/
All behaviours
Data Leak
A data leak is when data is accidentally or intentionally disclosed to unauthorised people.
- SB014: Asks security professionals for help with security issues
- SB015: Completes assigned security awareness training successfully
- SB045: Informs organisation about unnecessary access to data or systems
- SB048: Uses a privacy screen when working with sensitive information in shared spaces
- SB050: Does not allow sensitive work-related matters to be overheard in shared spaces
- SB051: Updates a document's classification if its sensitivity changes
- SB055: Reads organisational security policy
- SB056: Highlights security controls that prevent or disrupt ability to work sensibly
- SB060: Correctly categorises information
- SB067: Securely disposes documents containing sensitive data once no longer needed
- SB068: Leaves vacant desks clear of sensitive information
- SB091: Does not forward work information to personal email addresses
- SB094: Does not use personal devices for work unless authorised to do so
- SB095: Does not share film recordings or photos from work locations
- SB096: Does not carry sensitive work information or unauthorised devices to countries with high security risks
- SB100: Takes additional measures to prevent eavesdropping when working outside the office
- SB151: Does not use weak passwords
- SB156: Discloses credentials to a phishing site
- SB156a: Discloses credentials to a simulated phishing site
- SB159: Does not click a phishing link
- SB161: Reports a suspected phishing email
- SB161b: Reports a simulated phishing email
- SB163a: Does not open a simulated phishing email
- SB164: Does not open an attachment in a phishing email
- SB164a: Does not open an attachment in a simulated phishing email
- SB177: Does not lose device through theft or negligence
- SB177a: Does not lose mobile device through theft or negligence
- SB177b: Does not lose laptop/desktop through theft or negligence
- SB182: Does not send sensitive information out of the business (email or otherwise)
- SB183: Does not send emails to unintended recipient(s)
- SB184: Does not share a file containing confidential information
- SB185: Does not post confidential information in a public messaging channel
- SB186: Does not post PII in a public channel
- SB187: Does not share a file containing PII
- SB188: Does not share sensitive information with unauthorised recipients
- SB195: Completes policy attestation
- SB198: Does not use unapproved device for work purposes
- SB198a: Does not use unapproved mobile device for work purposes
- SB202: Stores documents appropriately for their level of sensitivity
Data Theft
Data theft is the intentional stealing of data.
- SB013: Reports known or suspected security incidents
- SB017: Blocks browser pop-ups
- SB023: Enables firewalls on all compatible devices
- SB023a: Enables firewalls on all compatible workplace devices
- SB024: Enables auto-updates for workplace devices (if permitted)
- SB025: Enables Google Play Protect (Android devices only)
- SB025a: Enables Google Play Protect on all workplace devices (Android devices only)
- SB025b: Enables Google Play Protect on all personal devices (Android devices only)
- SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary
- SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop
- SB032: Does not insert unauthorised devices/media into work devices/network
- SB035: Changes default passwords (if possible) on all internet-connected devices
- SB036: Secures devices with automatic screen locks
- SB036a: Secures mobile devices with automatic screen locks
- SB036b: Secures laptop and desktop devices with automatic screen locks
- SB037: Locks devices when they're not in use
- SB037a: Locks mobile devices when they're not in use
- SB037b: Locks laptop or desktop device when not in use
- SB038: Shuts down devices when not in use
- SB039: Turns off Bluetooth when mobile device not in use
- SB040: Uses a virtual private network (VPN) on mobile devices
- SB041: Enables a VPN when using public Wi-Fi
- SB042: Uses tethered mobile device to avoid using insecure Wi-FI
- SB043: Disables "automatically connect to Wi-Fi" on mobile devices
- SB044: Enables encryption
- SB046: Securely removes data from devices before decommissioning
- SB049: Covers webcam when not in use
- SB063: Checks security credentials of unknown persons at work
- SB064: Prevents tailgating at security checkpoints
- SB065: Does not share security passes or access tokens
- SB066: Escorts visitors to ensure they follow security policies
- SB069: Reports lost or stolen devices to IT or Security team
- SB074: Uses a private browsing on shared devices
- SB080: Verifies caller details from unexpected calls
- SB081: Checks instant messages for signs of deception
- SB082: Uses known contact details to verify suspicious messages
- SB083: Checks before “blindly” forwarding messages to workplace contacts
- SB087: Reports suspicious messages (e-mails, texts, phone calls)
- SB088: Checks emails for signs of deception
- SB089: Does not share MFA codes
- SB091: Does not forward work information to personal email addresses
- SB092: Returns allocated devices when no longer needed
- SB094: Does not use personal devices for work unless authorised to do so
- SB095: Does not share film recordings or photos from work locations
- SB096: Does not carry sensitive work information or unauthorised devices to countries with high security risks
- SB100: Takes additional measures to prevent eavesdropping when working outside the office
- SB105: Uses a security key
- SB151: Does not use weak passwords
- SB156: Discloses credentials to a phishing site
- SB156a: Discloses credentials to a simulated phishing site
- SB159: Does not click a phishing link
- SB161: Reports a suspected phishing email
- SB161b: Reports a simulated phishing email
- SB163: Does not open a phishing email
- SB163a: Does not open a simulated phishing email
- SB164: Does not open an attachment in a phishing email
- SB164a: Does not open an attachment in a simulated phishing email
- SB177: Does not lose device through theft or negligence
- SB177a: Does not lose mobile device through theft or negligence
- SB177b: Does not lose laptop/desktop through theft or negligence
- SB182: Does not send sensitive information out of the business (email or otherwise)
- SB183: Does not send emails to unintended recipient(s)
- SB184: Does not share a file containing confidential information
- SB185: Does not post confidential information in a public messaging channel
- SB186: Does not post PII in a public channel
- SB187: Does not share a file containing PII
- SB188: Does not share sensitive information with unauthorised recipients
- SB189: Does not use unapproved applications on work devices
- SB198: Does not use unapproved device for work purposes
- SB198a: Does not use unapproved mobile device for work purposes
- SB202: Stores documents appropriately for their level of sensitivity
- SB203: Uses biometrics to access online account
- SB204: Uses biometrics to access mobile device
Personal Exposure
Personal exposure is the extent to how much someones personal information is available online.
