Employee Cybersecurity Basics
From utilizing proper password management techniques to maintaining a workspace that is clear of easily accessible private information, all employees play a key role in information security. The following are some basic security tips that will safeguard yourself, your computer and the citizens of Lancaster County.
- Never share your passwords with anyone, including helpdesk staff
- Your password is used to identify you as you when you login. You are responsible for anything performed under your username and password combination. The helpdesk can grant supervisors and coworkers access to your Outlook information without the need for you to share your password.
- Create strong passwords by including special characters, and using both upper and lower case letters
- By using special characters and upper and lower case letters, it becomes difficult for others to guess your password.
- Do not write your passwords down and leave them near your computer
- By leaving post-it notes or other loose paper containing passwords near your computer, you are inviting someone to gain access to sensitive information.
- Always encrypt and password protect sensitive information
- Social security numbers, credit card numbers, and healthcare information are protected by both State and Federal law. By default, email offers no security when sending someone information; to send an encrypted e-mail include the word encrypt as the first word of your subject line.
- Always lock your computer when you leave your workspace
- By locking your computer, you are preventing someone from using your account, accessing your e-mail and otherwise viewing any confidential information that may be stored on your computer.
- Always store CDs, USB drives or other removable devices containing sensitive information in locked drawers; physically securing devices around your workspace will ensure that you, and only you, have access to the contents of these devices
- Many state and federal regulatory frameworks, such as CJIS, HIPAA, PCI DSS, etc., require that both physical and electronic media containing sensitive information be stored within a secure environment.
- Any electronic device used to store County information must be properly erased by the helpdesk before it is discarded or disposed via property transfer or surplus
- Sensitive information is still accessible even after files have been deleted and the storage device formatted. To schedule an e-Waste pickup with the helpdesk, simply submit a trouble ticket requesting
- Use the network drives provided by your agency to save all important files and documents
- These drives are routinely backed up to prevent data loss – there is no need for employees to perform their own backups of any information stored on their computers.
- If you are assigned a County-issued laptop, make sure that you connect it to the County’s network on a weekly basis to ensure your laptop has downloaded and installed all available security updates, hotfixes and patches
- Ensuring that your assigned laptop is up-to-date with the latest security updates and policies will aid in ensuring problems are avoided in the future.
- Third-party software applications can affect both your computer's operation and the operation of the County’s entire network
- The County takes measures to ensure that employees are unable to install programs without direct assistance from the helpdesk, but malicious software can occasionally circumvent these protocols –always check with the helpdesk prior to installing any software. In addition to the effects of malicious software, enterprise-level software products often carry strict licensing requirements, which if violated, may result in fines, fees or other financial penalties.
- Never open email attachments if you are unsure about the origin or reason for the attachment – if you do not expect it, reject it! If you are concerned with the legitimacy of an e-mail, forward it to firstname.lastname@example.org and the helpdesk will provide an answer regarding its validity
- Even if you receive an attachment from a friend or coworker, think twice before opening – it is easy for e-mail attackers to pose as a trusted contact from your address book.
- Email messages you send become the property of the recipient
- Treat an e-mail like a postcard – the information you place in an e-mail can show up anywhere and anytime. Think before you send any email message.
- Think before you click on links, whether in e-mails or Google searches
- You should not immediately trust links provided within email messages, pdfs, search engine results, or even trusted websites. If you become suspicious or have second thoughts, do not click on the link.
If you become aware of a potential security risk, or if County data may have been inappropriately exposed, immediately contact the IT Helpdesk by calling (803) 416-9448.