Best Practices

 Dear end users,

It is not with any pleasure that I write this to you, nor is it intended to make you feel like you've done anything wrong. You might have--you just didn't realize it, but don't worry, you're not alone. In fact, I imagine many employees that you work with have fallen prey to one or more of the behaviors that I mention.

With that said, when it comes to keeping your computer safe from malware, ransomware, evening wear… scrap that last bit. My intended pun will probably confuse you. Just in case, there is no threat against your PC called "evening wear," but you see how easy it is to fall victim to such nonsense? It's really easy.

Back to the point. You probably believe magic goes on behind the velvet curtain labeled IT that protects your computers from harm--and, in a way, there is. Your IT staff works tirelessly to prevent all of those desktops and servers from getting hacked or infected with malware, ransomware, and other security threats. The truth is, those desktops, servers, and networks are only as secure as you allow them to be.

That's right, in many instances the burden falls on your shoulders. Don't worry--it's not that hard. 

Instead of couching this advice in terms you may or may not understand, I'll make it as clear as possible. The best piece of cybersecurity advice I can give you is this: When in doubt, don't do it. Such generalities could leaving you staring blankly at your monitor and unable to function, so here are specific security best practices. 

  • Don't click suspicious links. If you don't know if a link is suspicious, ask.

  • Don't install any software on your PC or phone unless it comes from the operating system's built-in software store.

  • Don't install browser add-ons unless they are sanctioned by your company.

  • Don't visit websites that seem dodgy. What is a dodgy website? Products advertised on social media, sites that advertise products or services that sound too good to be true, sites that want to install applications on your computer, or any domain found on a list like the Fake Sites Database.

  • If you absolutely must visit a dodgy site (say you're doing research for your marketing department and want to know why a product is listed as must have), do it on a tablet that can easily be reset to factory default and doesn't contain company data.

  • Update your passwords with really strong ones that you can't memorize. I know that's a pain, but there's a solution: Ask your IT staff about how to use a password manager.

  • Don't open email attachments that haven't been checked by your antivirus.

  • Don't open text messages from unknown senders.

I know this list seems daunting, but it all supports the original idea of, "When in doubt, don't do it."

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

It is no secret that, among IT pros, the pervading feeling is that the weakest link in a company's security is the end users, but it doesn't have to be that way. All you have to do is stick to the above list of cybersecurity best practices, and you'll make the lives of your IT staff exponentially easier.

I don't mean to lay this all at your feet, but those admins who've been working day and night to keep your PC up and running need a bit of help, and chances are pretty good they know they can't look you in the eye and say, "This is your fault," without risking their jobs. So I take that burden upon myself.

But don't take this personally. It's not you, it's… okay, it might be you. But not 100% of the time... more like 80-90%.

Just remember, it's not that hard to keep those PCs safe from evening wear and formalwear… got you again! Come on, end users... keep up with me.

You can do this. I have faith in you. But just in case, repeat to yourself, "When in doubt, don't do it."

Also see

Comments