Security Best Practices: Difference between revisions
Created page with "== 1. Importance of Security == To protect company systems, data, and intellectual property, all employees must follow strict security best practices. These rules are mandatory and apply to all laptops, accounts, and applications. ---- == 2. Strong Password Practices == * Use long, unique, and complex passwords (minimum 12 characters). * Avoid predictable patterns like names, dates, or simple combinations. * Change your password before it expires (every 30 days). * Sto..." |
|||
| Line 5: | Line 5: | ||
== 2. Strong Password Practices == | == 2. Strong Password Practices == | ||
* Use long, unique, and complex passwords (minimum | * Use long, unique, and complex passwords (minimum 8 characters). | ||
* Avoid predictable patterns like names, dates, or simple combinations. | * Avoid predictable patterns like names, dates, or simple combinations. | ||
* Change your password before it expires (every 30 days). | * Change your password before it expires (every 30 days). | ||
| Line 39: | Line 39: | ||
* Lock your screen whenever you leave your desk (Windows + L). | * Lock your screen whenever you leave your desk (Windows + L). | ||
* Use company assets only for official work. | * Use company assets only for official work. | ||
* Do not install software without | * Do not install software without IT approval. | ||
* Keep your laptop updated with the latest patches (IT-managed). | * Keep your laptop updated with the latest patches (IT-managed). | ||
* Never connect unknown USB drives or devices. | * Never connect unknown USB drives or devices. | ||
Latest revision as of 11:36, 24 November 2025
1. Importance of Security
To protect company systems, data, and intellectual property, all employees must follow strict security best practices. These rules are mandatory and apply to all laptops, accounts, and applications.
2. Strong Password Practices
- Use long, unique, and complex passwords (minimum 8 characters).
- Avoid predictable patterns like names, dates, or simple combinations.
- Change your password before it expires (every 30 days).
- Store and manage all passwords inside Bitwarden, the company’s approved password manager.
- Never write down passwords or share them with anyone.
3. Multi-Factor Authentication (MFA)
MFA is required for accessing key applications such as:
- Office 365 (Outlook, Teams)
Best practices:
- Always complete MFA verification using the Microsoft Authenticator app.
- Never approve login prompts you did not initiate.
- Report unexpected MFA requests immediately to IT.
4. Safe Email & Communication Practices
- Do not open attachments or links from unknown or suspicious emails.
- Be cautious of phishing attempts pretending to be HR, IT, banks, or known services.
- Double-check sender details before responding.
- Report any suspicious email to IT immediately.
5. Device Security
- Lock your screen whenever you leave your desk (Windows + L).
- Use company assets only for official work.
- Do not install software without IT approval.
- Keep your laptop updated with the latest patches (IT-managed).
- Never connect unknown USB drives or devices.
6. Safe Browsing
- Access only trusted and work-related websites.
- Avoid downloading files from unverified sources.
- Do not use torrenting, gaming, or high-bandwidth websites on any network.
- Use VPN when working remotely or on public Wi-Fi.
7. Data Protection & Privacy
- Store documents in OneDrive or SharePoint, not on the Desktop or Downloads.
- Do not email sensitive data without approval.
- Do not share internal documents outside the company without authorization.
- Follow the Clear Desk and Clear Screen policy at all times.
8. Physical Security
- Keep your laptop safely locked in your drawer when leaving for the day.
- Do not allow unauthorized persons to tailgate into the office.
- Report lost or stolen devices immediately to IT and HR.
9. Reporting Incidents
If you notice anything unusual such as:
- Unknown login attempts
- Suspicious emails
- System slowdown or unexpected pop-ups
Immediately report it to the IT Helpdesk at: support@heinfricke.services