- SB009: Ensures online accounts that are no longer needed are de-activated
- SB011: Uses a search engine to see what personal information is accessible online
- SB015: Completes assigned security awareness training successfully
- SB036: Secures devices with automatic screen locks
- SB036a: Secures mobile devices with automatic screen locks
- SB036b: Secures laptop and desktop devices with automatic screen locks
- SB037: Locks devices when they're not in use
- SB037a: Locks mobile devices when they're not in use
- SB037b: Locks laptop or desktop device when not in use
- SB050: Does not allow sensitive work-related matters to be overheard in shared spaces
- SB061: Regularly backs up data
- SB067: Securely disposes documents containing sensitive data once no longer needed
- SB070: Reviews privacy settings and permission levels for apps and online services
- SB071: Regularly reviews privacy settings on social media accounts
- SB075: Requests photos are removed if posted online without consent
- SB082: Uses known contact details to verify suspicious messages
- SB083: Checks before “blindly” forwarding messages to workplace contacts
- SB195: Completes policy attestation
Physical Damage
Physical damage is the damage, destruction or theft of devices and other hardware.
- SB063: Checks security credentials of unknown persons at work
- SB064: Prevents tailgating at security checkpoints
- SB065: Does not share security passes or access tokens
- SB066: Escorts visitors to ensure they follow security policies
- SB105: Uses a security key
- SB177: Does not lose device through theft or negligence
- SB177a: Does not lose mobile device through theft or negligence
- SB177b: Does not lose laptop/desktop through theft or negligence
- SB195: Completes policy attestation
Privacy Violation
A privacy violation occurs when an unintended person learns about someone elses private information.
- SB018: Adds security or privacy extensions to browsers
- SB049: Covers webcam when not in use
- SB052: Clears cookies regularly
- SB070: Reviews privacy settings and permission levels for apps and online services
- SB071: Regularly reviews privacy settings on social media accounts
- SB074: Uses a private browsing on shared devices
- SB075: Requests photos are removed if posted online without consent
- SB092: Returns allocated devices when no longer needed
- SB094: Does not use personal devices for work unless authorised to do so
- SB151: Does not use weak passwords
- SB173: Does not use work email addresses for non-work purposes
- SB178: Does not share a desktop device
Fraud & Identity Theft
Identity theft and fraud can occur when criminals use personal information for their own gain, or when they cause loss to another.
- SB011: Uses a search engine to see what personal information is accessible online
- SB062: Locks SIM card to phone
- SB071: Regularly reviews privacy settings on social media accounts
- SB073: Sets account passwords with network provider
- SB075: Requests photos are removed if posted online without consent
- SB092: Returns allocated devices when no longer needed
- SB093: Deletes old personal online accounts if no longer used
- SB150: Does not use a password that has been compromised in a data breach
- SB151: Does not use weak passwords
- SB156: Discloses credentials to a phishing site
Malware Infection
Malware infections occur when malicious software makes its way on to a device or network.
