John Downey is the Vice President of Software Development at ClearRisk Inc. The ClearRisk team is excited to share John's technical expertise to help you manage technology risk at your organization.
It seems like every day now that we hear about another company's network or laptop being hacked, or a business accidentally revealing confidential files. From Stanford Hospital exposing 20 000 patient records to the hacker attack on Sony that compromised 71 million accounts, even the largest and most seemingly secure organizations are susceptible to data insecurity.
Collaborating with the IT security experts here at ClearRisk, I've created a list of 11 easily preventable mistakes almost everyone unknowingly makes. I've also provided information security tips that are necessary to help prevent data insecurity as a result of these common mistakes.
Top 11 Easily Prevented Information Security Threats:
1. Using the same password for multiple accounts
Never use the same password for two separate accounts. This is especially important for your email; if a hacker can gain access to your email, it's likely that they can also get into other important accounts from your email, such as your online bank account. Think about this: if you sign up for a service, providing your email and creating the same password you use for your email, this is the only information the wrong person needs to gain access to everything else.
At the very least, you can create different groups of passwords. For example, create one password to be used for your email, one to be used for your banking, and another for all low security accounts. Ideally, you should use a password generator or manager that allows you to create passwords that are impossible to guess.
2. Saving passwords in your browser
Don't save passwords in your browser. It's easy for anyone to go into your browser settings and reveal your passwords. If you have trouble creating strong passwords or remembering them, you can use a password manager like LastPass. This service uses a master password and allows you to create and save encrypted passwords to share securely across multiple devices.
3. Not locking your smartphone
Keep your mobile secure, too! In the previous blog post Mobile Risk: What are you really carrying with your smartphone?, Craig Rowe discussed the importance of keeping your mobile devices secure as well. Be sure to put a password on your smartphone and other devices. Set it up so that it can be remotely wiped of all data if it is lost or stolen. Otherwise, if someone steals your bag and it has both your laptop and smartphone, they may be able to use information from one to hack the other.
4. Unencrypted data
Encrypt, encrypt, encrypt! Encrypt sensitive data on your laptop by using software that can create encrypted drive volumes or encrypt your entire hard drive. TrueCrypt is good for this. When moving to cloud-based services, make sure that they encrypt user passwords and data so that employees (or hackers accessing their servers) are unable to view the data.
5. Writing passwords down on paper
Don't write it down. Never write down or keep a print copy of secure information. That sticky note on your monitor with your password on it? Shred it immediately!
6. Sending secure information via e-mail and chat
Avoid using e-mail and chat for secure information. Be aware that e-mail and instant messaging services are insecure in nature. There is always a risk that the confidential data could be intercepted.
7. Not knowing when a website is secure
Look for the HTTPS. Unless you have https:// at the beginning on the web address, any data you may enter on the site could be intercepted. There is a significant difference between http:// and the addition of the 's' in https://, always look for the 's'.
8. Having an unsecured Wi-Fi network
Protect your Wi-Fi. It is crucial to protect your wi-fi with a secure password. Connecting to an insecure wi-fi network can open up your personal information to nearby hackers.
9. Not updating software
Keep everything up-to-date. Install all updates and patches for your software. Make sure you have the latest versions as soon as they become available. According to Secunia, 50% of vulnerabilities over the last two years were found in products by the top 14 third party application vendors. Keeping your software up-to-date will repair known security issues and thereby reduce the likelihood of a data breach.
10. Not using antivirus, spyware removers and firewalls
Make your antivirus, spyware remover, and firewall your new best friends. Run an antivirus and a spyware remover, and protect your network with a firewall. Again, make sure to keep these up-to-date. Use allow and block lists to control applications for both yourself and your employees, and never connect to untrusted networks.
11. Not thinking critically
Always think critically. Don't give out your password or credit card information to a support technician. Only give your credit card information to trusted vendors.
Not only should you employ these tips yourself, but you should also ensure that your employees do the same. Your employees can also be a security risk to your company, so it's important to educate them on their role in keeping your organization secure.
Cybersecurity should always be a top priority in your risk management plan.
If you're new to risk management, please download this free whitepaper from the ClearRisk site: What is Risk Management? Whitepaper For more tips on how to protect your business, subscribe to the ClearRisk Risk Management Blog by RSS or email on the right hand side of this post.