** Updated June 2018**
It seems like every day now that we hear about another company's network or laptop being hacked, or an organization accidentally revealing confidential files. From a vulnerability in Equifax's system releasing personal information of 150 million users to the hack of Yahoo's system that released three billion email addresses in 2013 (but only entered the news in late 2017), even the largest and most seemingly secure organizations are susceptible to data insecurity.
Indeed, cyber risk is one of the most threatening risks that all organizations face. It is no longer a matter of if, but when. With that in mind, here are some issues that individual employees must avoid in order to protect their personal and organizational information:
1. Using the same password for multiple accounts
Never use the same password for two separate accounts. This is especially important for your email; if a hacker can gain access to your email, it's likely that they can also get into other important accounts from your email, such as your online bank account. Think about this: if you sign up for a service, providing your email and creating the same password you use for your email, this is the only information the wrong person needs to gain access to everything else.
At the very least, you can create different groups of passwords. For example, create one password to be used for your email, one to be used for your banking, and another for all low security accounts. Ideally, you should use a password generator or manager that allows you to create passwords that are impossible to guess.
2. Saving passwords in your browser
Don't save passwords in your browser. It's easy for anyone to go into your browser settings and reveal your passwords. If you have trouble creating strong passwords or remembering them, you can use a password manager like LastPass. This service uses a master password and allows you to create and save encrypted passwords to share securely across multiple devices.
3. Not locking your smartphone
Keep your mobile secure, too! Cellphones are increasingly connected to computers, software systems, and all kinds of devices. Be sure to put a password on your smartphone. Set it up so that it can be remotely wiped of all data if it is lost or stolen. Otherwise, if someone steals your bag and it has both your laptop and smartphone, they may be able to use information from one to hack the other.
4. Unencrypted data
Encrypt, encrypt, encrypt! Encrypt sensitive data on your laptop by using software that can create encrypted drive volumes or encrypt your entire hard drive. TrueCrypt is good for this. When moving to cloud-based services, make sure that they encrypt user passwords and data so that employees (or hackers accessing their servers) are unable to view the data.
5. Writing passwords down on paper
Don't write it down. Never write down or keep a print copy of secure information. That sticky note on your monitor with your password on it? Shred it immediately!
6. Sending secure information via e-mail and chat
Avoid using e-mail and chat for secure information. Be aware that e-mail and instant messaging services are insecure in nature. There is always a risk that the confidential data could be intercepted.
7. Not knowing when a website is secure
Look for the HTTPS. Unless you have https:// at the beginning on the web address, any data you may enter on the site could be intercepted. There is a significant difference between http:// and the addition of the 's' in https://, always look for the 's'.
8. Having an unsecured Wi-Fi network
Protect your Wi-Fi. It is crucial to protect your wi-fi with a secure password. Connecting to an insecure wi-fi network can open up your personal information to nearby hackers.
9. Not updating software
Keep everything up-to-date. Install all updates and patches for your software. Make sure you have the latest versions as soon as they become available. According to Secunia, 50% of vulnerabilities over the last two years were found in products by the top 14 third party application vendors. Keeping your software up-to-date will repair known security issues and thereby reduce the likelihood of a data breach.
10. Not using antivirus, spyware removers and firewalls
Make your antivirus, spyware remover, and firewall your new best friends. Run an antivirus and a spyware remover, and protect your network with a firewall. Again, make sure to keep these up-to-date. Use allow and block lists to control applications for both yourself and your employees, and never connect to untrusted networks.
11. Not thinking critically
Always think critically. Don't give out your password or credit card information to a support technician. Only give your credit card information to trusted vendors.
Not only should you employ these tips yourself, but you should also ensure that your employees do the same. Your employees can also be a security risk to your company, so it's important to educate them on their role in keeping your organization secure.
Cybersecurity should always be a top priority in your risk management plan. ClearRisk's Claims, Incident, and Risk Management system can help you manage these risks and many others. Our system is built on the #1 cloud-computing platform in the world, Salesforce, who have shown that 94% of users who switched to cloud-based systems experienced more secure systems. Want more information?
If you found this article helpful, you may be interested in: