Information Security Decalogue
Information Security Decalogue
Information security in the workplace is of vital importance to protect personal data, ensure the confidentiality of corporate information and maintain the integrity of systems.
We remind you that a security breach, in addition to jeopardizing the continuity of any business, can have serious reputational effects and penalties.
The following is a list of best practices for employees and companies in information security:
Best Practices for Employees
Secure passwords:
Use strong passwords with 14 characters combining uppercase, lowercase, numbers and special characters (¿ = % &).
Change it at least twice a year.
Do not share or write down your passwords in visible places.
Two-factor authentication (2FA):
Enable two-factor authentication whenever possible to add an additional layer of security.
Security education:
Participate in training, awareness and sensitization programs on information security and data protection, to be aware of threats and best practices.
Device protection:
Keep the software of your PC and mobile devices up to date.
Use antivirus and firewall software and make sure they are always up to date.
Secure use of e-mail:
Be careful when opening e-mails, especially if they contain attachments or unknown links.
Safe navigation:
Avoid unsafe websites and do not click on suspicious links.
Cleaning policy:
Clear personal and confidential data from your desktop and screen before you leave your workstation.
Backup copies:
Ask your IT department if there is a backup policy and if your information can be restored in the event of a security breach.
If necessary, request authorization for regular backups of your important files and store them securely (password-protected external devices or authorized cloud servers).
Security breach reporting:
If you observe suspicious activity or believe you have been the victim of an attack, notify the company’s IT or security department immediately.
Security policy:
Know and follow your company’s security policies.
Best practices for the Company
Security policies:
Approve and enforce clear and effective information security policies, and ensure that all employees know and follow them.
If you need help in developing security policies, ask experts for help.
Data protection:
Adapt your company to comply with the Data Protection Regulation, through expert advice.
Properly classifies and protects sensitive and confidential data.
Controlled access:
Limits access to systems and information to employees who need it to perform their duties.
Forces employees to change passwords at least quarterly.
Software updates:
Keep all systems and software up to date with the latest security patches.
Network security:
Secures the company’s network with firewalls, intrusion detection systems and other security measures.
Contingency and recovery:
Develop a disaster recovery plan and perform regular backups.
Security education:
Provide information security and data protection training to employees and keep them updated on current threats.
Policy updates:
Review and update information security policies as threats and technologies evolve. As well as when significant changes occur at your information system or corporate level.
Response to security breaches:
Prepare an incident response plan to effectively address any security breaches that occur.
Cybersecurity and Information Security Auditing:
Make sure your company has sufficient measures in place. Implement monitoring and auditing systems to detect unusual or malicious activity on the network.
As a Business Adapter® customer, you get a FREE audit.
Request it by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]