User Habits – CompTIA Security+ SY0-401: 2.6

How are your users handling the organization’s data? In this video, you’ll learn some techniques for maintaining good data hygiene for your entire user base.

<< Previous Video: Compliance Best Practices and StandardsNext: New Threats and Security Trends >>

Sometimes users have some bad habits relating to security and you often have to make them aware of the things that are going on. It’s very common for instance, to find at least somebody in your organization who has yellow sticky notes set plot right on their monitor with passwords and other identifiable information on there. So you have to make people aware that that’s not something you can really do in your organization.

Also, let people know how to handle the data. Where do you store data on the network? Do you put it in a public folder? Do we have private folders set up? To the end user, those folders may look exactly the same. But of course to other people in the organization, they’re different rights and permissions set up on those.

There are many times something called a clean desk policy, which means at the end of the day, or if you leave your desk, everything has to be cleaned off. You can leave nothing on your desk that people would be able to see. Your computer has to be locked and all of your papers have to be put away. And that becomes a habit that people have to get into to be able to do that.

We also have a challenge these days with personal information. You’re bringing your mobile phone into the office, you’re bringing your tablet computer into the office. And these are third party devices that have the potential to take private information or company information out the door. So there needs to be security policies wrapped around that.

And another way that is very, very common for people to get into environments, more common than you might think, is to simply fill their arms up with boxes of goodies, doughnuts, and other sweets, and ask somebody to open the door for them. You would be surprised how easy it is to get into a building that way. And donuts they’re so off putting and everybody wants a donut, it becomes very easy to walk in the door. But you have to train your users that that person, even though the arms are full, they’re going to need to badge in, they’re going to need to sign in, or do whatever is the standard process for getting into your building. You can’t just allow someone in because they’ve got their arms full.

Make sure that all of these user habits are things that are considered. And that your people get into the habit of doing the right thing when it comes to security.