| TACTIC |
DESCRIPTION |
| 1. Clean Desk |
- Don’t leave personal documents unattended on a desk
- Don’t leave credit applications unattended on a desk
- Don’t leave important company documents, strategies, designs, etc. unattended on a desk
|
| 2. Document storage |
- All documents with anyone’s personal information must be locked up in a file cabinet with limited access
- All company sensitive documents must be locked up when not in use
|
| 3. Password Management |
- Don’t write passwords on notes and place them by the computer
- Hiding passwords notes under keyboards, tissue boxes, blotters, etc. is not security
- Don’t share your passwords with anyone and be careful of over the shoulder surfers
|
| 4. Clean out the wallet or purse |
- Remove any cards or information from your wallet or purse before travelling
- Photocopy both the front and back of every card you carry and store them in a safe location
|
| 5. Social Engineering |
- Don’t give out phone numbers or other personal information of fellow employees to people you don’t know
- If a caller sounds suspicious, ask them for their name, company name and phone number to call them back
- Have a person tasked with security that other employees can contact and report incidents to
|
| 6. Tailgating |
- When unlocking security doors, don’t let other employees follow behind you
|
| 7. Phishing and Spear Phishing |
- Beware of emails form people, even fellow employees or management asking you to send passwords or other sensitive information to them. Call and confirm first.
|
| 8. Car rental agreements |
- Bring home the car rental agreements to dispose of by either shredding or submitting with your trip report
|
| 9. Laptop computer security |
- Don’t leave laptop computers in any unattended car
- Remove all valuables from the car before valet parking
- Laptops stored in a car’s trunk is not secure
|
| 10. Secure PDA’s and cell phones |
- Password protect the PDA’s and cell phones with at least an eight-digit code
- When upgrading to a new phone or PDA, physically destroy the old one. Don’t sell them on eBay
|
| 11. Document disposal |
- Don’t place sensitive documents in the garbage or recycle bin. Shred Them!
- Don’t throw a customer’s old credit report or application in the garbage or recycle bin
|
| 12. Receptionist security training |
- Train the receptionist how to securely handle phone calls
- Train receptinist how to securely admit visitors
- Train receptionist how to securely admit employees who have forgotten their employee ID badge
|
| 13. Secure ID Badges |
- All employees should have photo ID badges that they must ware above their waist
- Employees should not wear their employee badges out in public
- Combine physical security and network security to the employee badge
- While the military and government use color coding to denote security clearance levels, it may be useful within your company too
|
| 14. Know the privacy laws |
- Employees need to understand the basic and intent of the different federal and state privacy protection laws (e.g. FACTA, GLB, HIPAA, SOX, CA SB-1386, PCI, etc.)
|
| 15. Purses and briefcase storage |
- Employees should never leave their purses or brief cases unattended and unsecured. Find a cabinet or drawer to lock them in
|
