Don't Forget to Share this Post

20 Cybersecurity Dos and Don'ts Your Employees Should Follow

By Kaleigh Alessandro | Tuesday, October 11th, 2016
IT security best practices ebook

With October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.

Need more? You can download our full IT Security Dos & Don'ts eBook by clicking here


  • Be smart when browsing/surfing the Internet or clicking links

  • ​Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

  • Change your password immediately if you suspect that it has been compromised

  • Report suspicious activity to the IT team/CSIRT to help minimize cyber risks

  • Protect personal computers and devices with anti-virus/anti-malware software when working remotely, and keep it current


  • Allow others to use your login ID or password

  • Use the same password for every application

  • Store passwords on a piece of paper or other easily accessible document

  • Open email or attachments if the sender is unknown or suspicious

  • ​Get caught by phishing attempts, which can occur via email, phone, instant message, SMS or social media

  • Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email

  • Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately

  • Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk

  • Install unauthorized programs on your work (or home) computer

  • Plug in personal devices without permission from IT

For more security best practices and tips, check out these other articles:

Cybersecurity Do Don't List Whitepaper

Photo Credits: Wikimedia Commons

Editor's Note: This article has been updated and was originally published in July 2014.

Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!