When it comes to IT security in the workplace, not all users are on the same page. Some are prepared to defend the integrity of their password to the death; others are ready to license it for appearance on a Goodyear blimp. Which mindset do you think is more conducive to a secure IT environment?
Below are 4 thoughts which run through the head of a user with a secure – AKA “correct” – IT mindset:
1. “I am a valuable target for hackers.”
Never, ever think “My job is too unimportant for the attention of hackers“, or “It could never happen to me.” Oh, it most certainly can. And it will, if cybercrooks can have their way. Never underestimate what your compromised accesses are capable of doing, and always bear in mind that hackers would LOVE to get into your accounts – even if you’re just the summer intern. You might not have direct access to the good stuff – but there’s a strong chance your account can be used as a stepping stone to get to someone who does.
2. “I don’t trust this e-mail.”
Let me modify an old adage: “An ounce of suspicion is worth a pound of cybersecurity incident response countermeasures.” (Rolls off the tongue nicely). Phishing is a constant security threat – if you ever have reason to suspect what a message is telling you or asking you to do, then err on the side of caution. Don’t be afraid to engage your IT team for assistance in determining the legitimacy of potential phishing attempt. If a message claims to be from your boss or co-worker with a strange request, give them a call or walk by their desk – a simple question can resolve the entire matter.
3. “No, you can’t have my password.”
Yes, sharing passwords is convenient. Yes, maybe it’s best for workflow. But that doesn’t make it good, or right. A secure password is one that stays locked up in your head (or a good password management tool, like LastPass) and doesn’t remain written down on a post-it somewhere. The only possible exception would be sharing your password with an IT team member for troubleshooting purposes – even then, the password should change afterward.
…And if secure passwords are really that damaging to workflow, then that could be a sign that workflow needs to be redesigned with security in mind. After all – it’d be quickest to just carry gold bars out of Fort Knox in plastic bags and take an Uber to the bank or wherever, I’m sure. But is convenience really the highest priority here?
4. “I’m not clicking that.”
“…You’re the 1,374,288th visitor to this site! You win a lifetime supply of Vienna Sausages! Just click here.” I don’t think so. Similar to #2 in this list: Every click should be treated as the potential opening of a security hole. If something looks fishy – a website, a link in an e-mail, a popup that appeared randomly on your desktop – don’t click it, and get the attention of someone from your IT team right away if it’s fishy enough.
These are just 4 thoughts off the top of my head, but this list could easily be much longer; I’ll write more at some point. Which other thoughts do secure users have? Share your ideas in the comments below.