Kalles/Group Articles

Information security 101: 5 things you must do

Oh, how I long to live in a world where people kept their hands off other people’s belongings and they used their intellect to better the world instead of degrade it. Unfortunately, that’s not the case, hence the need for us to lock our cars, homes and now, devices. Information security is one of the hottest topics being discussed these days. Just turn on the news for the latest hacking incident or search InfoSec on the Web to learn what companies big and small are doing to secure their networks. Most of the latter are installing the best anti-malware software they can afford, but may be missing an even more important line of defense, that being their employees.

Whether you are an employee, employer, or both, here are five things you can (and should) do to protect company and personal data from falling into the wrong hands.

1. Never use an unprotected computer.

Always make sure your computer is running the latest approved security patches, antivirus and firewall. In addition, work in user mode, not administrator mode, whenever possible. This is referred to as the ‘practice of least privilege.’ For example, if you’re running your computer as an administrator, and then visit an unfamiliar Internet site, your hard drive could get reformatted and all of your files deleted.

2. Be cautious of your inbox.

Don’t work fast enough that you automatically open every email, and don’t let curiosity get the best of you! Your best bet is to delete any suspicious email, attachment, and/or link. If you know the sender, but it still looks strange, contact them regarding the email prior to opening and viewing it. Learn how to recognize phishing emails and train others how to as well. Emails with poor spelling and grammar, requesting personal information, seem too good to be true, asking for money, etc. are all dead giveaways. However, it can get trickier, so do your homework to avoid becoming the next victim.

3. Never plug in your personal devices without permission from IT.

This one you or your employees may have missed. USB flash drives, MP3 players, and smartphones can all be compromised with code waiting to launch as soon as you plug them into your machine. Your best bet is to talk to your IT department for guidance on what to do prior to plugging them in. They may have you set it up so they are immediately scanned for viruses once plugged in. Or to further reduce the risk, keep your USB drives separate (one for home, school, work, etc.) and don’t cross-contaminate machines!

4. Lock everything up.

This includes your computer and mobile phone. Make sure each of these is password protected. And don’t forget physical items such as important papers that include proprietary information. Keep them under lock and key when in use and then shred when you are finished. It may seem paranoid but you can never be too careful when it comes to protecting company data and your personal information.

5. Change your passwords and make them stronger.

First of all, reset all of your passwords. The older a password is, the longer an attacker has to crack it, and once they do, if you never change it, they can use it forever! Never use the same password twice, so that if one system is compromised, it doesn’t become a gateway into other systems. And for Pete’s sake, if your password is ‘password,’ ‘123456,’ or the name of your mom, child, spouse, or pet, you need to change it immediately and make it stronger!

Some are now advising 6 words pieced together to form a password, due to advanced technology making password-cracking even easier. Also consider creating a password that is NOT grammatically correct or even spelled correctly, which makes it harder to crack and potentially easier for you to remember. Consider using Microsoft’s (or similar) password checker to test how strong your passwords are: https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link.

I read somewhere that if employees never opened suspicious attachments or clicked links that seemed strange, it would reduce security risks by 80%. So immediately implementing all 5 of these suggestions will ensure you are well on your way to becoming 100% secure.