Cyber Security Tips For Digital Collaboration

Cyber Security Tips

October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security and private industry to ensure that citizens and businesses alike have the resources they need to use the Internet safely and securely. Today’s cyber criminals are ingenious and constantly probing for vulnerabilities, and when breaches occur they can put the whole company at risk. Don’t give them the opportunity!

One of the biggest security challenges companies face is that the way we work together has changed dramatically – a transformation that is still ongoing. The term “workplace” is becoming an anachronism as people find new ways to collaborate digitally, anywhere, at any time. Sensitive information needs to be shared among dispersed teams that may include co-workers, partners, customers and other stakeholders. Some of these individuals are vetted and trusted, others…not so much.

Since most security breaches start with human error, now is a fitting time to share some reminders for employees and business users. Think of these as your first line of defense when collaborating in an unsafe world.

Don’t Intermingle Work and Personal Files

Always keep business and personal files separate, otherwise you’re asking for trouble. (A certain presidential candidate learned this the hard way!) For cloud apps, use separate accounts. If work and personal files must be on the same device, store them as far apart as possible, using different directory paths.

Use Strong Passwords and Keep Them Safe

According to Verizon’s 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Employees, contractors and everyone else in your business ecosystem should be required to use unique credentials with strong, unique passwords, rather than the name of their pet goldfish over and over. Even if a password is exposed just once, the potential consequences are enough to make a security manager cringe. Remind people that the infamous Target breach began when some hacker stole a heating contractor’s credentials, while at Home Depot, someone used a vendor’s username and password to steal credit card info for more than 50 million people.

Verify Email Addresses Are Correct

According to a Ponemon Institute survey of over 1000 IT professionals, 63% of respondents have accidentally sent files to the wrong recipients – people who clearly were not authorized to see them. Here’s a simple suggestion: if an employee needs to send an email to someone for the first time, have the intended recipient send an initial email so the employee can respond to it and use it thereafter. This eliminates the chance they’ll get the address wrong – misspell a company name, forget a dash (or add one), use “.com” instead of “.org“, etc., and send a file goodness knows where.

Don’t Send Sensitive Files using a Consumer-Grade Service

When employees need to share a file that’s too large for email, it’s tempting to send it through Dropbox, Box or some other consumer-grade file sharing service – or simply park it there for convenience. While many of these consumer-grade services have improved their security measures in recent years, they lack the file-level security and controls necessary for protecting sensitive data. For example, a file may be intended for information only, but people are saving it, renaming it, forwarding it others, pasting sections into a competitor’s sales campaign or misusing it in other ways that the sender never intended.

Have Remote Erase Capabilities, or an Effective Alternative

People are always losing their devices – at the airport, in the back of a taxi, at a restaurant, etc. If a device is used to store sensitive data, it also needs a remote wipe feature to be able to erase that data in the event the device is lost or stolen. (NASA learned this lesson the hard way.) Another approach that’s much more flexible is to use information rights management (IRM) software that can delete sensitive files instantly, on any device.

Don’t Share Your Devices with Family and Friends

With the holidays approaching, many people will be receiving new devices (laptops, phones, etc.) as gifts, and family and friends will be pleading for a chance to use them. According to a survey by Kaspersky Lab, one third of respondents reported sharing their personal devices, and of those, 32% took no precautions to protect their information. Why tempt people? In addition, some family members probably have minimal awareness or understanding of today’s cyber threats, and how cunning the perpetrators can be.

Stay Safe Online – and Collaborate with Confidence

Since most security breaches start with human error, educating your staff is an obvious way to reduce the risk. But we also have to remember that training only goes so far – whenever human beings are involved, there’s always the chance of risky behaviors and silly mistakes. And if someone takes advantage of a security lapse to sneak onto your network and steal sensitive data, the damage may not be apparent for weeks or months.

Thus a company has to back up its first line of defense with other measures to keep its information safe. Consider a solution that embeds encryption and user privileges directly into a file, including who is authorized to access it and what operations they can perform with it. These permissions then follow the file wherever it goes on, on any device it lands on. If sensitive data falls into the wrong hands, access can be immediately revoked. Companies get control over their files that’s not available with email or traditional file sharing. As business becomes increasingly powered by digital collaboration, it’s the way to keep sensitive information secure while using it to full advantage.

By Daren Glenister

Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
David Loo
The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...
Alex Vakulov
Ransomware Database Targeting The scourge of ransomware is undoubtedly the most severe cyber security concern for home users and organizations these days. It revolves around taking important data hostage and demanding money, usually hard-to-trace cryptocurrency ...
Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.