- SB013: Reports known or suspected security incidents
- SB014: Asks security professionals for help with security issues
- SB015: Completes assigned security awareness training successfully
- SB017: Blocks browser pop-ups
- SB018: Adds security or privacy extensions to browsers
- SB019: Only uses well-known, reputable and trusted websites to download content
- SB020: Checks the hyperlink's destination before clicking it
- SB021: Closes pop-up windows without using the 'X'
- SB022: Installs antivirus on all compatible devices
- SB022a: Installs antivirus on all compatible workplace devices
- SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices
- SB023: Enables firewalls on all compatible devices
- SB023a: Enables firewalls on all compatible workplace devices
- SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices
- SB024: Enables auto-updates for workplace devices (if permitted)
- SB025: Enables Google Play Protect (Android devices only)
- SB025a: Enables Google Play Protect on all workplace devices (Android devices only)
- SB025b: Enables Google Play Protect on all personal devices (Android devices only)
- SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary
- SB017: Only downloads apps from trusted sources (e.g. Google Play or The App Store)
- SB028: Enables the “show file extensions” setting
- SB030: Follows advice given in security warnings
- SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop
- SB032: Does not insert unauthorised devices/media into work devices/network
- SB034: Refers suspicious attachments to the security team
- SB057: Checks the URLs to ensure a website is legitimate
- SB058: Checks websites for signs of deception
- SB059: Uses bookmarks to access frequently used websites
- SB081: Checks instant messages for signs of deception
- SB082: Uses known contact details to verify suspicious messages
- SB083: Checks before “blindly” forwarding messages to workplace contacts
- SB087: Reports suspicious messages (e-mails, texts, phone calls)
- SB088: Checks emails for signs of deception
- SB154: Does not visit unauthorised websites
- SB155: Does not download content or material from unauthorised websites
- SB158: Downloads a file from an unknown source
- SB153: Does not run a file from an unknown source
- SB164: Does not open an attachment in a phishing email
- SB164a: Does not open an attachment in a simulated phishing email
- SB169: Does not open an attachment in a message from an unknown source
- SB169a: Does not open an attachment in a Slack message from an unknown source
- SB169b: Does not open an attachment in a MS Teams message from an unknown source
- SB174: Does not log in from a device running out of date operating software
- SB174a: Does not log in from a mobile running out of date operating software
- SB174b: Does not log in from a desktop/laptop running out of date operating software
- SB175: Does not log in from a rooted mobile device
- SB189: Does not use unapproved applications on work devices
- SB190: Does not use third party applications within work domain
- SB196: Doesn't share documents or files containing malicious links
- SB198: Does not use unapproved device for work purposes
- SB198a: Does not use unapproved mobile device for work purposes
- SB198b: Does not use unapproved desktop or laptop for work purposes
- SB208: Ensures work devices and software are updated regularly
Account Compromise
Account compromise happens when unauthorised people access them.
- SB001: Enables multi-factor authentication for workplace accounts
- SB003: Uses a strong password or passphrase
- SB005: Uses Single Sign-On (SSO)
- SB007: Checks whether passwords (or other personal data) have appeared in known data breaches
- SB008: Checks whether personal information shared publicly online could be used to answer security questions
- SB009: Ensures online accounts that are no longer needed are de-activated
- SB010: Does not share passwords
- SB013: Reports known or suspected security incidents
- SB014: Asks security professionals for help with security issues
- SB015: Completes assigned security awareness training successfully
- SB016: Does not re-use passwords between accounts
- SB022: Installs antivirus on all compatible devices
- SB022a: Installs antivirus on all compatible workplace devices
- SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices
- SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices
- SB030: Follows advice given in security warnings
- SB048: Uses a privacy screen when working with sensitive information in shared spaces
- SB055: Reads organisational security policy
- SB056: Highlights security controls that prevent or disrupt ability to work sensibly
- SB073: Sets account passwords with network provider
- SB074: Uses a private browsing on shared devices
- SB081: Checks instant messages for signs of deception
- SB087: Reports suspicious messages (e-mails, texts, phone calls)
- SB088: Checks emails for signs of deception
- SB089: Does not share MFA codes
- SB093: Deletes old personal online accounts if no longer used
- SB105: Uses a security key
- SB150: Does not use a password that has been compromised in a data breach
- SB152: Does not log in with shared credentials
- SB156: Discloses credentials to a phishing site
- SB156a: Discloses credentials to a simulated phishing site
- SB159: Does not click a phishing link
- SB159b: Does not click a simulated phishing link
- SB161: Reports a suspected phishing email
- SB161b: Reports a simulated phishing email
- SB163: Does not open a phishing email
- SB163a: Does not open a simulated phishing email
- SB164: Does not open an attachment in a phishing email
- SB164a: Does not open an attachment in a simulated phishing email
- SB167: Reports a suspected phishing message
- SB167a: Reports a suspected phishing message in Slack
- SB167b: Reports a suspected phishing message in MS Teams
- SB173: Does not use work email addresses for non-work purposes
- SB175: Does not log in from a rooted mobile device
- SB177: Does not lose device through theft or negligence
- SB177a: Does not lose mobile device through theft or negligence
- SB177b: Does not lose laptop/desktop through theft or negligence
- SB178: Does not share a desktop device
- SB192: Does not disable MFA
- SB192a: Does not disable MFA on Slack
- SB192b: Does not disable MFA on Microsoft 365
- SB192c: Does not disable MFA on Google Workspace
- SB195: Completes policy attestation
- SB198b: Does not use unapproved desktop or laptop for work purposes
- SB203: Uses biometrics to access online account
- SB204: Uses biometrics to access mobile device
- SB209: Uses a stand-alone password manager application
- SB210: Saves passwords or passphrases into a browser