Eze Castle Integration Eze Castle Integration

Hedge IT Blog

IT Security Dos and Don'ts to Live By

By Kaleigh Alessandro,
Tuesday, January 12th, 2016

IT security best practices ebook

We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. 

Need more? You can download our full IT Security Dos & Don'ts eBook by clicking here

DO:Check Mark

  • Be smart when browsing/surfing the Internet or clicking links

  • ​Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

  • Change your password immediately if you suspect that it has been compromised

  • Report suspicious activity to the IT team/CSIRT to help minimize cyber risks

  • Protect personal computers and devices with anti-virus/anti-malware software when working remotely, and keep it current


  • Allow others to use your login ID or password

  • Use the same password for every applicationX Mark

  • Store passwords on a piece of paper or other easily accessible document

  • Open email or attachments if the sender is unknown or suspicious

  • ​Get caught by phishing attempts, which can occur via email, phone, instant message, SMS or social media

  • Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email

  • Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately

  • Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk

  • Install unauthorized programs on your work (or home) computer

  • Plug in personal devices without permission from IT

For more security best practices and tips, check out these other articles:

Cybersecurity Whitepaper

Photo Credits: Wikimedia Commons

Editor's Note: This article has been updated and was originally published in July 2014.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 

Recent Posts / All Posts