Home > Best Practices for Employees
Workplace Safety

Best Practices for Employees

Business Email Compromise

Be suspicious of email links and attachments.
Emails designed to trick you into clicking links and downloading files come to inboxes daily. It is a practice called phishing and it’s surprisingly effective. The easiest way for someone to get unauthorized access to your network is for you to give it to them. Never click on email links and never download attached files unless they are from trusted sources.

Use strong passwords and keep them private.
Your password is one part of the information security process that you control. Remember that you are protecting your accounts not only from someone trying to guess your password, but also from someone who steals password files to crack them. A strong password can take so much time to crack that it’s not practical to keep trying.

Back up your files regularly.
Hard drive crashes, malware, ransomware attacks, electrical surges, operator errors, and stolen laptops lead to many lost files. Make sure you have backups of your important files. Your workplace probably has their own backup schedule, but if you’re worried about losing data in between official backups, ask your information technology office about how you can make your own.

Be careful when using public Wi-Fi.
When you connect to Public Wi-Fi, or an “open network,” anything you transmit could be seen by others. This includes usernames, passwords, account numbers, and confidential work information. Using a “secure” connection (such as HTTPS, SSL, or VPN) helps lessen the risk.

Use password protected screen savers.
It can take only a few minutes for a stranger—or even a coworker—to take advantage of a computer left idle.

Download only from approved sources.
As with email attachments, never download files from untrusted sources. Be especially suspicious of free software: it can have malicious software bundled along with it.

Don’t give out information to unverified individuals.
Social engineers try to fool you into giving out confidential information. Sometimes the information they ask for seems harmless, so their request doesn’t raise any red flags. Before giving out any agency-related information, be sure the person making the request is authorized to receive it.

Know and follow your agency’s information security policies.
Your agency may have its own security rules on matters such as using USB drives and personal devices on your organization's network. Follow these rules carefully.