Business Continuity and Security DOs and DON'Ts

By:  The IT Associates at NSK Inc.

The Top 10 DOs and DON'Ts from your Helpful IT Team 

Business Continuity encompasses a loosely defined set of plans intended to ensure your business critical functions continue.  These 10 DOs and DON'Ts will help.

1. Don't be tricked into giving away confidential information
   
   • Don't respond to emails or phone calls requesting confidential company information.
   • Always keep in mind that bad guys are successful because they are convincing.
   • Recent news stories reported scammers were tricking people into giving away information with fake tech support calls claiming to be your information technology service provider.
   • Keep on gaurd and report any suspicious activity to your IT Team.
     
     
     
2. Don't use an unprotected computer
   • When you access sensitive information from a non-secure computer you put the information you are viewing at risk.
   • Malicious software exists that allows people to easily snoop on what you are doing online when accessing unprotected sites.
   • If you are unsure if the computer you are using is safe, do not use it to access corporate or sensitive data.
     
     
     
3. Don't leave sensitive information lying around the office
   • Don't leave printouts containing private information on your desk.  It is easy for a visitor to glance at your desk and see sensitive documents.
   • Keep your desk tidy and documents locked away or shredded when no longer needed.
   • It makes the office look more organized, and reduces the risk of information leaks.
     
     
     
4. Lock your computer and mobile phone when they are not in use
   • Always lock your computer and mobile phone when you are not using them. You work on important things, and your IT group wants to make sure that they stay safe and secure.
   • Locking these devices keeps both your personal information and the company's data and contacts safe from prying eyes.
     
     
     
5. Stay alert and report suspicious activity
   • Sometimes suspicous activity isn't as obvious as we think.
   • Be cautious of people you don't know asking for things, especially on-line or in emails.
   • Always report any suspicous activity to your IT Team or IT managed services provider.  If something goes wrong, the faster they know about it, the faster they can deal with it.
     
     
     
6. Password-protect sensitive files and devices
   • ALWAYS password-protect sensitive files on your computer, USB flash drives, smartphones, laptops and other devices.
   • Losing a device can happen to anyone.  But by protecting your device with strong passwords, you make it difficult for someone to break in and steal data.
     
     
     
7. Always use hard-to-guess passwords
   • Many people use obvious passwords like "password" or "cat" or obvious character sequences on the qwerty keyboard like "ASDF".
   • Create complex passpharases by including different letter cases, numbers and even punctuation.
   • Try to use different passwords for different websites and computers, so if one gets hacked all your other accounts won't be compromised.
     
     
     
8. Be cautious of suspicious emails and links
   • Hackers try to steal email lists from companies, which happened recently to Toshiba.  Company email addresses are valuable to attackers, allowing them to create fake emails from "real people".
   • Always delete suspicious emails from people you do not know.  And Never EVER, EVER click on the links.
   • Opening these emails or clicking on the links in them can compromise your computer without you ever knowing it.
     
     
     
9. Do Not plug in personal devices without an OK from your IT Department
   • Don't plug in personal devices such as USBs, MP3 players or smartphones with the permission of your IT Department.
   • Even a brand new iPod or USB flash drive could be infected with a nasty virus.
   • These devices can be compromised with code that is just waiting to launch as soon as you plug them into a computer.
   • Talk to your IT Expert about your devices and let them make the call.
     
     
     
10. Don't install unauthorized programs on your work computer
    • Malicious applications often pose as legitimate programs like games, tools or even antivirus software.
    • They aim to fool you into infecting your computer or network.
    • If you like an application and think it will be useful, contact your IT managed services provider or IT department and have them looking into it for you.

 *List adapted from SOPHOS