Awareness

Your employees are the best defence against digital threats

Staff awareness and training

Another focus for the Information Security Officer is on staff awareness: the ISO organises training and awareness campaigns to raise awareness of security threats and to ensure that employees comply with security policies.

The human factor is the biggest security vulnerability that organisations can have. After all, the best security technology is useless if employees click on phishing links or write their passwords on a post-it note and stick it to their screen. It is therefore all the more important to meet employees at their current level of knowledge and to raise their awareness in a practical way in the areas they actually need for their day-to-day work. In this way, organisations can create an awareness of IT security and acceptance of the measures required for it.

It is worthwhile for both new and long-serving employees to familiarise themselves with safety when working digitally. This is because the „human factor“ plays an important role in protecting company networks and business data in order to prevent security incidents such as ransomware or fraud attempts.

The following checklist summarises the most important tips for security-conscious behaviour in the digital workplace:

CRITICALLY EXAMINE E-MAILS

Check sender carefully

Be cautious of emails from external contacts, as well as from colleagues and management, as phishing email creators are increasingly mimicking legitimate senders.

Encrypting E-Mails Securely

To disable unwanted eavesdroppers, it is recommended to encrypt emails before sending. This way, only the rightful recipient can read the message. Clarify with your IT department how you can communicate securely.

3-Second Safety Check

To avoid falling into the trap, take your time for the 3-second safety check: check the sender, subject, and attachment before clicking.

RESPONSIBLE PASSWORD MANAGEMENT

Never write down passwords where they can be seen.

Under no circumstances should you write down your passwords on scraps of paper or Post-it notes attached to your monitor, not even in supposedly discreet places like under your keyboard.

Use a separate password for each access

Never use the same password for multiple devices, applications, or accounts. If one password is compromised, attackers could otherwise gain access to multiple systems simultaneously. Using individual passwords ensures that a security incident is limited to a single access point and does not endanger your entire digital environment.

Protect passwords from prying eyes

Please ensure you are not observed when entering your password

Choose strong and secure passwords

If you can set your own passwords and they are not dictated by the IT department, choose the strongest password possible that cannot be easily guessed – so not your birthday or your child's or pet's name.

Protecting sensitive data on PCs, laptops, and the like.

Always lock devices when leaving

Lock your device when you leave your workspace – even if it's only for a brief absence of a few minutes

No private hardware in the company network

Do not use private hardware on the company network and do not store company data on private storage media.

Securing USB sticks and data drives

Take care with USB sticks containing work documents and, if necessary, protect them with a password too.

Do not use unknown storage media

Do not connect removable storage media of unknown origin, such as USB sticks received as promotional gifts, to your work computer. There is a risk of malware infection.

Only use approved software

Only install and use programmes on your work devices that have been tested and approved by the IT department. Unauthorised software may contain security vulnerabilities or introduce malware, thus endangering company data. By using approved applications, you ensure that all programmes comply with internal security standards and are regularly updated.

Safe Internet Use

Reduce private use to a minimum

Keep private internet use at work to a minimum. This will help to reduce the risk of malware infecting your system or potentially even the entire company network. Ask your IT department if further protective measures are possible to separate private and work data.

Check security certificates

Please pay attention to any warnings regarding invalid and/or expired security certificates from web services. If in doubt, please ask your IT department.

Block pop-ups in the browser

Configure your browser to suppress pop-up messages. If you are unsure how to do this, please ask your IT department.

Handle data from social media with care

In principle, you should be sparing with your personal data on social media. This applies all the more in a professional and corporate context, as internet fraudsters also seek information here, which they can use, for example, to create fake emails in the name of your colleagues.

YOUR CONTACT PERSON

Connect with our expert.
Non-binding, uncomplicated, but always with
added value for you.

RALPH DÖRFLER

Head of IT Security