Cyber Security Tips
October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security and private industry to ensure that citizens and businesses alike have the resources they need to use the Internet safely and securely. Today’s cyber criminals are ingenious and constantly probing for vulnerabilities, and when breaches occur they can put the whole company at risk. Don’t give them the opportunity!
One of the biggest security challenges companies face is that the way we work together has changed dramatically – a transformation that is still ongoing. The term “workplace” is becoming an anachronism as people find new ways to collaborate digitally, anywhere, at any time. Sensitive information needs to be shared among dispersed teams that may include co-workers, partners, customers and other stakeholders. Some of these individuals are vetted and trusted, others…not so much.
Since most security breaches start with human error, now is a fitting time to share some reminders for employees and business users. Think of these as your first line of defense when collaborating in an unsafe world.
Don’t Intermingle Work and Personal Files
Always keep business and personal files separate, otherwise you’re asking for trouble. (A certain presidential candidate learned this the hard way!) For cloud apps, use separate accounts. If work and personal files must be on the same device, store them as far apart as possible, using different directory paths.
Use Strong Passwords and Keep Them Safe
According to Verizon’s 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Employees, contractors and everyone else in your business ecosystem should be required to use unique credentials with strong, unique passwords, rather than the name of their pet goldfish over and over. Even if a password is exposed just once, the potential consequences are enough to make a security manager cringe. Remind people that the infamous Target breach began when some hacker stole a heating contractor’s credentials, while at Home Depot, someone used a vendor’s username and password to steal credit card info for more than 50 million people.
Verify Email Addresses Are Correct
According to a Ponemon Institute survey of over 1000 IT professionals, 63% of respondents have accidentally sent files to the wrong recipients – people who clearly were not authorized to see them. Here’s a simple suggestion: if an employee needs to send an email to someone for the first time, have the intended recipient send an initial email so the employee can respond to it and use it thereafter. This eliminates the chance they’ll get the address wrong – misspell a company name, forget a dash (or add one), use “.com” instead of “.org“, etc., and send a file goodness knows where.
Don’t Send Sensitive Files using a Consumer-Grade Service
When employees need to share a file that’s too large for email, it’s tempting to send it through Dropbox, Box or some other consumer-grade file sharing service – or simply park it there for convenience. While many of these consumer-grade services have improved their security measures in recent years, they lack the file-level security and controls necessary for protecting sensitive data. For example, a file may be intended for information only, but people are saving it, renaming it, forwarding it others, pasting sections into a competitor’s sales campaign or misusing it in other ways that the sender never intended.
Have Remote Erase Capabilities, or an Effective Alternative
People are always losing their devices – at the airport, in the back of a taxi, at a restaurant, etc. If a device is used to store sensitive data, it also needs a remote wipe feature to be able to erase that data in the event the device is lost or stolen. (NASA learned this lesson the hard way.) Another approach that’s much more flexible is to use information rights management (IRM) software that can delete sensitive files instantly, on any device.
Don’t Share Your Devices with Family and Friends
With the holidays approaching, many people will be receiving new devices (laptops, phones, etc.) as gifts, and family and friends will be pleading for a chance to use them. According to a survey by Kaspersky Lab, one third of respondents reported sharing their personal devices, and of those, 32% took no precautions to protect their information. Why tempt people? In addition, some family members probably have minimal awareness or understanding of today’s cyber threats, and how cunning the perpetrators can be.
Stay Safe Online – and Collaborate with Confidence
Since most security breaches start with human error, educating your staff is an obvious way to reduce the risk. But we also have to remember that training only goes so far – whenever human beings are involved, there’s always the chance of risky behaviors and silly mistakes. And if someone takes advantage of a security lapse to sneak onto your network and steal sensitive data, the damage may not be apparent for weeks or months.
Thus a company has to back up its first line of defense with other measures to keep its information safe. Consider a solution that embeds encryption and user privileges directly into a file, including who is authorized to access it and what operations they can perform with it. These permissions then follow the file wherever it goes on, on any device it lands on. If sensitive data falls into the wrong hands, access can be immediately revoked. Companies get control over their files that’s not available with email or traditional file sharing. As business becomes increasingly powered by digital collaboration, it’s the way to keep sensitive information secure while using it to full advantage.
By Daren Glenister
Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.
Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.