Below are listed some high level does and don'ts of high level security. You may know most of this already but there doesn't seem to be a large Infosec group on Steemit so I thought I'd get it started
Cyber security is the shared responsibility f every agency employee and business unit. You play a key role in properly
Safeguarding and using private, sensitive information and state resources. The following Ds and Don’ts help remind us
All actions we must take to remain vigilant.
*Do use hard-t-guess passwords r passphrases. A password should have a minimum of 10 characters using
Uppercase letters, lowercase letters, numbers and special characters. T make it easy for you t remember but hard
For an attacker t guess, create an acronym. Fr example, pick a phrase that is meaningful t you, such as “My son’s
Birthday is 12 December, 2004.” Using that phrase as your guide, you might use Msbi12/Dec, 4 for your password.
*Do use different passwords for different accounts. If new password gets hacked, your there accounts are not
Compromised.
*Do keep your passwords r passphrases confidential. DON'T share them with theirs r write them down. You are
Responsible for all activities associated with your credentials.
DON'T leaves sensitive information lying around the office. DON'T leaves printouts r portable media containing
Don't past any private r sensitive information, such as credit card numbers, passwords r there private
Information, n public sites, including social media sites, and DON'T send it through email unless authorized
*Do use privacy settings n social media sites to restrict access to your personal information.
*Do pay attention t phishing traps in email and watch for telltale signs of a scam. DN’T pen mail r attachments
Form an untrusted source. If you receive a suspicious email, the best thing t d is to delete the message, and
Report it t your manager and Information Security officer (IS)/designated security representative.
*Don’t click n links form an unknown untrusted source. Cyber attackers fen use them to trick you into visiting
Malicious sites and downloading malware that can be used to steal data and damage networks.
*Don’t be tricked into giving away confidential information. It’s easy for an unauthorized person t call and pretend
T is an employee r business partner. DON’T responds t phone calls r emails requesting confidential data.
*Do destroy information properly when it is n longer needed. Place paper in designated confidential destruction
Bins throughout the office r use a crosscut shredder. Fr all electronic storage media, consult with IT.
*Do be aware of your surroundings when printing, copying, and faxing r discussing sensitive information. Pick up
Information form printers, copier’s r faxes in a timely manner.
*Don’t install unauthorized programs n your work computer. Malicious applications fen poses as legitimate
Software. Contact your IT support staff to verify if an application may be installed.
*Don’t plug in portable devices without permission form your agency management. These devices may be
Compromised with code just waiting to launch as soon as you plug them into a computer.
*Do lack your computer and mobile phone when not in use. This protects data form unauthorized access and use.
*Don’t leave devices unattended. Keep all mobile devices, such as laptops and cell phones physically secured. If a
Device is lost r stolen, report it immediately t your manager and IS/designated security representative.
*Do remember that wireless is inherently insecure. Avid using public Wi-Fi hotspots. When you must, use agency
Provided virtual private network software t protect the data and the device.
*Don’t leave wireless Bluetooth turned n when not in use. Only d s when planning to use and only in a safe
Environment.
*Do report all suspicious activity and cyber incidents t your manager and IS/designated security representative.
Challenge strangers whom you may encounter in the office. Keep all areas containing sensitive information?
Physically secured, and allow access by authorized individuals only