Some simple tips to improve the Information Security of your organisation.
Stop using sticky notes as advertisements for your passwords
Do not leave your password where someone can easily read it. This is the same as not having a password at all, as anyone can read it and log in as you.
Ensure that you look after your laptop and encrypt sensitive data
Laptops are easy to mislay or can easily be stolen, and often have company confidential information on them.
Change your passwords regularly, without using words
Changing your password every month or quarter is recommended, and try not to use words or names. Use combinations of numbers, upper and lower case letters, and special characters. Passwords should be at least 6 characters in length. It can be easier to remember passwords if you use initial letters of phrases or song lyrics.
Use screen saver password protection
Many users leave their desks with applications wide open to unauthorized access. Simply add a screen saver with a password, or if using Windows, set the Windows login screen saver with a password.
Remember, do not open email attachments from unknown senders
Especially attachment files that end in .exe, .com, .vbs, .bat, .pif and .scr.
Internet - check for the lock or key when entering sensitive information
The lock or key will be in the bottom status bar of your web browser, and should relate directly to the site. This means that you should be able to trust the site, and your sensitive information such as credit card details will be transmitted securely.
Take time to ensure your documents are backed up
If you documents are not backed up then they will be lost on system failure. File servers are usually backed up, but this depends on your organisation's backup policy. Desktop hard drives are generally not backed up.
Your desk is an information goldmine. Clear it before someone else does!
Leaving sensitive information on your desk rather than putting it away is asking for people to read, remove or photocopy it.