U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Was this page helpful?

Security Awareness Tips

OSY/OCIO Security Awareness Tips

  • Access control, cards, keys, combinations to locks, etc. issued to an individual employee are not to be transferred to, or utilized by, another.
  • Change combinations and locks as necessary if they are suspected of being compromised.
  • Cell phones and PDAs have become frequent targets for attackers. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.
  • Do not prop open doors and gates that are meant to be kept closed. Secure any unsecured entry and exit doors or other openings/entrances, and report deficiencies to your supervisor and Servicing Security Office. Direct visitors or contractors to the appropriate individual for processing into secure areas.
  • Employees, vendors, and contractors are required to promptly return badges, keys, or any items used for access to a supervisor or manager upon leaving a department or leaving the employ of the DOC.
  • Shelter-in-Place exercises reinforce the importance of safety and survival during a real-world emergency event/incident. Know your assigned shelter area, turn off office lights, close your office doors, and report to your designated accountability official.
  • Lock your computer with a password-protected screen saver and before leaving your desk unattended; press "Alt-Ctrl-Delete" to lock it.
  • Report broken fences or doors, malfunctioning locks, and inadequate or non-working lighting to your supervisor and Servicing Security Office. Observing and reporting system weaknesses will decrease a terrorist's chances of success.
  • Practice good operational security (OPSEC). Do not share the locations of control centers or communications equipment, operations plans or similar materials, employee access points, emergency response plans, or computer passwords.
  • Occupant Emergency Plan drills and exercises are designed to test, evaluate, and validate emergency plans that protect the safety and welfare of our employees and visitors, and must be viewed with the utmost seriousness.
  • Locks and access cards are in place to protect the Department and its employees. Do not hold the door for anyone you do not know personally, and make sure no one slips in behind you.
  • Identity theft, or identity fraud, is a crime that can have substantial financial consequences. Take precautions with personal information; if you become a victim, act immediately to minimize the damage.
  • Report lost or stolen keys immediately to your supervisor.
  • Report a lost or stolen employee identification card immediately to your supervisor. Someone may be able to use an ID to pose as an employee and gain access to critical areas.
  • Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
  • Ensure that the public and non-authorized DOC personnel do not access secure or restricted areas. Be on the lookout for persons forcibly attempting to enter restricted areas.
  • Report unfamiliar couriers, repair personnel, utility crews, or other “trusted” employees who are in the wrong place or appear lost.
  • If an explosive or dangerous device is discovered, follow the direction of law enforcement or security personnel. No one, outside of properly trained law enforcement personnel, should touch a device or suspected device.
  • Before discarding an old computer, or throwing away removable media, be sure to request assistance to sanitize these items, as people may still be able to resurrect deleted files.
  • If, during the course of your normal duties, you discover an unattended item or object that appears out of place, consider whether it has been hidden or concealed, if it looks obviously suspicious, and if it is typical of what should be there, when attempting to determine its status.
  • In the event of an evacuation, be ready to offer assistance to anyone who needs help evacuating a facility.
  • If you receive a bomb threat call, keep the caller talking by asking for further information such as: When is the bomb going to explode? Where is the bomb right now? What does the bomb look like? What is your name?
  • The release of a chemical agent may have occurred if you observe two or more people suddenly experiencing difficulty breathing, coughing uncontrollably, collapsing or having seizures, experiencing nausea or blurred vision, or smelling an unusual or unexplainable odor.
  • During a chemical, biological, or radiological incident, if you are inside and the incident occurs inside, prepare to evacuate while minimizing passage through the contaminated area. Ensure that doors and windows that are not being used are kept closed. If you are inside and the incident occurs outside, stay inside and prepare to Shelter-in-Place. If you are outside, evacuate upwind of the suspected area.
  • Supervisors are encouraged to develop special needs plans for their respective offices, bureaus, and/or operating units to ensure that special needs individuals are properly cared for and safe during an emergency.
  • File-sharing/Peer-to-Peer technology is a popular way for users to exchange, or "share," files. However, using this technology makes you susceptible to risks such as infection, attack, or exposure of personal information.
  • In any suspected radiological incident, minimize exposure by minimizing the time around the suspected site. Maximize the distance between you and the site, trying to place some shielding (i.e., buildings, vehicles, land feature such as a hill, etc.) between yourself and the site.
  • One of the single most important security measures at the DOC is the employee identification badge. All employees are required to display the badge on their outermost garment, in a visible location above waist level, while on DOC property.
