武钢员工安全手册_员工如何成为您最大的网络安全资产

武钢员工安全手册

Nearly half of all businesses have experienced or are going to experience a cyber threat this year, and that number is growing. Every year we read about more cyberattacks and serious data breaches affecting entities of all sizes from local government offices and small-to-medium sized businesses, to sprawling behemoths such as Facebook.

今年 ，将近有一半的企业经历过或将要经历网络威胁 ，并且这个数字还在增长。 每年，我们都读到更多的网络攻击和严重的数据泄露事件，影响着各种规模的实体，从地方政府办公室和中小型企业到像Facebook这样庞大的庞然大物。

Keeping ahead of the threat seems like a full-time task which can seem incredibly daunting.

领先于威胁似乎是一项全职任务，这似乎令人生畏。

The good news is that among your greatest assets in cybersecurity are your own employees. It’s up to you to take advantage of that in order to keep your business or organization running smoothly and with little downtime or fear of compromised systems.

好消息是，您在网络安全方面最重要的资产就是您自己的员工。 您应充分利用这一点，以使您的企业或组织平稳运行，并减少停机时间或担心系统受到损害。

最佳密码做法 (Best password practices)

Make sure your employees know how to apply best password practices. This can cover several strategies such as:

确保您的员工知道如何应用最佳密码惯例。 这可以涵盖几种策略，例如：

• Strong password creation
  强大的密码创建
• Two-step authentication
  两步认证
• Regular changing of passwords
  定期更改密码
• Protecting passwords
  保护密码

The above points are simple. Cybersecurity experts recommend that strong password is one that includes a mix of numbers and upper and lowercase letters. Special characters could be an option as well. Passwords should not be easily-guessed dates such as birthdays or anniversaries, nor should they be any word one could find in a dictionary (English or otherwise).

以上几点很简单。 网络安全专家建议，强密码是包含数字和大小写字母的混合密码。 也可以选择特殊字符。 密码不应是容易猜测的日期，例如生日或周年纪念日，也不能是字典中可以找到的任何单词(英语或其他)。

Changing a password regularly can keep a possibly compromised password from being exploited by outside hackers or former employees who are careless with their login information or have malicious intent. Passwords should never be shared and writing them down — even in a “safe space” — should be discouraged.

定期更改密码可以防止可能被泄露的密码被不注意其登录信息或有恶意的外部黑客或前雇员所利用。 永远不要共享密码，并且不建议将其写下来，即使是在“安全的空间”中也是如此。

Two-step authentication goes a long way in preventing unauthorized access to business networks or employee e-mails. Many applications offer two-step authorization options that require an additional step in the login process such as answering a security question or entering an authentication code sent via SMS.

两步身份验证在防止未经授权访问业务网络或员工电子邮件方面大有帮助。 许多应用程序提供两步授权选项，在登录过程中需要额外的步骤，例如回答安全问题或输入通过SMS发送的验证码。

实践安全计算 (Practice safe computing)

Solid passwords are all well and good but offer little security if your employees are careless in their e-mail and internet use. Fortunately, educating employees on safe computing is pretty straightforward.

可靠的密码很好，但是如果您的员工不注意电子邮件和互联网的使用，那么安全性就很少。 幸运的是，对员工进行安全计算的培训非常简单。

Make sure that employees know how to recognize suspicious e-mails, attachments, and links. Nearly half of all cyberattacks businesses experience come in the form of phishing attacks in which an e-mail pretends to represent a trusted entity and attempts to convince the e-mail recipient to download an attachment or click on a link. In most cases, this leads to malicious malware getting installed on the computer or mobile device which could then spread to the network.

确保员工知道如何识别可疑的电子邮件，附件和链接。 所有网络攻击企业经历的几乎一半都是以网络钓鱼攻击的形式出现的，其中电子邮件伪装成代表可信任的实体，并试图说服电子邮件收件人下载附件或单击链接。 在大多数情况下，这会导致恶意恶意软件被安装在计算机或移动设备上，然后可能传播到网络。

Malware could expose your security to further infiltration, installation of routines that copy keystrokes and capture sensitive business data, or even overload your servers to the point of inoperability.

