A short, printable list of daily habits every employee can follow. Pin it next to your screen, share it in your onboarding pack, bring it to your next security awareness session.
- 1
Lock your screen every time you leave your desk
Win+L or Ctrl+Cmd+Q. A quick lunch is enough time for someone to read or copy anything on screen.
- 2
Verify the sender on any urgent request
If the email creates pressure, check the address carefully and confirm through a second channel.
- 3
Never share your password or 2FA code
Not with IT, not with your manager, not with the CEO. Real IT never asks.
- 4
Install updates the day they ship
OS, browser, Office. Pending updates are the #1 way malware gets in.
- 5
Use a unique password and 2FA on work accounts
Your company likely offers SSO + MFA. Enable it once, sleep better forever.
- 6
Do not plug in unknown USB drives
That "lost" USB stick in the parking lot is a classic drop attack. Hand it to IT, do not plug it in.
- 7
Clean desk, locked drawer
Printouts with client names, sticky-note passwords, contracts on top of the desk — all invite trouble.
- 8
Check URLs before you click
Hover on desktop, long-press on mobile. If the displayed link does not match the real one, do not click.
- 9
Report anything weird
Even if you already clicked. IT can fix what they know about, not what they do not.
- 10
Separate work and personal accounts
Never use your work email for shopping or personal signups. One breach should not cost two lives.
Share this checklist — print it, paste it in your onboarding wiki, use it in your next all-hands. It is free and under the mlab Academy license.