POPIA Compliance – Cybersecurity Pledge
Information has value—and it’s at risk.
The bad guys want it and will exploit our inattention or negligence to get it. Cybersecurity incidents and breaches of private information can be prevented if we all pay a little bit more attention. It’s time to do your part … it’s time to be a hero at work by taking the “Cybersecurity Pledge.”
If you commit to these 10 simple actions, you can better protect both your practice’s and your own data on a daily basis.
I Won’t Take the Bait
I know that phishing is the single easiest way for cybercriminals to get at me. I pledge to take the time to scrutinize every email I receive for the signs of phishing, and to never click links or download files until I’ve taken the time to verify that they are safe (and I’ll do this on my phone as well).
I’ll Connect Securely
I know that failing to use a secure connection to the Internet exposes the information I transmit to possible theft.
I’ll always look at websites to be sure they are secure (look for https://), I’ll only use Wi-Fi networks that offer password protection, and I’ll use VPN connections to connect to work networks.
I’ll be Smart About the Cloud
I know that cloud computing has its benefits, but is not the best place for sensitive work documents. I’ll take the time to understand how my organization uses cloud storage, to carefully choose what kinds of information I place “in the cloud,” to create secure passwords for my cloud sites and to follow my employer’s guidelines for cloud storage.
I’ll Use Smart Passwords
I know that passwords are the most common way for me to prove that I am who I say I am when I log in to websites, apps, and systems that contain sensitive information.
Therefore, I’ll use a password manager to create and store strong passwords. Or, I’ll use a foolproof system to create strong passphrases, and I’ll never use the same password across all my logins.
I’ll Use Social Media; I Won’t Let it Use Me
I know that when I use social media, I’m trading information about myself for the right to use a service—and that means I give up some control of my information. I pledge to take full responsibility for what I share and who I share it with.
I’ll learn to use the different privacy and security controls available to me, and I’ll be very cautious about what information I disclose publicly. I also pledge to follow my employer’s guidelines on posting about company matters on social media.
I’ll Keep Private Information Just That; Private
I know that the private information of both our customers and my fellow employees is nothing to take lightly. This includes, but is not limited to patient names, contact details, birthdays, medical scheme information, and ID numbers.
I pledge to internalize our practice’s data privacy policies and report potentially exposed private data when I see it.
I’ll Keep my Software Up to Date
I know that operating system and software makers use updates to provide important security and privacy protections, so I’ll sign up for automatic updates whenever possible and I’ll be alert to opportunities to upgrade to more secure versions of software whenever possible.
I’ll Know Malware When I See It
I know malware is the scourge of both organizations large and small and personal computers across the globe. I pledge to take all necessary steps to keep malware off my work and home computers and keep an eye out for signs of malware, like pop-ups, blue screens, and system slowdowns.
If I See Something, I’ll Say Something
I know that a secure work environment—one where risks to personal data, proprietary information, and other sensitive material are minimized—starts with me.
I pledge to report any potential security/privacy incidents to the right authority, be it our IT department, HR, or my direct supervisor.
Take the Pledge Yourself!
Tweet using the hashtag #CyberSecPledge to share with the world that you’ve committed to a more cybersecure life, both at home and at work!