Defend your computers. Keep all softwares (including your Web browser) with automatic updates and install all security updates that your IT department recommends. Use antivirus, antispam, and antispyware software and activate your firewall.
Think before you share sensitive information. Look for signs that a Web page is safe, before you enter sensitive personal or business data–a Web address with https (“s” for secure) and a closed padlock ( ) beside it. Never give sensitive info in response to an e-mail or instant message(IM) request.
Think before you click. Pause before you open attachments or click links in e-mail or IM even if you know the sender; they could be phony. Confirm with the sender that the message is real or visit the official Web site by typing the address yourself. Be wary of clicking links or buttons in pop-up windows.
Use strong passwords. Lock your online accounts, computer, phone, and other devices with passwords of at least eight characters length (longer is better), and include upper and lower case letters, numbers, and symbols. Keep passwords and PINs secret. Don’t disclose them to coworkers or businesses (like an Internet café operator), or be tricked into giving them away. Don’t use the same password everywhere.
Protect yourself from e-mail scams. Look out for alarmist messages, misspellings and grammatical errors, deals that sound too good to be true, requests for sensitive information like account numbers, and other signs of a scam. Turn on a filter that warns you of suspicious Web sites.
Protect your data on the go. When you use public Wi-Fi, choose the most secure option, even if you have to pay for it. It could include password-protection and encryption. Confirm the exact spelling of the wireless network you’re connecting to. Beware of clever (slightly misspelled) fakes. Encrypt the data on your laptop (or USB flash drive) in case you lose it or it’s stolen. Guard your laptop, smartphone, and PDA as carefully as your wallet.
Restricting the types of websites that employees are allowed to visit can help you exclude the sites that could compromise your network.
Advise employees about which softwares are safe to be installed on their computer.
When someone outside of your business requests any personal or business information, verify that he is a safe person with whom information can be sent.
Write an Internet Usage Policy for personnel to follow and post it in an accessible place for all to see and refer to.
Set rules on what kinds of business information your employees can share online, and where.
Create instructions on whether your employees should use their working email to sign up for social media sites and newsletters.
Consider the implementation of a company social media policy, so that employees know what they should and should not post online.
Update all of your business softwares when you receive notifications to do so, so that all security fixes are up to date.
Instruct all of your employees to have complex passwords that have letters, numbers and symbols so they are harder for cyber criminals to steal/crack.
Always be suspicious of phone calls, emails or other communications from an unknown source.
Only visit legitimate and trusted websites while using business computers or working with business information.
Before providing personal information to anyone, verify that they are a trusted source (for example, a bank would not send out personal inquiries by email, so a call to the actual bank might be advised if such an email were received).
If someone is seeking your personal information, ask why the information is required.
If the answer does not seem satisfactory, do not provide it — or ask for their supervisor to get more details.
Never remove or disable any security safeguards put into place on business networks and computers (such as anti-virus software).
Social networking sites like Facebook, Twitter and LinkedIn can be powerful tools for your business to reach potential customers and build stronger relationships with clients. However, social networking sites and services are becoming an increasingly popular way for cyber criminals to try to get your personal or business information to hack into your personal or business computer systems.
If your business uses social networking sites for marketing or professional purposes, you will need to choose one or more employees, and only allow them to post content in your business's name.