CYBER TIPS FOR EMPLOYEES AND CONTRACTORS
Make your passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase).
Change your passwords regularly (every 45 to 90 days).
Do NOT give any of your usernames, passwords, or other computer or website access codes to anyone.
Do NOT open emails, links, or attachments from strangers.
Do NOT install or connect any personal software or hardware to your organization’s network without permission from your IT department.
Make electronic and physical back-ups or copies of all your important work.
Report all suspicious or unusual problems with your computer to your IT department.
SECURITY FOR LEADERSHIP AND PROFESSIONALS
Implement Defense-in-Depth: a layered defense strategy includes technical, organizational, and operational controls.
Establish clear policies and procedures for employee use of your organization’s information technologies.
Implement Technical Defenses: firewalls, intrusion detection systems, and Internet content filtering.
Update your system’s anti-virus software daily.
Regularly download vendor security "patches" for all of your software.
Change the manufacturer's default passwords on all of your software.
Monitor, log, analyze, and report successful and attempted intrusions to your systems and networks.
PHYSICAL SECURITY GUIDANCE FOR EMPLOYEES
Monitor and control who is entering your workplace: current employees, former employees, commercial delivery, and service personnel.
Report broken doors, windows, and locks to your organization’s or building’s security personnel as soon as possible.
Back up or copy sensitive and critical information and databases.
Store, lock, and inventory your organization’s keys, access cards, uniforms, badges, and vehicles.
Monitor and report suspicious activity in or near your facility’s entry/exit points, loading docks, parking areas, garages, and immediate vicinity.
Report suspicious packages to your local police. DO NOT OPEN or TOUCH!
Shred or destroy all documents that contain sensitive information
REPORT SUSPICIOUS CYBER INCIDENTS
System Failure or Disruption - Has your system or website’s availability been disrupted? Are your employees, customers, suppliers, or partners unable to access your system or website? Has your service been denied to its users?
Unauthorized Access - Are you aware of anyone attempting (either failed or successful) to gain unauthorized access to your system or data?
Unauthorized Changes or Additions - Has anyone made unauthorized changes or additions to your system's hardware, firmware, or software characteristics without your IT department’s knowledge, instruction, or consent?
Unauthorized Use - Are unauthorized parties using your system for the processing or storage of data? Are former employees, customers, suppliers, or partners still using your system?