Security Awareness Tips

Everyone is now working from home, which makes a centralised approach to security controls near impossible. Far from supervision and advice, how do you support users to act in a cyber-safe manner? Here are some tips improving the users’ security awareness.

OFFER USERS A HELPLINE

Supply employees with a helpline or community board for asking security related questions. Try not to judge question worthiness as all questions need to be addressed, no matter how trivial or basic they may appear. A safe environment to raise issues will promote security awareness and strengthen your security posture. Try setting up a Microsoft Teams Channel to allow posts, or simply utilise your current helpdesk ticketing system.

CENTRALISE ASSETS

Isolated users may lead to isolated data. As users save to their local devices, data loss and data ex-filtration risk increases. If possible, set your users up to work via a centralised server, since this can be both protected and regularly backed-up. Train users how to access the system and how to work productively. Examples of centralised repository are

· Microsoft SharePoint – A central collaborative repository

· OneDrive – Synchronises data to the cloud, via a local component

· Remote Desktop solutions – An entry level option that can be used while a more future proof option is sourced

· VPN – Unable to automatically synchronise data, but provides users with access to centralised servers. Set up user accounts to remind them to connect to the VPN

NO SUCH THING AS A STUPID SECURITY QUESTION

A user that questions a suspicious URL or email is better than a user that never questions. Secure organisations encourage users to trust their instincts. Asking for security advice or verification should never be viewed as a weakness or waste of time. It can be considered as security awareness improvement.

MINDFULNESS AROUND INFORMATION PRIVACY AT HOME

With a dispersed workforce is that privacy violations are much more likely. Data is possibly on local machines and now that machine and its display are open to a whole new audience who should not see it. Therefore NSP recommends that if possible other household members can’t see the display and that when the user is away from the machine they lock it. Behaviour that would be expected in the office should continue outside it.

Consider the following:

• Angle of the screen could be an issue. Can others easily see it?
• Can private conversations be overheard?
• Are you leaving confidential documents/printouts on desks?

You trust your family but a data leak is still a data leak, and who knows what they might do with it?

Read about New Zealand Cyber Security Strategy on the gov.co.nz.

Learn more about NSP Cyber Security Solutions.