  • Employee identification badges are the property of the DOC and must be relinquished to the employee's supervisor upon leaving the employ of the DOC.
  • Do not lend your DOC identification badge to anyone. Your employee ID confirms your current employments status and your right to be on DOC property. Employees are responsible for safekeeping their badges, which must be worn at all times while on DOC property.
  • The key to protecting DOC systems is alert and motivated employees who understand how important it is to be the eyes, ears, and mouth of the Department.
  • Although copyright may seem to be a purely legal issue, using unauthorized files could have security implications. To avoid prosecution and minimize the risks to your computer, make sure you have permission to use any copyrighted information, and only download authorized files.
  • Shelter-in-Place (SIP) activities must be taken seriously due to the terrorist challenges our nation faces on a daily basis. Should an SIP event occur, make sure you have your escape hood and/or personal fly-a-way kit with you; it may save your life or that of a colleague.
  • Be familiar with your work environment. Report any activity or objects that may appear suspicious or out of place.
  • As an employee, you can be one of the most effective security tools in your organization – remain aware at all times, use common sense, and report anything unusual or out of the ordinary.
  • Be aware of who is around you when speaking about confidential or sensitive information. The information could be used by others for illegal or terrorist activities.
  • Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.
  • Ensure that sensitive data is properly destroyed when no longer needed. Use shredders to destroy papers containing sensitive information.
  • Basic good housekeeping reduces the opportunity for planting items. Establish a place for everything and keep everything in its proper place.
  • It is crucial to protect sensitive information from disclosure. Properly safeguard sensitive and classified documents. Always lock your workstation when not in use.
  • Digital signatures are a way to verify that an email message is really from the person who supposedly sent it and that it hasn't been changed.
  • If someone displays unusual behavior, acts erratically, or seems extra nervous, report it to your supervisor.
  • Employees must not share Department information with persons outside the DOC, unless authorized as part of their duties to do so.
  • Integrate security sweeps into your daily routine. Look for signs of tampering, forced entry, and unusual or out of place items.
  • Remember, emergency situations require quick thinking and reactions. Be prepared!
  • Many computer users, especially those who travel for business, rely on laptops and PDAs because they are small and easily transported. But while these characteristics make them popular and convenient, they also make them an ideal target for thieves. Make sure to secure your portable devices to protect both the machine and the information it contains.
  • When observing your surroundings, look for people: who look lost or are wandering around, using cameras or video recording devices to conduct surveillance, abandoning an item and leaving the area quickly, or possessing a weapon or any prohibited or dangerous items.
  • Know your facility's emergency evacuation plans.
  • Spyware (a.k.a. "adware") has become increasingly prevalent on the internet. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge.
  • Learn to recognize the sound of your building's alarm – never ignore it and take evacuation drills seriously.
  • Try to keep calm in an emergency situation. Your unbridled anxiety could lead to panic during an evacuation.
  • Be aware of the companies and people who come and go in the delivery of goods and services in your workplace. If anyone causes you serious concern, report it to your supervisor.
  • Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.
  • When approaching a parked car, check for loiterers near the vehicle. Before getting into the vehicle, check the back seat and floor for strangers.
  • Be watchful of your personal and Departmental belongings, don't leave them unattended or unlocked.
  • Never use an elevator during an emergency evacuation, unless instructed by fire service personnel.
  • Before submitting your email address or other personal information online, protect your identity and prevent an attacker from easily accessing additional information about you by not providing certain personal information such as your birth date and social security number online.
  • Know where the fire extinguishers in your area are and how to use them before the need arises. Report fire extinguishers that have been moved, damaged, or tampered with to your supervisor.
  • Employees are encouraged to practice personal safety and security to help minimize or eliminate opportunities for criminal activity. Your best defense is an alert and cautious mindset.
  • Recognize that you play a critical role in ENHANCING, NOT REPLACING other security efforts. You are a specialist who knows your environment and your surroundings. You can contribute to the team because you best know when something around you just doesn't seem right.
  • Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date.
  • Report abandoned vehicles parked on Department property. Abandoned vehicles may be used by a terrorist to hide suspicious or stolen items.
  • Be on the lookout for private vehicles loading or unloading unusual or suspicious items on or around DOC property. Observe the vehicle's license plate number and description and report it immediately. Do not take any other action except to observe and report the vehicle.
