What's wrong here?
The City’s Information Technology Department wants to get you thinking about IT-security issues with a game called “What’s wrong here?” See if you can identify 10 issues in the image above that could change to create a safer environment.
1. Sticky notes on the monitor display passwords.
Even though it’s tempting to write passwords down, it’s never a good idea to put them in an obvious location such as under your keyboard, much less stuck to the screen. If you have trouble remembering all of your passwords, write them down and store them in a locked drawer or on your person (never including your user name, of course). Better yet, use a password manager, which is like an encrypted vault for your passwords that you can access online from your computer or smartphone. Never allow anyone to use your credentials to gain access to a protected information system. That is a violation of the City’s Electronic Communications Policy.
2. Smartphone left unattended and unlocked on the desk.
Smartphones contain personal and professional information such as contacts, email, notes, voicemail, texts and photos. That data could be used to steal your identity. Protect your smartphone with a passcode and set the auto-lock for when it’s not in use. And consider using a “find my phone” app in case of theft. If your City-provided phone is lost or stolen, contact the IT Service Desk as soon as possible by email or at 612-673-2525.
3. Computer is unlocked and unattended.
Anyone passing by could dig through this employee’s electronic files, copying or deleting as they go. You can quickly lock your computer by holding down the “windows” key and pressing the letter “L” (as in “lock”). Always lock your computer when it’s unattended.
4. Outlook email left open.
Anyone could come by and read this employee’s work email messages or send messages from the account. Always log out of Outlook when it’s not in use or lock your computer when it’s unattended.
5. Personal email left open.
The same goes for this employee’s personal email account; anyone could come by and read the employee’s personal email messages or send messages from the account. Someone could even set the personal email account to automatically forward all mail to a different account. Always log out of your personal email account or close the browser when it’s not in use, or lock your computer when it’s unattended.
6. Thumb drive left on the desk.
Imagine the kind of data thumb drives contain. How about spreadsheets full of City data? Or personal financial documents destined for the IRS? If you’re not actively using them, place thumb drives in a drawer and lock them up.
7. Security badge left on the desk.
Security badges allow for unescorted access to various areas and are meant to confirm a person’s identity. Please don’t allow someone to steal yours; it could be counterfeited or used to give the wrong person access. Keep your badge on you or in a secure location.
8. Keys left on the desk.
It is remarkably easy to figure out what car these keys go to, and the other keys on the employee’s key chain could open the server room, desk, file cabinets or some other restricted space. Never leave your keys unattended.
9. Papers strewn across the desk.
Many people pass through City workspaces each day. Piles of papers not only look messy, they could be sharing information you don’t really mean to share. Keep your papers off your desktop; file them away or put them in your desk drawers.
10. Recycle bin contains documents that should be shredded.
Not all paper should be recycled as is; some should be shredded first. If you’re at all concerned about someone reading your discarded documents, shred them.
How well did you do? Hopefully these 10 points opened your eyes. Maybe you’ll see more security gaps that weren’t covered in the game. If you think of more gaps that you want to share, please email IT Security Analyst Roger Hagedorn or call him at 673-3182.
Published Feb 8, 2017