Employee Security Awareness Checklist

Download Checklist

Human Attackers Require Human Defenders to Stop Them in Their Tracks

This checklist can help you cover your bases while in the office or working from home. 

Password Protection

  • Choose passwords that are at minimum twelve characters long and contain a combination of uppercase and lowercase letters, numbers, punctuation marks, and other special characters.

  • Avoid using basic combinations (i.e., password1, 123password!@#)

  • Avoid using the same password for multiple sites

  • Recommend using a password manager to store and manage passwords for multiple accounts and logins

Multi-Factor Authentication (MFA)

MFA is an authentication method that requires the user to provide two or more verification factors to access an account.

  • Use MFA when available and prioritize the use of an application (Google Authenticator or Microsoft Authenticator) before SMS (text message)

  • Email

  • Mobile Device

  • Work login

Email Phishing

Email is a common gateway for attackers to launch much larger attacks like ransomware, phishing, access passwords, and more.

  • Company logo, colors, and overall branding – Is the correct logo on the email? Do the brand colors match?

  • Company contact information, address, phone number, etc. – Review the email and inspect it for company contact information

  • Spelling, grammar, and punctuation – Companies typically do not have typos in their emails

  • Avoid using your work email address for personal use, as this could lead to security issues

  • Check Sender Address

  • Beware of Urgency or Threats

  • Links – Before clicking a link, REVIEW IT!

  • Do not click on unsolicited emails

  • Cross-check any information that is suspicious by doing a Google lookup

Operating System Updates

Developers are constantly looking for bugs and vulnerabilities throughout their software. You should update whenever prompted.

  • Update your operating system whenever prompted

  • Set automatic updates whenever possible


  • Always keep your browser up to date

  • Avoid sites that use HTTP over HTTPS when inputting information such as login details, personal information, and credit card information or when filling out an online form

  • Do not install untrusted and unverified browser extensions or plug-ins

Working From Home

  • Secure your Wi-Fi connection with a strong password

  • Avoid using public Wi-Fi when working outside of the office or your house

  • If permitted, use a virtual private network (VPN) to add an additional layer of security when working


  • Use antivirus software to stop and quarantine attackers

  • Do not use work devices for personal use

  • Password or passcode protect your devices

Who Should You Contact?

  • Ask who the IT contact is

  • Ask for the email address where you should forward phishing emails

About Pondurance

Pondurance delivers world-class managed detection and response services to industries facing today’s most pressing and dynamic cybersecurity challenges including ransomware, complex compliance requirements and digital transformation accelerated by a distributed workforce.

By combining our advanced platform with our experienced team of analysts we continuously hunt, investigate, validate and contain threats so your own team can focus on what matters most.

Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals and compliance and security strategists who provide always-on services to customers seeking broader visibility, faster response and containment and more unified risk management for their organizations.