Byte-Sized Security

Just as you wash your hands to avoid germs, regularly clearing your browser history and cookies helps keep your digital footprint clean. Stay fresh and protected online!

Run tabletop exercises or simulations to ensure the incident response team can respond effectively to various scenarios (e.g., data breach, ransomware, insider threat). Update the plan based on lessons learned.

Avoid sharing internal company details, project updates, or photos that may expose sensitive information. Even seemingly harmless posts can give attackers useful context.

Avoid giving out passwords, verification codes, or internal procedures over the phone. Attackers often use urgency or authority to pressure victims into sharing sensitive information.

Conduct a formal risk assessment to identify vulnerabilities, emerging threats, and gaps in controls. Use the results to update your security roadmap and risk mitigation plans.

If you see someone in a restricted area without proper ID, politely ask who they are or report them to security. Don’t assume someone else has already done it.

Ensure your posts and profile details are only visible to trusted connections. Platforms often update privacy policies, so check your settings periodically.

Create a silly sentence or a song lyric that only you know, then toss in some numbers and symbols. It’s like a secret handshake that’s easy for you but impossible for intruders.

If an email seems unexpected or urges immediate action, avoid clicking links or opening attachments. Hover over links to preview the URL before clicking.

Annually review IT and security policies to ensure they reflect current threats, technologies, and regulatory requirements. Distribute and communicate any changes to staff.

Never leave exterior or interior security doors open or unattended. Propping them open creates easy access for unauthorized individuals.

If you’re unsure about a caller’s legitimacy, hang up and call back using a known, official number. Never use a callback number provided during a suspicious call.

Secure your accounts with complex passwords that are different from those you use elsewhere. Always enable multi-factor authentication (MFA) for an extra layer of protection.

Identify and remove inactive user accounts that haven’t been used in the last 90+ days. Dormant accounts are a common attack vector for unauthorized access.

Every strong password, update, and security measure is a piece that fits together to keep your data safe. The more pieces you lock down, the harder it is for cybercriminals to crack the code.

Phishing emails often use addresses that look similar to legitimate ones (e.g., support@micr0soft.com). Always double-check for misspellings or unusual domain names.

All employees should complete updated security training at least once a year. This helps reinforce policies, recognize social engineering threats, and promote secure behavior.

Avoid posting sensitive details like your birthday, address, workplace, or travel plans. This information can be used for identity theft or social engineering attacks.

If someone calls claiming to be from IT, tech support, or a bank and asks for sensitive information, treat it with suspicion. Legitimate organizations rarely ask for credentials or account details over the phone.

Always use a strong, password-protected Wi-Fi connection to prevent unauthorized access. Avoid using public or unsecured networks when handling sensitive work data.