  • In addition to obtaining the license plate number of a suspicious vehicle, the following vehicle description is helpful: make, model, color, body damage, bumper stickers, and accessories. Do not take any other action except to observe and report the vehicle.
  • When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall.
  • Prior to emergency situations, ensure there is sufficient depth in personnel/employees in your work areas to assist special needs individuals in the event their primary “buddy” is not available.
  • Post emergency telephone numbers for the police department, fire department, and rescue squad and know how to get to the closest police stations, hospitals, etc.
  • Avoid routines, vary times and routes, pre-plan, and keep a low profile, especially during times of high threat.
  • Take any threatening or malicious telephone call, facsimile, or bomb threat seriously.
  • You can make it more difficult for an unauthorized person to access your information by choosing good passwords and keeping them confidential.
  • Escort all visitors at all times.
  • Know whom to contact in an emergency situation.
  • Seek professional assistance as needed – don't be reluctant to ask questions.
  • Have you had your IT Security Training lately? Be sure to complete IT security refresher training at least annually.
  • Take the initiative to know what is required of you and your respective office in an emergency.
  • Be familiar with your Occupant Emergency and Shelter-in-Place Plans.
  • Practice good security communication.
  • Know who you are talking to on the telephone before providing sensitive information. Not everyone is who they say they are. Verify the person's identification before responding.
  • Know what is and is not appropriate to discuss over the phone or in open areas.
  • Know where guards are posted and how to contact these individuals in an emergency situation.
  • Fully cooperate with security checks and measures – these are intended to ensure your safety and the safety of others.
  • If you are designated an Essential Employee for continuity purposes, make sure you know the routes to your alternate location.
  • During a lockdown emergency, you should take the following steps to cause your office to look unoccupied: turn off your office lights, lock your office door(s), do not project shadows on glass doors, and refrain from loud conversations.
  • Use your business email address for business purposes, not for personal use.
  • During a lockdown event, stay in your secure area until told to do so by emergency personnel or public address announcement.
  • Precautions you can take before a lockdown incident occurs: ensure that the locks on your office doors are in working order and carry your office key on your person at all times.
  • When choosing an Automated Teller Machine (ATM), pay close attention to your surroundings. Make sure the area around the ATM is well lit and not hidden from the road by landscaping, decorative partitions, or buildings. If anyone looks suspicious in the area, use an ATM at another location.
  • Try to use Automated Teller Machines (ATMs) during the daytime. Most ATM robberies occur at night, with the highest risk between midnight and 4 a.m.
  • When going to an Automated Teller Machine (ATM), try to take a friend with you or use it when there are other customers in the area. Most robberies are committed against a single victim by a lone robber.
  • When using a drive-up Automated Teller Machine (ATM), keep your car engine running, the doors locked, and all windows up except for the one you are using.
  • If you become the victim of an ATM robbery, do not resist (if possible, drop the money and run; look for distinguishing features and clothing) and report the incident as soon as possible.
  • If a lockdown is implemented, stay in your office, get out of the hallways and other open areas, and do not unlock/open your office door for anyone. If you are unable to get back to your office, go to the nearest office, bathroom, conference room, or common area.
  • A “Voluntary Emergency Request for Assistance Form” is now available for our special needs community to self-identify themselves as needing assistance in case of an emergency. Contact your security office for more information.
  • Bureaus, Offices, Operating Units, and their supervisors are responsible for special needs employees and visitors. Is your emergency planning process up to date?
  • Employees with special needs and disabilities are encouraged to self-identify with their servicing security office, using the “Voluntary Emergency Request for Assistance Form,” to ensure that emergency assistance is provided during evacuations and emergencies.
  • Supervisors are strongly encouraged to prepare for emergency situations with their employees with special needs and disabilities. Have you worked with them to complete their individual emergency plan yet?
  • Always be vigilant during emergency situations. Be ready to render assistance to employees and visitors with special needs and disabilities.
  • Never attempt to move an employee or visitor with mobility impairment into an evacuation chair from a wheelchair unless they specifically request assistance. You could further aggravate an existing medical condition.
  • Never separate a service dog from its owner during an emergency situation. Always keep them together!
  • Employees with special needs and disabilities should feel comfortable with self-identifying to their servicing security office. Information collected will remain confidential and will only be given to emergency personnel.
  • As a supervisor of an employee with mobility impairment, do you know where the accessible exits are located? Do you have a plan to meet your employee after an evacuation?
  • Employees with special needs and disabilities: have you recruited and trained at least three “buddies” to assist you during building emergencies?