🚀 Rocket IT Solutions
Employee Security Awareness Guide
Your Role in Protecting Company Data
🎣 Phishing Recognition Training
What is Phishing? Fake emails that trick you into revealing passwords, clicking malicious links, or downloading malware.
⚠️ RED FLAGS - Report These Immediately:
- Urgent requests for passwords, payment, or personal information
- Sender email doesn't match company domain (micr0soft.com vs microsoft.com)
- Generic greetings ("Dear Customer" instead of your name)
- Spelling and grammar errors
- Suspicious links (hover to preview URL before clicking)
- Unexpected attachments (especially .exe, .zip, .js files)
Real Example:
From: payroll@company-benefits-portal.com
Subject: URGENT: Update Your Direct Deposit by EOD
Dear Employee,
Your direct deposit information has expired. Click here to update immediately or your paycheck will be delayed.
[Update Now Button]
- Payroll Department
Why This is Phishing: Real payroll doesn't use external domains, never demands urgent action via email, and won't threaten to withhold paychecks.
✅ What To Do:
- Don't click any links or attachments
- Forward to IT security: kimberly.ingram@rocketitsolutions.online
- Delete the email
- If you clicked: Report to IT immediately - don't wait!
🔐 Password Security Best Practices
Never Do This:
- ❌ Reuse passwords across work and personal accounts
- ❌ Share passwords with coworkers or family
- ❌ Write passwords on sticky notes or notebooks
- ❌ Use dictionary words or personal info (birthdays, pet names)
- ❌ Save passwords in browser without master password
✅ Best Practices:
- ✅ Use company-approved password manager (1Password)
- ✅ Create 12+ character passwords with mixed characters
- ✅ Enable multi-factor authentication (MFA) everywhere
- ✅ Change password immediately if you suspect compromise
- ✅ Use password manager's generator for new accounts
Example Strong Password: Tr0pic@lSt0rm2024!Mn (don't actually use this - create your own!)
📱 Mobile Device Security
- Lock Screen: Set PIN/fingerprint with 5-minute timeout
- Public WiFi: Never access company email/files without VPN
- Lost Device: Report to IT immediately for remote wipe
- App Downloads: Only from official app stores, check reviews first
- Bluetooth: Turn off when not in use
- Updates: Install OS and app updates within 7 days
🌐 Safe Internet Browsing
Before Clicking Any Link:
- Hover over link to preview URL (bottom left of browser)
- Check for HTTPS (padlock icon in address bar)
- Verify domain matches company you expect
- When in doubt, go directly to company website instead
High-Risk Sites: Avoid personal streaming, file-sharing, and torrent sites on company devices.
🗂️ Data Protection Guidelines
- Email: Don't send confidential data to personal email accounts
- Cloud Storage: Use approved tools only (Microsoft OneDrive, SharePoint)
- USB Drives: Scan with antivirus before opening files
- Printing: Retrieve sensitive printouts immediately, shred when done
- Screen Privacy: Use privacy screens in public spaces (airports, coffee shops)
- Clean Desk: Lock away documents at end of day
🎓 Quarterly Training Slides
Q1: Phishing and Social Engineering
Q2: Password Security and MFA
Q3: Mobile Device and Remote Work Security
Q4: Data Protection and Incident Reporting
📞 Who To Contact
- Security Questions: kimberly.ingram@rocketitsolutions.online / (970) 627-7189
- Report Phishing: kimberly.ingram@rocketitsolutions.online
- Password Reset: (970) 627-7189
- Lost Device: (970) 627-7189
- External Support: Rocket IT Solutions - (970) 627-7189
✅ Employee Acknowledgment
I have read and understand this security awareness guide. I agree to follow these practices and report any security concerns promptly.
Employee Signature: _________________________________
Print Name: _________________________________
Date: _________________________________