Building a strong security culture for many companies can seem insurmountable, but there is an answer to this by using one of the props from late night television show host David Letterman leaned on—the Top Ten List. Here's my list of Top 10 Rules for Strong Security:

1. See something bad or unusual? Immediately contact your company's security team to report it. Your timely reporting of an unusual email or event may be the difference between your company's network and security infrastructure withstanding an attack rather than succumbing to a zero-day exploit.

2. Always do the right thing when it comes to cybersecurity at work. Everyone has a part in keeping your company secure. Don't try to bypass that security mechanism set up to stop certain actions from being executed.

3. Think before you click. Did you know that, according to IBM research, more than 91 percent of all data breaches start with a phishing email? If something doesn't look or feel right in an email, report it immediately to your security team. If it's from someone you don't know, be aware not everyone wants to be your friend, you can ignore them. Relax when it comes to responding quickly—you don't have to reply right away, even if the email looks like it is from your CEO. If they want to get in touch with you immediately, they will call you!

4. Be aware of your surroundings while at work. If your floor has restricted access, don't assume people won't sneak in behind other people through an open door. If your company has a badge that people should wear, and if you see someone without one, ask nicely for them to show it to you. Physical theft of equipment and intellectual property can happen anywhere, even in secure areas inside of a building.

5. Like that your Facebook or LinkedIn profile gets so many views? In your personal social media, don't post too much information about yourself or the work you do for your company. Hackers prowl social media sites to find more information about potential targets. They love to get the inside scoop of what's going on inside your company.

6. When in public, don't talk about your company's sensitive information over the phone or in person. Even if you are in a different city or country, don't assume it's safe. (Sensitive information refers to details about your company and projects you're working on. Details of your visit to the dentist? That's up to you.)

7. Create long, strong passwords (think 20-character, length is your friend). Do not write them down, ever. Say no to yellow sticky notes! Use two-factor authentication to log in, this will really knock your security up a notch. Do not be a creature of habit by reusing passwords, in whole or in part—it's just not smart! In your personal computing, consider using a password manager to store all your unique and completely different passwords. (Pro Tip: Keep your work passwords and your personal passwords different. This eliminates or at least reduces the chances your company will be compromised if your personal password is stolen.)

8. Lock your screen when you step away from your machine. Keep a clean desk and clean off all documents. This keeps prying eyes out of your work and keeps your data secure. You don't know who might be walking by your desk at night. Also, don't rely on a locked office door to protect your data, cleaning people or maintenance workers have keys to everywhere.

9. Keep your operating system, browser, and other critical software up-to-date. Updates only take a few minutes and they help keep your equipment and software secure.

10. Don't assume you are not a target for hackers. Everyone is a target. In many companies, people are given implied trust and access inside the network. Because of this, you must be careful. You don't want to give a hacker a foothold into your network. Should you accidentally click on a link or give out information, contact your security team immediately!

By using these 10 simple behaviors you'll be adding to your company's security. Be sure to remember to use them every day!

 

Linda McGlasson is a member of Relativity's Calder7 security team. In her current role on Relativity's Calder7 security team, Linda is in charge of implementing and spreading security awareness across Relativity's more than 850 employees.