Secure Florida offers...
- Security Alerts
- C-Safe Classes
- News and Info
create an account
Best Practices for Office Information Security
1. Be suspicious of email links and attachments.
Emails designed to trick you into clicking links and downloading files come to inboxes daily. It is a practice called phishing and it’s surprisingly effective. The easiest way for someone to get unauthorized access to your network is for you to give it to them. Never click on email links and never download attached files unless they are from trusted sources.
2. Use strong passwords and keep them private.
Your password is one part of the information security process that you control. Remember that you are protecting your accounts not only from someone trying to guess your password, but also from someone who steals password files to crack them. A strong password can take so much time to crack that it’s not practical to keep trying.
3. Back up your files regularly.
That spinning plate on your hard drive is an accident waiting to happen, and Florida is the lightning capital of the country. Hard drive crashes, electrical surges, and operator errors lead to many lost files. So do stolen laptops. Make sure you have backups of your important files.
4. Be careful when using public Wi-Fi.
When you connect to Public Wi-Fi, or an “open network,” anything you transmit can be seen by others. This includes usernames, passwords, account numbers, and confidential work information. Using a “secure” connection (such as HTTPS, SSL, or VPN) helps lessen the risk.
5. Use password protected screen savers.
It can take only a few minutes for a stranger—or even a coworker—to take advantage of a computer left idle.
6. Download only from approved sources.
As with email attachments, never download files from untrusted sources. Be especially suspicious of free software: it often has malicious software bundled with it.
7. Don’t give out information to unverified individuals.
Social engineers try to fool you into giving out confidential information. Sometimes the information they ask for seems harmless, so their request doesn’t raise any red flags. Before giving out any agency-related information, be sure the person making the request is authorized to receive it.
8. Know and follow your agency’s information security policies.
Your agency has its own security rules on matters such as using USB drives and personal devices on your organization's network. Follow them carefully.
If you would like to download a PDF of these best practices click here.