How to Make Your Workplace More Secure

Keeping the workplace secure isn’t just the IT team’s job. Today’s digitally-connected workplace means we have a shared responsibility to protect sensitive information at work. No matter the size or industry, every business faces cybersecurity challenges, especially with the increased use of the web and the cloud in our daily work. That’s why we all need to be smart and proactive about keeping sensitive information secure, whether it’s our own personal information, or that of employees or clients, or the intellectual property of the company itself.

Since you’re the first line of defense in keeping your company safe from cyber threats, here are just a few things you can do to make your workplace more secure.

Understand what you need to protect.

The first step in creating a more cyber-aware workforce is to understand what you need to protect, especially for small businesses that might not have a formal cybersecurity plan. Is it the passwords to your critical systems and accounts? Employee records? Patient data? Credit card information? All of the above? The more aware you and your team are of what’s critical, the more cautious you can be in keeping it safe. Make sure protocols are regularly and thoroughly explained to all employees, and that they’re being followed.

Be wary of emails.

First, be aware of the source of the emails you receive. Always double-check the sender, even if the email is signed from someone you would typically trust. If the email asks you to open any attachments that seem odd or that you didn’t ask for, don’t. When in doubt, ask the person directly if they meant to send you something. And never let sensitive data lurk in email, like passwords or personally identifiable information (PII). Delete these emails immediately and always use an encrypted file service to send sensitive information.

Lock your computer automatically.

Setting your computer to timeout after a few minutes of inactivity goes a long way in keeping prying eyes from abusing your workstation or installing malware. It only takes a moment for someone to install malicious programs on your machine, so automatically lock your machine and use a strong password.

Take down those sticky notes.

It might be a running joke that employees love to put their passwords on sticky notes under their keyboard or, horror of horrors, on their monitors. But it’s no laughing matter that leaving passwords lying around puts your workplace at risk. Use a password manager like LastPass to remember your passwords for you, where they’re encrypted and securely backed up for you with a host of security features to protect your data. So shred those sticky notes!

Be careful with USB thumb drives.

If you want to finish up some work at home, you might reach for a thumb drive to download the data from your work machine to be uploaded later at home. But be wary – thumb drives can be used to transfer malicious files and programs. Be sure you’re using a thumb drive that is from a trusted source. And be sure you understand your company’s policy for USBs, since yours may prohibit transferring data between machines with a thumb drive or file sync service.

Unique account, unique password.

Everyone knows they should be using strong passwords, but did you know you should also be using a different password for every website? And we don’t just mean sticking a “1” or a “!” at the end of the same password you’ve used on every other web account. Every single online account you use, from banking to Facebook to email, should all have a different password that is long and random. The best way to do this is to use a password generator, and store those generated passwords in a password manager like LastPass.

Report suspicious activity.

Accidentally clicked a link to a malicious website? Or maybe you entered your username and password after opening what you’re now sure was a phishing link? If you think you made a mistake, or you’re not sure, report it immediately to your IT or security team to have someone take a look. Don’t try to hide it. Not taking the time to fix it will only lead to more dire consequences.


Looking for more tips and advice on keeping your business and workplace secure? Take a look at’s resources for National Cyber Security Awareness Month and join the #ChatSTC Twitter chats for more ways to stay #CyberAware!


  • Peter Lalor says:

    As the blog re LastPass Joins the LogMeIn Family is no longer allowing comments to be left I am leaving my comment here. Lastpass will not be the same moving forward no matter what is stated now. Logmein used to be a great company, but is no longer. Our business changed from Logmein to Teamviewer and others as we will do now that Lastpass has made the biggest mistake of their corporate life other equally good password managers.

  • rygo says:

    Oh no, just heard the bad news about logmein, but seeing that comments are closed on the blog page has just pushed me over the edge – that’s just rude.

    Have been a premium member for years, but now I’m out.