If you think that your company’s security team is singularly responsible for keep things secure, think again. The security team in your organization is responsible in a big way to create and enforce policy, to educate users, and to constantly evolve the security posture, but they are not alone in this fight. You, as an employee, are also responsible for the security of your organization. Security teams can only do so much, after educating users and creating policies, it’s the user that needs to step up and do their part. So what is your part as a user? Let’s work through some of the security responsibilities that you as a user need to own in order to keep things safe and secure in the workplace.
Removable Media
Nothing has caused more headaches for security teams than removable media. Just ask the NSA after the whole Edward Snowden fiasco! He regularly stole information and carried it out on a USB drive. If your job requires the usage of removable media, make sure that you only use it for approved activities. Before you plug it into a sensitive system, find a non-networked PC and have your drive scanned for viruses, which removable media also brings into the picture. You likely signed a removable media policy agreeing to the terms, so be careful what you do with it, it could cost your company and it will cost you your job if mishandled.
Internet Usage
The internet is an amazing resource, however, it can also be a major liability. Much like the policy you signed for the approved use of removable media, I can guarantee you signed an acceptable use policy for the internet. Avoid the use of pornography in the workplace, as it can be riddled with viruses that can take down a network. Additionally, be careful of any download that comes from the internet. Ensure that the download is from a reputable source before clicking the download link. Users have a big impact on internet security for an organization; play your part to make sure you are staying safe online.
Social Media Activity
Social media has become a big problem. User’s accounts get hacked and then send invitations to others in order to steal their information. Employees spend time at work on social media, updating accounts, snapping pictures, and connecting with others. Social media should not be used on corporate machines, period. Additionally, if you choose to use social media throughout the workday on your personal devices, be aware of what you are posting. Do not post information about the project you are working on, or where you are traveling to next for work. Hackers and social engineering attacks can utilize social media to grab a bunch of puzzle pieces and put together a bigger picture of what’s going on. Enjoy social media if you must – just don’t drag your organization into it.
Insider Threat Awareness
Some of the worst cyber attacks have stemmed from an insider threat. Whether it was because of elevated user rights, or a lack of separation of duties, it happens frequently. Your role in security as it pertains to insider threats is to be aware of what is going on around you. Get to know the people you work with, and be aware of any odd behavior. Is your coworker all of a sudden spending a ton of money in an unexplained fashion? Do you notice that they are coming in at odd hours and staying after late by themselves? These are indicators of insider threats. Report anything suspicious to your security team so things do not get out of hand.
Do Your Part
Be vigilant when you work. Operational security and situation awareness are key to remaining aware of security risks. If you avoid inappropriate or unnecessary use of the internet, watch for insider threat markers and manage removable media safely, you are doing your part to keep things safe. If you lack training, get with your supervisor and ensure that you have the appropriate training to do your part in security.