23
Jan 2024
TOOLBOX TALK 49/60: OFFICE PERSONEL – CYBER SECURITY AWARENESS
TOOLBOX TALK 49/60
TOPIC: OFFICE PERSONEL – CYBER SECURITY AWARENESS
OBJECTIVE: TO ENSURE ALL MEMBER OF YOUR TEAM ARE AWARE OF CYBER SECURITY
Cyber security is a real risk in the workplace, and everyone should be aware of cyber security
It is the responsibility of everyone in the company to be aware of cyber security. Everyone (contractors or employees) should report any possible or perceived security incident to either their immediate supervisor or to their manager:
- To prevent unauthorized access of data, unattended computer screens should be locked when you leave your workstations.
- All computers should have automatic screen lock function set to automatically activate upon 5 minutes of inactivity. Employees should not take any action which would override this setting.
- When leaving your laptop unattended ensure that it is secured to something solid or lock it away.
- Laptops are unfortunately easy to steal, particularly during the stressful period while traveling. Many laptops are stolen in snatch and run robberies, where the thief runs through an office or hotel room and grabs all the equipment they can quickly remove.
- If anyone sees an unrecognized person in a restricted location, you should challenge them as to their right to be there. If the person should not be there, they should be immediately reported to supervisory staff.
- Only computer hardware approved by your company should be connected to company networks.
- Only software that has been approved by the company should be installed on company equipment.
- Computers supplied by your company are only to be used for business purposes.
- Modifications or configuration changes are not permitted on computers supplied by your company for home use.
- Antivirus software should be installed on all personal and work computers and servers.
- Virus update patterns should be updated daily.
- Individual users shall have unique logon IDs and passwords and not share user logins.
- Company user logins should be audited at least twice yearly, and all inactive logon IDs should be revoked.
- On departure of all employees and contractors, login IDs are revoked.
- Passwords should have a minimum of eight characters and a combination of at least 1 upper case, a numeric character and at least one special character.
- Passwords must be changed at least once a month and if you think a password is compromised the passwords should be changed immediately.
Don’t be reactive, get proactive with HSEC Online®