Identity Protection Guidelines

Password security is paramount in safeguarding sensitive information and protecting yourself and SETRAC from potential security breaches. These guidelines will help you create strong and secure passwords to enhance the overall security posture of your identity and SETRACs.

Use Strong and Unique Passwords

Create strong passwords: Use complex passwords that combine uppercase and lowercase letters, numbers, special characters, and should be a minimum of 12 characters in length. Avoid common patterns or predictable sequences, such as “123456” or “qwerty” or “IJumpedOverACandle” for example. It will also be exponentially stronger the more characters it has.
Avoid reusing passwords: It is crucial not to use the same passwords for multiple accounts, whether they are work-related or personal.
Utilize password managers: A cross-platform application like Bitwarden is designed to securely store and manage passwords on various devices and browsers. It can also generate unique passwords for you, promote strong password practices like those listed in this guideline, simplifies password management, and enhances the security of your identity by safeguarding sensitive information.

Enable Multi-Factor Authentication (MFA)

Based on the three fundamental measures used to enhance digital identity protection: something you know, something you have, and something you are.

Emphasize MFA: Enable multi-factor authentication for all your work-related and personal accounts to add an extra layer of security.
Explore MFA options: In addition to your password, MFA adds an extra layer of security by requiring additional verification steps, such as using Time-based One-Time Passcodes (TOTP) from an authenticator app, biometrics, or a security token.
Educate yourself: Learn how to set up and effectively use MFA to reduce the risk of unauthorized access. IT can provide resources.

Secure Device Usage

Password protect your devices: Ensure that your work and personal devices are protected with strong passcodes or biometric authentication.
Encrypt your data: Use encryption tools or enable built-in encryption features to protect sensitive data stored on your devices. IT manages this for work devices.
Be cautious of public Wi-Fi networks: Avoid using public Wi-Fi networks to minimize the potential interception of sensitive information. Man-in-the-middle attacks are common on public networks.

Stay Updated with Software and Security Patches

Keep up with updates: Regularly update your devices, applications, and operating systems with the latest security patches.
Enable automatic updates: Whenever possible, enable automatic updates to ensure the timely installation of critical security fixes.

IT does not control this fully on work devices yet.

Be Cautious of Phishing and Social Engineering Attacks

Increase your awareness: Familiarize yourself with common phishing techniques and social engineering tactics that trick individuals into revealing sensitive information. IT can answer questions about this.
Verify suspicious emails: Carefully scrutinize emails requesting personal or work-related information. Verify the legitimacy of the sender before responding or clicking on any links.
Report incidents: If you suspect a phishing attempt or security breach, promptly report it to IT to prevent wide-scale propagation.

Protect Your Personal Information

Limit sharing personal data: Be mindful of sharing personal information on social media or public platforms to minimize identity theft risk.
Control privacy settings: Review and adjust privacy settings on your social media accounts to restrict access to personal information.
Digital barriers: minimize access to personal data on work devices to prevent cross-contamination from one domain to another.

Regularly Review Account Activity

Check login history for any unauthorized access attempts or unfamiliar logins.
Monitor account settings for unauthorized password changes, contact information, or email addresses.
Enable account notifications to receive alerts for important account events.
Check for unknown messages in your Sent and Deleted Items mailbox folders.

Safeguard Work Documents

Use secure file storage: Use OneDrive, Teams, and SharePoint to store work-related documents.
Understand data classification: Familiarize yourself with the data classification policy to appropriately identify and handle sensitive information.

Incident Reporting and Response

Notify IT: Immediately report any security incidents, suspected compromises, or unusual activities. Follow the established reporting channels by contacting your supervisor and the designated person handling security incidents, currently the Director of IT.
Provide Detailed Information: When reporting an incident, provide as much information as possible. Include details such as the nature of the incident, any error messages or warnings encountered, the timeline of events, and any potential impact or observed anomalies. The more information provided, the better equipped IT will be to investigate and respond effectively.
Preserve Evidence: If possible, avoid making any changes to the affected system or account. Preserve any potential evidence related to the incident, such as screenshots, error messages, or suspicious files. This evidence can be valuable during the investigation and mitigation process.
Follow IT Instructions: Cooperate and follow the instructions the IT provides. They will guide you through the incident response process, including actions like isolating affected systems, changing passwords, or disconnecting from the network. Promptly comply with their directions to mitigate the impact of the incident.
Limit Communication: Avoid discussing the incident with unauthorized individuals or sharing sensitive information outside the designated reporting channels. Adhere to the SETRAC’s communication protocols and policies to ensure accurate information is conveyed to the appropriate personnel.
Implement Mitigation Measures: If instructed by IT, take necessary steps to implement mitigation measures or follow any recommended actions to contain and resolve the incident. This may involve installing security patches, updating software, or resetting passwords.

Regular Training and Awareness

Ongoing education: Participate in regular training sessions and awareness campaigns to stay informed about the latest identity theft techniques and security best practices.
Include Simulated Phishing Exercises: As part of regular training and awareness, use simulated phishing exercises to learn about identifying and responding to phishing attempts. These exercises can provide hands-on experience and help reinforce good security practices. IT can help facilitate.
Take responsibility: Understand your role in protecting your own identity and the identities of your colleagues.