Consortium

Employee guide

Good digital habits for everyday work

Cybersecurity is part of everyone's daily work. A few good habits can prevent fraud, data loss and unauthorized access.

The goal is not to become an IT expert, but to know how to recognize risky situations and respond quickly.

PasswordsPhishingMicrosoft 365Remote workIncidentsOffice

Why it matters

68% of data breaches involve a human element — Verizon DBIR, 2024

Prevent

Avoid fraud, data loss and unauthorized access before they occur.

Recognize

Know how to identify risky situations so you don't act without thinking.

Respond

Act quickly and report to limit the impact of an incident.

Good habits to adopt

1

Passwords and authentication

Use a strong, unique password for each professional account. Avoid simple words, obvious sequences and reusing the same password across services.

  • Use a password manager if your organization allows one
  • Never share your password, even with a colleague
  • Do not store passwords in a text file or on visible paper
  • Change your password immediately if you think it has been compromised
If you receive an MFA request without having tried to sign in, reject it and notify the IT team immediately.
2

Before clicking a link or opening an attachment

Take a few seconds to verify the message before acting.

  • Do I really know the sender?
  • Is the email address legitimate?
  • Am I being asked to act urgently?
  • Am I being asked for a password, MFA code, payment or sensitive information?
  • Does the tone of the message seem unusual?
  • Does the link actually lead to the right site?
Even if the displayed name seems familiar, always verify the actual address. When in doubt, contact the person by another means before replying or clicking.
3

Recognizing a phishing message

Fraud attempts often come as emails, texts or Teams messages that seem urgent or credible. Be especially cautious if the message:

  • Demands immediate action
  • Announces an account, password or billing problem
  • Contains a link to a login page
  • Asks for a money transfer, gift card or banking change
  • Contains an unexpected attachment
  • Appears to come from a manager or supplier but with a strange address
A message can look professional and still be fraudulent. When something feels off, it's better to verify than to assume.
4

Secure use of Microsoft 365

In Outlook, Teams, OneDrive and SharePoint, pay attention to how you share information.

  • Always verify recipients before sending a file or link
  • Avoid overly broad sharing links when not necessary
  • Do not store work documents in a personal account
  • Be careful with files synced on shared devices
  • Limit access to people who genuinely need it
Before sharing a document, make it a habit to check who will be able to open, edit or forward it.
5

Remote work and travel

Working remotely offers more flexibility, but also brings certain risks.

  • Lock your screen as soon as you step away from your workstation
  • Only use devices and tools authorized by the organization
  • Avoid unsecured public Wi-Fi
  • Keep your work device for professional use only
  • Restart your computer regularly to apply updates
  • Store paper documents containing sensitive information securely
Do not let a family member use your work computer, even briefly.
6

Sensitive information at the office

Protecting information isn't just about IT tools. Everyday physical habits matter just as much.

  • Don't leave confidential documents visible on your desk or at the printer
  • Avoid discussing client files in shared spaces or while traveling
  • Shred paper documents containing personal or financial information
  • Close sensitive files before sharing your screen in virtual meetings
  • Don't photograph confidential documents with your personal phone
  • Lock your workstation when you step away, even for a few minutes
Information seen by the wrong person, even accidentally, can constitute a privacy incident.

What you should never do

  • Share your password
  • Approve an unsolicited MFA request
  • Disable antivirus or installed security protections
  • Forward sensitive documents to a personal address
  • Install unauthorized software
  • Ignore unusual behavior hoping the problem will go away on its own

If you clicked by mistake

An accidental click doesn't mean it's too late. The important thing is to act fast.

1

Stop immediately

Cease all interaction with the message or suspicious page.

2

Close and note

Close the attachment or suspicious site, note what you clicked and at what time.

3

Disconnect if needed

If the computer is acting strangely, disconnect the Wi-Fi or network cable.

4

Contact the IT team

Clearly explain what happened, even if you're not sure it's serious.

When to report a situation

Report any suspicious situation promptly, for example:

It's better to report a false alarm than to ignore a real incident.

  • A strange email
  • An unexpected MFA request
  • A suspicious attachment
  • An unusual login window
  • A sudden slowdown or abnormal behavior from your device
  • A file share sent to the wrong person

In summary

  • Verify before clicking
  • Protect your access
  • Share with caution
  • Keep your devices up to date
  • Quickly report anything that seems abnormal

Cybersecurity is a shared responsibility. With good habits, everyone contributes to protecting data, colleagues and the organization.