Employee Security Awareness Checklist
Human attackers require human defenders to stop them in their tracks. This checklist can help you cover your bases while in the office or working from home.
Choose passwords that are eight characters long and contain a combination of uppercase and lowercase letters, numbers, punctuation marks, and other special characters
Avoid using basic combinations (i.e., password1, 123password!@#)
Avoid using the same password for multiple sites
Recommend using a password manager to store and manage passwords for multiple accounts and logins
Multi-Factor Authentication (MFA)
MFA is an authentication method that requires the user to provide two or more verification factors to access an account.
Use MFA when available and prioritize the use of an application (Google Authenticator or Microsoft Authenticator) before SMS (text message)
Email is a common gateway for attackers to launch much larger attacks like ransomware, phishing, access passwords, and more.
Company logo, colors, and overall branding – Is the correct logo on the email? Do the brand colors match?
Company contact information, address, phone number, etc. – Review the email and inspect it for company contact information
Spelling, grammar, and punctuation – Companies typically do not have typos in their emails
Avoid using your work email address for personal use, as this could lead to security issues
Check Sender Address
Beware of Urgency or Threats
Links – Before clicking a link, REVIEW IT!
Do not click on unsolicited emails
Cross-check any information that is suspicious by doing a Google lookup
Operating System Updates
Developers are constantly looking for bugs and vulnerabilities throughout their software. You should update whenever prompted.
Update your operating system whenever prompted
Set automatic updates whenever possible
Always keep your browser up to date
Avoid sites that use HTTP over HTTPS when inputting information such as login details, personal information, and credit card information or when filling out an online form
Do not install untrusted and unverified browser extensions or plug-ins
Working from Home
Secure your Wi-Fi connection with a strong password
Avoid using public Wi-Fi when working outside of the office or your house
If permitted, use a virtual private network (VPN) to add an additional layer of security when working
Use antivirus software to stop and quarantine attackers
Do not use work devices for personal use
Password or passcode protect your devices
Who Should You Contact?
Ask who the IT contact is
Ask for the email address where you should forward phishing emails