1. Introduction to Digital Security
Digital security is everyone’s responsibility. Any error or negligence can expose the company to risks, such as data loss or financial fraud.
Cyber threats are constantly evolving, and it is essential for each employee to follow good security practices in their daily routines.
2. Essential Security Practices
A. Use of Strong Passwords
Rules for creating passwords:
- Use passwords with at least 8 characters, including uppercase letters, lowercase letters, numbers, and symbols.
- Never reuse passwords across different accounts.
- Do not share your passwords with anyone.
- Change your passwords regularly, at least every 3 months.
- Enable multi-factor authentication (MFA) whenever possible.
B. Caution with Emails and Phishing
Phishing emails are one of the most common forms of attack. To avoid falling for scams:
- Do not click on links or open attachments from unknown senders.
- Carefully check the email address. Phishing attacks often use addresses similar to legitimate ones.
- Be cautious of urgent requests for confidential information or quick financial transfers.
- Immediately report any suspicious email to the IT department.
C. Secure Handling of Devices
- Protect devices (computers, phones, tablets) with passwords or screen locks.
- Automatic Lock: Set your device to automatically lock after a few minutes of inactivity.
- Avoid connecting to public or unknown Wi-Fi networks; always use a VPN when working remotely.
- Keep software and operating systems up-to-date. Updates often fix security vulnerabilities.
D. Protection of Sensitive Data and Information
Do not store confidential or sensitive data on personal or unauthorized devices.
Encrypt sensitive files and use secure methods to share confidential information (e.g., secure platforms).
Avoid using unauthorized cloud storage services for company data.
Be careful about what is shared on social media and in public. Small bits of information can be used in social engineering attacks.
3. Cyber Risk Awareness
A. Recognizing Social Engineering Attacks
Social engineering is the use of psychological manipulation to obtain confidential information. Attackers may pose as employees, IT technicians, or business partners.
Never provide sensitive information (passwords, financial data, etc.) without verifying the requester’s identity.
Be cautious with phone calls and messages requesting urgent or unusual information.
B. Protection Against Malware and Ransomware
Do not download software or open files from unknown sources.
Keep antivirus software active and updated on all devices.
In case of suspected malware infection, report it immediately to the IT department.
C. Responsible Use of Social Media
Do not share corporate information on social media.
Avoid disclosing personal details that could be used in social engineering attempts or targeted attacks (spear phishing).
4. Employee Responsibilities
Report incidents immediately: If you suspect any suspicious activity or a security incident, inform the IT or information security department as quickly as possible.
Follow company policies: Always be aware of and rigorously follow the company’s digital security policies.
Participate in training: Be available to participate in periodic training sessions to stay updated on new threats and best practices.
5. Company Security Tools
The company provides several tools to help protect its digital activities:
Antivirus and firewall installed on all corporate devices.
Automatic backup systems to ensure data recovery in case of an incident.
VPN software for secure connections when working off-site.
Multi-factor authentication on all corporate accounts.
6. What to Do in Case of an Incident
Lost your device? Immediately inform the IT department so they can block access and take security measures.
Received a suspicious email? Do not open the email or attachment. Forward it to IT for analysis.
Suspect invasion or malware? Disconnect the device from the internet and inform IT support immediately.
Summary
Digital security is a collective effort. By adopting these practices and following company guidelines, you will help protect our data, reputation, and business continuity. Security is not just the responsibility of the IT department, but of all of us.
