As public and private organizations across the globe turn to remote work and remote learning to address and fulfill their missions and goals, cybersecurity hygiene is an important practice to revisit. Individuals should continue to be vigilant in the face of criminals and bad actors, who are always looking to steal data, disrupt systems or undermine an organization’s reputation and credibility. Review and confirm that the following cybersecurity hygiene areas and actions are in practice to protect individuals, the organization and the organization’s data in a remote environment. Just like washing your hands is good personal hygiene, continue to practice sound cyber hygiene.
1. LOOKOUT! For suspicious emails, texts, phone calls, apps
2. KNOW! The proper email addresses, phone numbers (home, cell) for key contacts (e.g., supervisor, IT helpdesk, information security team) and organization systems (e.g., emergency notification system)
3. CHECK! Your organization’s official website(s) daily for updates
4. REPORT! To your organization’s IT and/or information security functions, via the approved channels, any suspicious communications or events, as well as any systems that are not working properly
1. Use multi-factor authentication (MFA) for all possible applications, websites, and devices; where MFA is not available, use long unique passphrases (12+ characters) for applications and websites, and use long PINs (6+ characters) for devices
2. Use your organization’s virtual private network (VPN) connection to securely access organizational systems
3. Use unique access codes for every web meeting or conference call; alternatively, if you must reuse the same access code, use a passcode to limit access to the meeting/conference call, especially for sensitive matters
4. Update all software on devices regularly, including operating systems (e.g., Windows, macOS, Android, iOS) and apps
5. Back up all critical files on your devices using organization approved systems, such as online file sharing apps (e.g., Box, OneDrive, Google Drive)
6. Lock your device when you step away, requiring a password to unlock the device
1. Don’t click on any links in suspicious emails or texts
2. Don’t send/reveal personal, financial, or username/password info in emails or texts
3. Don’t share organization-owned devices with family and friends
4. Don’t use public Wi-Fi; if you must only connect for a minimal time and always connect via VPN
5. Don’t use free tools (e.g., free Gmail/Google Docs) for official sensitive matters
6. Don’t use social media (e.g., Facebook, TikTok, Instagram, WhatsApp) for organization work and communications (unless explicitly approved by your organization)
7. Don’t download new apps on your devices without proper vetting
8. Don’t use personal devices to access organization systems and data (unless explicitly approved by your organization)
9. Don’t use USB drives (e.g., thumb or jump drives) unless acquired from or approved by your organization
1. Change your Wi-Fi network password from the default provided by your ISP or router
2. Create a separate Wi-Fi network at home for your organizational devices to use
3. Keep organizational devices stored in a separate secure location in your home