are reduced considerably.
Stay vigilant, stay safe…
Microsolv Systems Ltd
Please note that this is not an exhaustive list of best practices and has been provided for guidance only.