恶意软件可能使您的安全性受到进一步的渗透，安装例程以复制击键并捕获敏感的业务数据，甚至使服务器超负荷运行至无法操作的地步。

While no method can be considered 100% foolproof, employees can help protect your networks by following these simple tips:

虽然没有一种方法可以百分百地做到万无一失，但员工可以按照以下简单提示来帮助保护您的网络：

• Never share login or password information via e-mail or text message
  切勿通过电子邮件或短信共享登录名或密码信息
• Hover a mouse over a link without clicking to see where that link actually leads to. It might not be to who they think
  将鼠标悬停在链接上，而无需单击以查看该链接实际指向的位置。 可能不是他们想的那样
• Never download an attachment without being absolutely certain it is from a trusted source
  在绝对不确定来自可靠来源的情况下，切勿下载附件
• Update spam filters
  更新垃圾邮件过滤器
• Update virus and malware detection software on a regular basis
  定期更新病毒和恶意软件检测软件
• When in doubt, just don’t. Most well-known entities such as banks, corporations, or governmental websites can be accessed through their websites without having to go through an e-mailed link
  如有疑问，请不要。 可以通过其网站访问大多数知名实体，例如银行，公司或政府网站，而无需通过电子邮件链接

追踪最新的网络威胁新闻 (Follow the latest cyber threat news)

There is no shortage of news coverage — both from conventional news sources and industry sources — regarding data breaches, malware warnings, and ever-evolving phishing scams. Employees can protect themselves and your business by staying abreast of the latest news regarding potential threats.

对于数据泄露，恶意软件警告和不断发展的网络钓鱼诈骗，无论是来自常规新闻来源还是来自行业来源的新闻报道都不少。 员工可以及时了解有关潜在威胁的最新消息，从而保护自己和您的企业。

Some news services offer keyword alert services so employees don’t need to start their day scanning the news for the latest cyber threats. Important information can be automatically e-mailed to them when new information appears.

一些新闻服务提供关键字警报服务，因此员工无需开始每天扫描新闻以获取最新的网络威胁的信息。 重要信息可以在出现新信息时自动通过电子邮件发送给他们。

掌握最新的系统和软件更新 (Stay on top of latest system and software updates)

System and software developers are constantly working to improve security. It’s in their best interests to maintain your faith in their product, and that they take your security as seriously as you do. With that in mind, they often send out updates for either your system software or for specific applications that may have security holes that need to be closed.

系统和软件开发人员正在不断努力提高安全性。 维护您对产品的信心符合他们的最大利益，并且他们会像您一样认真对待您的安全。 考虑到这一点，他们通常针对系统软件或特定应用程序发送更新，这些更新可能需要关闭安全漏洞。

These apply to both desktop workstations and mobile devices alike. Staying current on updates means your systems are protected before trouble can occur.

这些适用于台式机工作站和移动设备。 保持最新状态意味着可以在发生问题之前保护您的系统。

了解发生网络攻击时该怎么办 (Knowing what to do should a cyberattack occur)

Finally, should the worst happen and business data is compromised, networks infiltrated, or malware installed…do your employees know what to do? By making sure your employees know how to respond to a successful cyberattack means you can reduce downtime and threats to sensitive data.

最后，如果最坏的情况发生了，业务数据遭到破坏，网络被渗透或安装了恶意软件……您的员工知道该怎么做吗？ 通过确保您的员工知道如何应对成功的网络攻击，您可以减少停机时间和对敏感数据的威胁。

While it’s not necessarily expected that every employee is a cybersecurity expert, they should at least know how to contact one — either in-house or remote — in order to get on top of the problem quickly, remove malicious software, and safely restore data.

虽然不一定期望每个员工都是网络安全专家，但他们至少应该知道如何与公司内部或远程联系，以便Swift解决问题，删除恶意软件并安全地恢复数据。

员工是您最有价值的防线 (Employees are your most valuable line of defense)

There is a lot to be said for employing managed service providers, consultants, and cybersecurity experts, as well as employing the very latest in network security devices and software. Your first line of defense, however, is going to be your staff.

雇用托管服务提供商，顾问和网络安全专家，以及雇用最新的网络安全设备和软件，有很多话要说。 但是，您的第一道防线将是您的员工。

Train them up. Get them informed. Show them how to stay informed. All of these will lead to a more robust wall of security around your networks so you can focus on allowing your business to flourish.

训练他们。 让他们知道。 向他们展示如何保持知情。 所有这些将导致网络周围的安全性更加稳健，因此您可以专注于使业务蓬勃发展。

Thank you for reading. I’d love to share more with you via my Weekly Word Roundup newsletter sent to subscribers every Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time!

感谢您的阅读。 我希望通过 每个星期天发送给订阅者的 每周Word综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门故事的链接。 您可以随时取消订阅！

翻译自: https://medium.com/swlh/how-employees-can-be-your-greatest-cybersecurity-asset-9388fbf98bf6

武钢员工安全手册