botserver/templates/it/helpdesk.gbai/helpdesk.gbkb/security-tips.md

# IT Security Tips and Best Practices

## Password Security

### Creating Strong Passwords
- Use at least 12 characters
- Mix uppercase, lowercase, numbers, and symbols
- Avoid personal information like birthdays or names
- Don't use common words or patterns
- Consider using a passphrase: "Coffee$Morning2024!"

### Password Management
- Never share your password with anyone
- Don't write passwords on sticky notes
- Use the company-approved password manager
- Change passwords immediately if you suspect compromise
- Use unique passwords for each account

## Phishing Awareness

### How to Spot Phishing Emails
- Check the sender's email address carefully
- Look for spelling and grammar mistakes
- Be suspicious of urgent requests
- Hover over links before clicking to see the real URL
- Beware of unexpected attachments

### Common Phishing Red Flags
- "Your account will be suspended"
- "Click here immediately"
- "Verify your password"
- "You've won a prize"
- Requests for sensitive information

### What to Do If You Suspect Phishing
1. Do NOT click any links
2. Do NOT open any attachments
3. Do NOT reply to the email
4. Report the email to security@company.com
5. Delete the email from your inbox

## Device Security

### Laptop Security
- Lock your screen when away: Windows+L
- Never leave your laptop unattended in public
- Use the laptop lock cable when in shared spaces
- Enable full disk encryption
- Keep your operating system updated

### Mobile Device Security
- Use a strong PIN or biometric lock
- Enable remote wipe capability
- Don't connect to unknown Wi-Fi networks
- Keep apps updated
- Only install apps from official stores

## Data Protection

### Handling Sensitive Data
- Only access data you need for your job
- Don't copy sensitive data to personal devices
- Use company-approved cloud storage only
- Encrypt files before sending externally
- Shred physical documents with sensitive info

### Clean Desk Policy
- Lock your computer when leaving
- Put away sensitive documents
- Don't leave printouts on the printer
- Secure notebooks with confidential notes
- Clear whiteboards after meetings

## Remote Work Security

### Working from Home
- Use the company VPN for all work
- Secure your home Wi-Fi with WPA3
- Don't let family members use work devices
- Position your screen away from windows
- Use a privacy screen in public places

### Public Wi-Fi Dangers
- Avoid public Wi-Fi for work tasks
- Always use VPN if you must connect
- Don't access banking or sensitive sites
- Verify the network name with staff
- Disable auto-connect to open networks

## Social Engineering

### Types of Social Engineering
- **Phishing**: Fake emails requesting info
- **Vishing**: Phone calls impersonating IT/execs
- **Tailgating**: Following someone into secure areas
- **Pretexting**: Fabricated scenarios to gain trust

### How to Protect Yourself
- Verify unexpected requests via a known channel
- Don't give info to unverified callers
- Challenge unknown people in secure areas
- Report suspicious behavior immediately

## Incident Reporting

### What to Report
- Suspicious emails or calls
- Lost or stolen devices
- Unauthorized access attempts
- Malware or virus warnings
- Any security concerns

### How to Report
- Email: security@company.com
- Phone: ext. 4357 (HELP)
- Create a ticket with category "security"
- For urgent issues, call immediately

## Security Updates

### Why Updates Matter
- Fixes known security vulnerabilities
- Protects against new threats
- Ensures compliance with policies
- Improves system stability

### Update Schedule
- Windows updates: Weekly on Wednesday nights
- Application updates: As released
- Antivirus: Daily automatic updates
- Browser updates: Enable auto-update

## Frequently Asked Questions

**Q: Can I use my personal email for work?**
A: No, always use your company email for work communications.

**Q: Is it safe to use USB drives?**
A: Only use company-approved encrypted USB drives.

**Q: Can I install software on my work computer?**
A: No, contact IT to request software installation.

**Q: What if I accidentally clicked a suspicious link?**
A: Disconnect from the network and contact IT security immediately.
Looking at this diff, I can see it's a comprehensive documentation update and code refactoring focused on: 1. Adding new documentation pages to the table of contents 2. Restructuring the bot templates documentation 3. Changing keyword syntax from underscore format to space format (e.g., `SET_BOT_MEMORY` → `SET BOT MEMORY`) 4. Updating compiler and keyword registration to support the new space-based syntax 5. Adding new keyword modules (social media, lead scoring, templates, etc.) Refactor BASIC keywords to use spaces instead of underscores Change keyword syntax from underscore format (SET_BOT_MEMORY) to more natural space-separated format (SET BOT MEMORY) throughout the codebase. Key changes: - Update Rhai custom syntax registration to use space tokens - Simplify compiler preprocessing (fewer replacements needed) - Update all template .bas files to use new syntax - Expand documentation with consolidated examples and new sections - Add new keyword modules: social_media, lead_scoring, send_template, core_functions, qrcode, sms, procedures, import_export, llm_macros, on_form_submit 2025-11-30 10:53:59 -03:00			`# IT Security Tips and Best Practices`

