Securing the Workstation
Educate your users about the importance of securing their own workstation.
- Use a less-privileged user account for everyday use and use services like User Account Control (UAC) when you need administrative rights
- Stay up-to-date with all operating system patches and updates
- Install anti-virus software, and keep it up to date
- Enable firewall software
- Use strong passwords
- While it seems obvious, make sure computers are in a safe place that cannot be readily accessed by people outside the organization
- Remove unnecessary Windows (and other operating system) services
- Use secure system configurations settings (including browser settings)
- Make periodic backup copies of any data that is essential to your organization
- Never click on a link within an email or visit a web site unless you know the web site is reputable and safe
- Logoff or lock the screen when leave your computer unattended; use a password protected screen saver
Password Tips
Here are some tips for securely managing passwords.
- Do not put computer passwords in the notes sections of your account
- Do not embed computer passwords within the computers’ names
- Do not pass around an unencrypted master list of passwords
- Do not use weak passwords that can be easily guessed
- Do not use the same password on every computer
- When managing passwords in a third-party application, consider using a password manager such as LastPass.
Tip: Guidance from PCI DSS v3.0
"To prevent the compromise of multiple customers through the use of a single set of credentials, vendors with remote access accounts to customer environments should use a different authentication credential for each customer."