Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons

LoginGet Started
← Back to Lessons
Edit on Github

End user security best practices

The most important end user security tip: Using 3 Different Emails
Most Used End User Technology:
Web Browsing End User Security Tips
  • Password Tips
Basic Concepts of Security Incident Management

In today’s digital age, end user security is more critical than ever. This security decalogue provides practical and effective tips to protect your information:

  • To enhance end user security, it is crucial to protect your workstation and keep it free of papers containing sensitive information.
  • It is recommended to set a passcode and automatic lock option on your mobile device.
  • Do not use non-corporate devices. If necessary, do not handle corporate information on such devices to maintain end user security.
  • Avoid information leaks. Do not have confidential conversations in places where they can be overheard by others.
  • Passwords should be secret and unique; do not write them down, share them, or reuse them.
  • Ensure safe browsing and avoid accessing untrustworthy websites.
  • Use email securely to support end user security and delete or report any suspicious emails to your IT department..
  • Protect information and make backups of sensitive information that is only on your device.
  • When traveling, do not send sensitive information over untrusted WiFi networks.
  • We are all responsible for security. Notify the security department if you detect any suspicious activity to ensure end user security.
  • Disable notifications on the lock screen of your phone.
  • Lock your desktop PC when not in use.
  • Use a password manager; do not use the same password.
  • Do not write your password on a post-it or in a notepad; do not send it over the web.
  • Ensure you use HTTPS (encrypted).
  • Do not click on pop-up windows of unknown origin.
  • Do not display confidential information on large or very visible screens.
  • Be careful who is watching your screen.
  • Use a VPN when connecting to public networks.

The most important end user security tip: Using 3 Different Emails

  • Public Email: Subscriptions, newsletters, social media. This is the email you share to create accounts that are not important or to give to a service you want to try.
  • Personal Email: For family, friends, personal data, civil registration. Banks. Serious and personal matters.
  • Corporate Email: Only used for work-related matters.

By distributing your emails into these 3 accounts, you can better control the emails you receive, contain spam or junk mail, and raise alarms if an out-of-place email arrives. You will also have the security that if the Public Email is compromised, your personal data will not be reached.

Email Security - Best Practices

Most Used End User Technology:

  • Cellphone: It is recommended to have a pattern or lock; it is important to configure your phone so that it does not show notifications on the screen while it is locked, as this could be confidential information that could be read by third parties.
  • Computers: Under no circumstances should you leave your work or personal computer without a password, and never get up and leave it unlocked.
  • Notepad: In our pointer, we not only write to-do lists but also personal and confidential information like important clients, passwords we write down to avoid forgetting, confidential letters, among others. The most important thing is to ensure that this type of information is not written in notebooks, and these notebooks should not be within everyone's reach.

⚠️ Be careful who is watching your screen because you may have chats open with confidential information or your online banking, and there are always ill-intentioned people who can stand behind us and easily obtain this personal, private information that belongs to you or the organization. Be cautious, as this is a very commonly used social engineering attack.

If you handle a company phone with confidential information, we advise you to avoid connecting to open or public networks, such as those in cafes or restaurants, as you could be a victim of a Man-In-The-Middle attack. In such an attack, people infiltrate and exploit network insecurity to access and obtain confidential information that they are not authorized to have. If you must do this, use a tool known as VPN to ensure the information travels securely and to protect end user security.

Web Browsing End User Security Tips

On the Internet, make sure you see the S after the http in the search bar (https:). This indicates that the information is being encrypted to the server. If, while browsing, you encounter a notice like this

That makes you feel special, ignore this type of advertisement, as it is misleading and could harm your computer by downloading such viruses. In some cases, these pop-ups are not necessarily malware or viruses that will install on our computers; they are often apps that Google shows us and may be harmless or interesting to you. It is important to check where the link to that pop-up is located.

Another type of pop-up is the one that notifies you that they will capture cookies. Some companies have large screens displaying information, and it is important that they do not have metrics or confidential organization information, as visitors who do not belong to the organization may obtain access to those data without authorization.

Password Tips

To access your equipment, whether it is your email, Instagram, Facebook, etc., make sure to have a password manager, either one you have or one offered by Google Chrome. Never leave the password written on a post-it where everyone can see it, and never send the password via text messages. Do not store your password in a notepad on your computer, as it can be easily found. Most importantly, do not use the same password for everything.

Basic Concepts of Security Incident Management

This group focuses primarily on handling information security incidents that occur on assets supported by the entity's technological platform.

How to Prepare and Ensure Security for End Users

This stage within the incident response lifecycle is typically done with the goal of not only creating a model that enables the entity to respond to these incidents but also in a way that they can be detected, evaluated, and manage vulnerabilities to prevent them, ensuring that systems, networks, and applications are secure enough. Although the incident response team is not normally responsible for incident prevention, it is essential to consider it a fundamental component of response programs. The incident response team should act as an expert tool in establishing recommendations for securing information systems and the platform that supports them.

In this stage, the incident management group or whoever is designated for this task must ensure the availability of incident response resources and the necessary tools to cover the other stages of the incident lifecycle, creating (if they do not exist) and validating (if they do exist) the necessary procedures and training programs.

The preparation stage should be supported by the IT direction or its equivalent, including best practices for securing networks, systems, and applications, for example:

· Security Patch Management: Entities, depending on their stratification, should have a vulnerability management program (Operating Systems, Databases, Applications, Other Installed Software). This program will help administrators identify, acquire, test, and install patches.

· Platform Assurance: Entities, depending on their stratification, should be properly secured. The least amount of services (principle of least privilege) should be configured to provide only those services necessary to both end users and other devices. Default configurations (users, passwords, and shared files) should be reviewed. Every resource that can be accessed by external or even internal end users should display some warning. Servers should have their auditing systems enabled to allow event logging.

· Network Security: Continuous management of security elements is necessary. Security rules configured on devices such as firewalls should be continually reviewed. The signatures and updates of devices like IDS or IPS should be up to date. All security and network elements should be synchronized, and their logs should be sent to a centralized log collection device for analysis.

· Malicious Code Prevention: All infrastructure devices (both servers and end user devices) should have active antivirus, antimalware with up-to-date signatures.

· User Awareness and Training: Users within the entity, including IT administrators, should be made aware of existing policies and procedures related to the proper use of networks, systems, and applications in line with the entity's security standards. Information system managers should establish training needs for those responsible for data protection.

The activities described above aim to prevent information security incidents supported by IT. Additionally, a monthly evaluation is necessary.