武鋼員工安全手冊

Nearly half of all businesses have experienced or are going to experience a cyber threat this year, and that number is growing. Every year we read about more cyberattacks and serious data breaches affecting entities of all sizes from local government offices and small-to-medium sized businesses, to sprawling behemoths such as Facebook.

今年 ，將近有一半的企業(yè)經(jīng)歷過或?qū)⒁?jīng)歷網(wǎng)絡(luò)威脅 ，并且這個數(shù)字還在增長。 每年，我們都讀到更多的網(wǎng)絡(luò)攻擊和嚴重的數(shù)據(jù)泄露事件，影響著各種規(guī)模的實體，從地方政府辦公室和中小型企業(yè)到像Facebook這樣龐大的龐然大物。

Keeping ahead of the threat seems like a full-time task which can seem incredibly daunting.

領(lǐng)先于威脅似乎是一項全職任務(wù)，這似乎令人生畏。

The good news is that among your greatest assets in cybersecurity are your own employees. It’s up to you to take advantage of that in order to keep your business or organization running smoothly and with little downtime or fear of compromised systems.

好消息是，您在網(wǎng)絡(luò)安全方面最重要的資產(chǎn)就是您自己的員工。 您應(yīng)充分利用這一點，以使您的企業(yè)或組織平穩(wěn)運行，并減少停機時間或擔心系統(tǒng)受到損害。

最佳密碼做法 (Best password practices)

Make sure your employees know how to apply best password practices. This can cover several strategies such as:

確保您的員工知道如何應(yīng)用最佳密碼慣例。 這可以涵蓋幾種策略，例如：

• Strong password creation
  強大的密碼創(chuàng)建
• Two-step authentication
  兩步認證
• Regular changing of passwords
  定期更改密碼
• Protecting passwords
  保護密碼

The above points are simple. Cybersecurity experts recommend that strong password is one that includes a mix of numbers and upper and lowercase letters. Special characters could be an option as well. Passwords should not be easily-guessed dates such as birthdays or anniversaries, nor should they be any word one could find in a dictionary (English or otherwise).

以上幾點很簡單。 網(wǎng)絡(luò)安全專家建議，強密碼是包含數(shù)字和大小寫字母的混合密碼。 也可以選擇特殊字符。 密碼不應(yīng)是容易猜測的日期，例如生日或周年紀念日，也不能是字典中可以找到的任何單詞(英語或其他)。

Changing a password regularly can keep a possibly compromised password from being exploited by outside hackers or former employees who are careless with their login information or have malicious intent. Passwords should never be shared and writing them down — even in a “safe space” — should be discouraged.

定期更改密碼可以防止可能被泄露的密碼被不注意其登錄信息或有惡意的外部黑客或前雇員所利用。 永遠不要共享密碼，并且不建議將其寫下來，即使是在“安全的空間”中也是如此。

Two-step authentication goes a long way in preventing unauthorized access to business networks or employee e-mails. Many applications offer two-step authorization options that require an additional step in the login process such as answering a security question or entering an authentication code sent via SMS.

兩步身份驗證在防止未經(jīng)授權(quán)訪問業(yè)務(wù)網(wǎng)絡(luò)或員工電子郵件方面大有幫助。 許多應(yīng)用程序提供兩步授權(quán)選項，在登錄過程中需要額外的步驟，例如回答安全問題或輸入通過SMS發(fā)送的驗證碼。

實踐安全計算 (Practice safe computing)

Solid passwords are all well and good but offer little security if your employees are careless in their e-mail and internet use. Fortunately, educating employees on safe computing is pretty straightforward.

可靠的密碼很好，但是如果您的員工不注意電子郵件和互聯(lián)網(wǎng)的使用，那么安全性就很少。 幸運的是，對員工進行安全計算的培訓(xùn)非常簡單。

Make sure that employees know how to recognize suspicious e-mails, attachments, and links. Nearly half of all cyberattacks businesses experience come in the form of phishing attacks in which an e-mail pretends to represent a trusted entity and attempts to convince the e-mail recipient to download an attachment or click on a link. In most cases, this leads to malicious malware getting installed on the computer or mobile device which could then spread to the network.

確保員工知道如何識別可疑的電子郵件，附件和鏈接。 所有網(wǎng)絡(luò)攻擊企業(yè)經(jīng)歷的幾乎一半都是以網(wǎng)絡(luò)釣魚攻擊的形式出現(xiàn)的，其中電子郵件偽裝成代表可信任的實體，并試圖說服電子郵件收件人下載附件或單擊鏈接。 在大多數(shù)情況下，這會導(dǎo)致惡意惡意軟件被安裝在計算機或移動設(shè)備上，然后可能傳播到網(wǎng)絡(luò)。

Malware could expose your security to further infiltration, installation of routines that copy keystrokes and capture sensitive business data, or even overload your servers to the point of inoperability.