			`## Password Security`

			`### Creating Strong Passwords`
			`- Use at least 12 characters`
			`- Mix uppercase, lowercase, numbers, and symbols`
			`- Avoid personal information like birthdays or names`
			`- Don't use common words or patterns`
			`- Consider using a passphrase: "Coffee$Morning2024!"`

			`### Password Management`
			`- Never share your password with anyone`
			`- Don't write passwords on sticky notes`
			`- Use the company-approved password manager`
			`- Change passwords immediately if you suspect compromise`
			`- Use unique passwords for each account`

			`## Phishing Awareness`

			`### How to Spot Phishing Emails`
			`- Check the sender's email address carefully`
			`- Look for spelling and grammar mistakes`
			`- Be suspicious of urgent requests`
			`- Hover over links before clicking to see the real URL`
			`- Beware of unexpected attachments`

			`### Common Phishing Red Flags`
			`- "Your account will be suspended"`
			`- "Click here immediately"`
			`- "Verify your password"`
			`- "You've won a prize"`
			`- Requests for sensitive information`

			`### What to Do If You Suspect Phishing`
			`1. Do NOT click any links`
			`2. Do NOT open any attachments`
			`3. Do NOT reply to the email`
			`4. Report the email to security@company.com`
			`5. Delete the email from your inbox`

			`## Device Security`

			`### Laptop Security`
			`- Lock your screen when away: Windows+L`
			`- Never leave your laptop unattended in public`
			`- Use the laptop lock cable when in shared spaces`
			`- Enable full disk encryption`
			`- Keep your operating system updated`

			`### Mobile Device Security`
			`- Use a strong PIN or biometric lock`
			`- Enable remote wipe capability`
			`- Don't connect to unknown Wi-Fi networks`
			`- Keep apps updated`
			`- Only install apps from official stores`

			`## Data Protection`

			`### Handling Sensitive Data`
			`- Only access data you need for your job`
			`- Don't copy sensitive data to personal devices`
			`- Use company-approved cloud storage only`
			`- Encrypt files before sending externally`
			`- Shred physical documents with sensitive info`

			`### Clean Desk Policy`
			`- Lock your computer when leaving`
			`- Put away sensitive documents`
			`- Don't leave printouts on the printer`
			`- Secure notebooks with confidential notes`
			`- Clear whiteboards after meetings`

			`## Remote Work Security`

			`### Working from Home`
			`- Use the company VPN for all work`
			`- Secure your home Wi-Fi with WPA3`
			`- Don't let family members use work devices`
			`- Position your screen away from windows`
			`- Use a privacy screen in public places`

			`### Public Wi-Fi Dangers`
			`- Avoid public Wi-Fi for work tasks`
			`- Always use VPN if you must connect`
			`- Don't access banking or sensitive sites`
			`- Verify the network name with staff`
			`- Disable auto-connect to open networks`

			`## Social Engineering`

			`### Types of Social Engineering`
			`- Phishing: Fake emails requesting info`
			`- Vishing: Phone calls impersonating IT/execs`
			`- Tailgating: Following someone into secure areas`
			`- Pretexting: Fabricated scenarios to gain trust`

			`### How to Protect Yourself`
			`- Verify unexpected requests via a known channel`
			`- Don't give info to unverified callers`
			`- Challenge unknown people in secure areas`
			`- Report suspicious behavior immediately`

			`## Incident Reporting`

			`### What to Report`
			`- Suspicious emails or calls`
			`- Lost or stolen devices`
			`- Unauthorized access attempts`
			`- Malware or virus warnings`
			`- Any security concerns`

			`### How to Report`
			`- Email: security@company.com`
			`- Phone: ext. 4357 (HELP)`
			`- Create a ticket with category "security"`
			`- For urgent issues, call immediately`

			`## Security Updates`

			`### Why Updates Matter`
			`- Fixes known security vulnerabilities`
			`- Protects against new threats`
			`- Ensures compliance with policies`
			`- Improves system stability`

			`### Update Schedule`
			`- Windows updates: Weekly on Wednesday nights`
			`- Application updates: As released`
			`- Antivirus: Daily automatic updates`
			`- Browser updates: Enable auto-update`

			`## Frequently Asked Questions`

			`Q: Can I use my personal email for work?`
			`A: No, always use your company email for work communications.`

			`Q: Is it safe to use USB drives?`
			`A: Only use company-approved encrypted USB drives.`

			`Q: Can I install software on my work computer?`
			`A: No, contact IT to request software installation.`

			`Q: What if I accidentally clicked a suspicious link?`
			`A: Disconnect from the network and contact IT security immediately.`