Information Security Dos and Don’ts
The key for the success of the information security management system rests not just on the documented policies and procedures, but also on the acceptable behaviour of the employees while doing work. We have compiled the below Information Security Dos and Don’ts for employees that needs to be followed for acceptable behaviour and use of Organizational assets.
Dos and Don’ts for Physical Security
- Do carry your ID card at all times while entering work areas
- Do clear your desk from confidential information and store it under lock and key
- Do lock your system during lunch / tea breaks or when you are not available at your desk. This will prevent unauthorized access.
- Do not tailgate while entering the work area
- Do not allow unauthorized personnel inside the organization
- Do not bring personal laptops / mobiles / pen drives / CD / DVD and other media unless authorized by management
Dos and Don’ts for Passwords Usage
- Do ensure passwords are long and strong
- Do change passwords periodically
- Do not spell out passwords to anyone
- Do not write down the passwords
- Do not put the same password for different applications
- Do not use familiar or obvious names that can be easily guessed by hackers
Dos and Don’ts for Internet Usage
- Do follow safe browsing habits and avoid clicking on suspicious links
- Do check the trustworthiness of a site and its security status
- Do clean browsing history / cache files after using the web
- Do not downloads from insecure websites
- Do not enter websites that are obscene, racist, illegal, anti-national, offensive, anti-social, etc.
- Do not engage in any form of hacking and Social Engineering
- Do not download or upload copyrighted / licensed material
- Do not give out personally identifiable information, like addresses, credit card / debit card numbers, account numbers, etc
Dos and Don’ts for Email Usage
- Do use always your corporate email id and never your personal email id for business purposes
- Do report spam mails, phishing mails immediately to the Incident Management authority
- Do encrypt email messages containing Confidential information
- Do use Email filtering tools that helps in preventing spam emails in your inbox
- Do not engage in email conversations with unauthorized personnel
- Do not give out personally identifiable information, like addresses, credit card account numbers over email
- Do not open or click on email links that are not from a trusted source
- Do not forward junk emails or hoax messages to anyone. Do not reply to such emails.
Other Dos and Don’ts
- Do report information security events or incident immediately to the concerned authority
- Do install only legitimate and authorized software / applications on your system
- Do use 2FA (Two Factor Authentication) for logging on to applications containing sensitive information
- Do not use Public Wi-fi hotspots and avoid working in public places in the first place
- Do not leave your Wi-fi and Bluetooth switched ON when not in use
- Do dispose assets in a secure manner when the asset is no longer usable
- Do ensure that your applications and antivirus patches are installed in a timely manner
- Do run antivirus scans regularly
- Do take Backup of data frequently
- Do shred hard copies of Confidential information retaining the Original copies
- Do not fall prey to Vishing calls where the Hacker uses Social Engineering technique to trick you into revealing Confidential information
- Do ensure that unauthorized persons do not view Confidential Information on your system while working.
It is best to make a checklist of the above Information Security Do’s and Don’ts for employees and monitor them from time to time.