Five security considerations for end users

Author: Legend: BKJIA

Yesterday, a friend called me and said that their computer could not be connected to the Internet, and the Administrator was on a business trip these days. After I arrived at their unit, I found that there was no problem with both the hardware and network. So I used the exclusion method to find the problem and finally determined and ruled out the Network Fault Caused by ARP virus. During the exclusion process, I found that the end user's network security awareness is not strong and there are no corresponding protective measures. Therefore, this fault may occur sooner or later.

There is no doubt that end users need to achieve different security aspects. Almost every company has a large number of security files and policies. Basically, employees should be told to be careful when downloading them. They should pay attention to preventing phishing scams and password leaks. However, the long and tired-read tutorial may not be very effective. Sometimes, it may be better to provide several brief security tips to employees. Here we only list several aspects that are easy to ignore.

Secure passwords

The most popular password is the easiest thing to remember. Unfortunately, these passwords are the least secure. Generally, the password should contain at least eight characters and contain some special characters and change the password frequently. This change should not be a simple adjustment. For example, if the current password is "mypassword", after modification, it should not be similar characters such as "OKmypassword1.

For some users, they may need to write down the password because they are worried about forgetting the password. Otherwise, problems may occur. The user should discuss with IT administrators whether a program can store passwords securely, and only one password can be used to unbind encrypted files.

Keep company information confidential

Data is a valuable property of the company's operations, and publishing private information may be a major security hazard. Many users do not know what behaviors can cause risks to the enterprise. If they do not know the sent emails or dropped notes, the enterprise's security will be compromised.

Sometimes, company data may be sent as an email attachment. For example, a sales representative may send a new contract insurance policy to a customer, but does not realize that such messages store sensitive data. Employees of the company should carefully check the data sent to the outside of the company to see if it contains private information.

You must know that sensitive information is not only in digital format, but also in printed documents. Each department of an enterprise should set up a shredder to protect some sensitive information.

Know who can trust

The most sinister form of security attack is Social Engineering. It can use some interpersonal skills and methods to obtain user system information or management permissions from legal users through conversation, counterfeiting, and other means, it can also trick legal users into opening fake phishing emails or websites to defraud them of information or money. For example, an external individual can call a business representative of an IT department or pretend to be an employee.

Some new social engineering technologies are also emerging, which requires end users to be highly vigilant when receiving calls or visits from strangers.

Focus on the security risks of Personal Devices

With the popularity of smartphones, MP3 players, and other micro-devices, many employees may bring these personal devices to work. The enterprise should tell or ask its employees not to insert them into the computer, nor Copy company information to these devices.

Personal devices may pose a risk that many users do not recognize before they lose confidential data. Using this device violates the company's Data Transmission security policy. A common user may use iPod as a music player, which is a removable storage device that can copy company information without local access to IT staff.

Overall security view

Some users do not understand the consequences of downloading applications, and some users do not understand why the company prohibits connection to the network from a location with free Wi-Fi. This naturally shows that the construction of enterprise security culture is not deep enough, so that users lack the overall security concept. It is important for users to know the reasons behind some policies to use automated tools.

In order to give employees a wider range of security knowledge, some companies have set up online security tutorials. The company should also encourage users to ask IT professionals the best way to solve security problems, such as how to control passwords and ensure the security of new devices. Understanding the cause of a policy helps end users Ensure that they do not violate regulations or damage data.

We can express the several aspects discussed in this way, that is, security first, password security is critical. Trust others with caution and keep company secrets confidential. Personal devices are at risk and have an overall security concept.