StaySafeOnline.org - National Cyber Security Alliance
Top 8 Cyber Security Practices Cyber Security Basics News and Media Features About NCSA Events
HOME > Cyber Security Basics > Small Business > Prepare Your Company > Your Employees
Home Users
Educators
Family & Children
Small Business
- Cyber Security 101
- Prepare Your Company
  - Your Employees
    - Management
- Security Procedures
- Procedural Review
- Good Practices
- Password Control
- Workplace Posters
- Handouts
  - Your Computers and Systems
  - Your Customers
- Incident Recovery and Reporting
Submenu
Submenu
How Safe Are You?
Cyber Security
Glossary
  Procedural Security
 
Executive Summary
Submenu
Company employees are its best protection, and also potential vulnerabilities. Understanding and applying good security practices to your procedures will help you get the best protection.
Submenu
 

Good Overall Cyber Security Practices
The 8 Cyber Security Practices from NCSA are easy to remember and applicable to everyone in the workplace who uses a computer.  For an update for 2006, review the Department of Homeland Security and NCSA 2006 Emerging Internet Threat List.

Good Desktop Computer Security Practices
Cyber Security begins at the desktop.  Keep your practices simple and relevant to your office.  Some suggestions are:

  • Do not write down passwords
  • Do not use the “Save Password” feature on login forms
  • Do not share computer accounts
  • Utilize account/screen locking (with password unlock)
  • Logoff at the end of the day
  • Lock your laptop up when leaving the office

Build In Security for On-boarding and Off-boarding Procedures
Before you hire new employees, conduct background checks for especially for security personnel (including IT security), system administrators and anyone who you trust with your most sensitive information.  “Background checks” can be credit checks, criminal history, check of personal references-including educational background – if job requirement.  Always document who has received keys, access cards, etc. As your company grows, consider having new employees sign a non-disclosure form.

Former employees are potential vulnerabilities to your security.  Check to make sure that your employment entrance/exit security procedures are up to date.  Develop a checklist to use when employees exit the company.  As an employee is leaving, check bags such as briefcases or backpacks on entrance/exit, and look for any proprietary information copied onto CDs, removable hard drives (“jump drives, flash drives, etc).

When an employee departs:

  • Quickly deactivate all computer accounts
  • Repossess keys, access cards, parking passes, etc.
  • Change any door key codes or common passwords (yikes!) that employee knew about

Company Directory
Protect company directories and contact information.  Directories can make “social engineering” a lot easier for an outsider looking for information or targets for the next con.  Consider carefully what information you publish on the company web page to achieve an effective balance between your marketing and security needs.

Additional Resources
Brochure: 8 Cyber Security Practices
Sign Up for Free Cyber Security Alerts from the Department of Homeland Security
SBA?

Home | Site Map | Contact Us | Privacy Policy