惡意軟件可能使您的安全性受到進一步的滲透，安裝例程以復(fù)制擊鍵并捕獲敏感的業(yè)務(wù)數(shù)據(jù)，甚至使服務(wù)器超負荷運行至無法操作的地步。

While no method can be considered 100% foolproof, employees can help protect your networks by following these simple tips:

雖然沒有一種方法可以百分百地做到萬無一失，但員工可以按照以下簡單提示來幫助保護您的網(wǎng)絡(luò)：

• Never share login or password information via e-mail or text message
  切勿通過電子郵件或短信共享登錄名或密碼信息
• Hover a mouse over a link without clicking to see where that link actually leads to. It might not be to who they think
  將鼠標懸停在鏈接上，而無需單擊以查看該鏈接實際指向的位置。 可能不是他們想的那樣
• Never download an attachment without being absolutely certain it is from a trusted source
  在絕對不確定來自可靠來源的情況下，切勿下載附件
• Update spam filters
  更新垃圾郵件過濾器
• Update virus and malware detection software on a regular basis
  定期更新病毒和惡意軟件檢測軟件
• When in doubt, just don’t. Most well-known entities such as banks, corporations, or governmental websites can be accessed through their websites without having to go through an e-mailed link
  如有疑問，請不要。 可以通過其網(wǎng)站訪問大多數(shù)知名實體，例如銀行，公司或政府網(wǎng)站，而無需通過電子郵件鏈接

追蹤最新的網(wǎng)絡(luò)威脅新聞 (Follow the latest cyber threat news)

There is no shortage of news coverage — both from conventional news sources and industry sources — regarding data breaches, malware warnings, and ever-evolving phishing scams. Employees can protect themselves and your business by staying abreast of the latest news regarding potential threats.

對于數(shù)據(jù)泄露，惡意軟件警告和不斷發(fā)展的網(wǎng)絡(luò)釣魚詐騙，無論是來自常規(guī)新聞來源還是來自行業(yè)來源的新聞報道都不少。 員工可以及時了解有關(guān)潛在威脅的最新消息，從而保護自己和您的企業(yè)。

Some news services offer keyword alert services so employees don’t need to start their day scanning the news for the latest cyber threats. Important information can be automatically e-mailed to them when new information appears.

一些新聞服務(wù)提供關(guān)鍵字警報服務(wù)，因此員工無需開始每天掃描新聞以獲取最新的網(wǎng)絡(luò)威脅的信息。 重要信息可以在出現(xiàn)新信息時自動通過電子郵件發(fā)送給他們。

掌握最新的系統(tǒng)和軟件更新 (Stay on top of latest system and software updates)

System and software developers are constantly working to improve security. It’s in their best interests to maintain your faith in their product, and that they take your security as seriously as you do. With that in mind, they often send out updates for either your system software or for specific applications that may have security holes that need to be closed.

系統(tǒng)和軟件開發(fā)人員正在不斷努力提高安全性。 維護您對產(chǎn)品的信心符合他們的最大利益，并且他們會像您一樣認真對待您的安全。 考慮到這一點，他們通常針對系統(tǒng)軟件或特定應(yīng)用程序發(fā)送更新，這些更新可能需要關(guān)閉安全漏洞。

These apply to both desktop workstations and mobile devices alike. Staying current on updates means your systems are protected before trouble can occur.

這些適用于臺式機工作站和移動設(shè)備。 保持最新狀態(tài)意味著可以在發(fā)生問題之前保護您的系統(tǒng)。

了解發(fā)生網(wǎng)絡(luò)攻擊時該怎么辦 (Knowing what to do should a cyberattack occur)

Finally, should the worst happen and business data is compromised, networks infiltrated, or malware installed…do your employees know what to do? By making sure your employees know how to respond to a successful cyberattack means you can reduce downtime and threats to sensitive data.

最后，如果最壞的情況發(fā)生了，業(yè)務(wù)數(shù)據(jù)遭到破壞，網(wǎng)絡(luò)被滲透或安裝了惡意軟件……您的員工知道該怎么做嗎？ 通過確保您的員工知道如何應(yīng)對成功的網(wǎng)絡(luò)攻擊，您可以減少停機時間和對敏感數(shù)據(jù)的威脅。

While it’s not necessarily expected that every employee is a cybersecurity expert, they should at least know how to contact one — either in-house or remote — in order to get on top of the problem quickly, remove malicious software, and safely restore data.

雖然不一定期望每個員工都是網(wǎng)絡(luò)安全專家，但他們至少應(yīng)該知道如何與公司內(nèi)部或遠程聯(lián)系，以便Swift解決問題，刪除惡意軟件并安全地恢復(fù)數(shù)據(jù)。

員工是您最有價值的防線 (Employees are your most valuable line of defense)

There is a lot to be said for employing managed service providers, consultants, and cybersecurity experts, as well as employing the very latest in network security devices and software. Your first line of defense, however, is going to be your staff.

雇用托管服務(wù)提供商，顧問和網(wǎng)絡(luò)安全專家，以及雇用最新的網(wǎng)絡(luò)安全設(shè)備和軟件，有很多話要說。 但是，您的第一道防線將是您的員工。

Train them up. Get them informed. Show them how to stay informed. All of these will lead to a more robust wall of security around your networks so you can focus on allowing your business to flourish.

訓(xùn)練他們。 讓他們知道。 向他們展示如何保持知情。 所有這些將導(dǎo)致網(wǎng)絡(luò)周圍的安全性更加穩(wěn)健，因此您可以專注于使業(yè)務(wù)蓬勃發(fā)展。

Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time!

感謝您的閱讀。 我希望通過 每個星期天發(fā)送給訂閱者的 每周Word綜述 新聞稿 與您分享更多信息 。 它將包含新聞，生產(chǎn)力提示，生活技巧以及指向互聯(lián)網(wǎng)上的熱門故事的鏈接。 您可以隨時取消訂閱！

翻譯自: https://medium.com/swlh/how-employees-can-be-your-greatest-cybersecurity-asset-9388fbf98bf6

武鋼員工安全手冊

總結(jié)

以上是生活随笔為你收集整理的武钢员工安全手册_员工如何成为您最大的网络安全资产的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。