Nearly every month this year has featured a story detailing the latest brand to suffer a cyber attack; brands such as JP Morgan, Apple’s iCloud, and eBay often have millions of customers, whose data is now at risk. There have also been newly discovered flaws in decades old source code used to secure and power the Internet. Flaws such as Heartbleed and Shellshock have been used to obtain credentials or install malware.
With the constant threat of attack, how can businesses be sure to stay safe?
In the digital age, a sad truth is that very few things are truly safe. Cyber Insurance is available to help businesses keep things running smoothly in the event of an attack, but they do not protect attacks themselves. Security software, such as McAfee or Norton, is still available, widely used, and very effective, however, many security firms are usually a few steps behind the criminals.
Users themselves can be the first line of defense by following existing security protocols established by their employer. For example, a recent article was published highlighting the danger of using public WiFi; this kind of information teaches users to be aware of certain risks that can minimize the risk for a data breach.
What are some things I can do to prevent a data breach?
They Are After Your Passwords
In most data breaches, thieves are after credentials; some are explicitly after financial information like accounts or credit card numbers, but many this year have focused on credentials. In some cases credentials were stolen from 3rd party apps or software, as was the case with Snapchat. Always be aware of login screens and consider what you are entering your credentials for and what information could be obtained.
Password Bundling, It’s A Bad Thing
Keep logins separate from other logins. In reality we all know this is actually a huge pain, and nearly impossible, however, in some cases when a hacker gains access to one account, they could be gaining access to all of your accounts. Do you store passwords in your email inbox or keep the emails reminding you of a clue? If so, this could be a problem if a hacker were to gain access into your email.
Everything Should Be Smart, Including Passwords
Many security experts will tell users to use phrases or acronyms instead of birth dates, seasons, or words listed in the dictionary. For example, take this phrase “Using Smart Passwords Can Minimize Data And Security Breaches”; if broken down into an acronym it would be “USPCMDASB” which obviously sounds like gibberish. To make this more password friendly we would need to include a combination of letters, numbers, and special characters; now might be a good time to brush up on your “31337 (Elite) speak”. You can substitute numbers for certain letters that look similar such 5=S, 0=O, 3=E, 4=A, and 8=B. Using this we can change the acronym into something slightly harder to crack, “U5PCMD458”. From there you can alternate the upper case and lower case letter and even add in some special character to end up with something like this: “U5pcMd4$8.”
Beware of 3rd Party Software
Company computers often have a security suite installed along with specific settings, which are designed to allow for approved traffic. Installing software, such as iTunes or a messenger app, can create an alternate port for traffic to travel through, potentially leaving your machine exposed. Most of us consider installing a browser or add-on as harmless, but many of these may send information back to the creator or allow for data to be collected, again leaving a port open that was once closed.
Lock It Or Log Off
When you are away from your desk, if even for just a minute to retrieve that document you just printed, lock or log off your machine. By doing this you protect your machine from potential prying eyes or those who should not have access to certain documents. It can also be a measure to avoid an embarrassing email being sent out to the entire company by that one co-worker who enjoys practical jokes.
Don’t Feed The Phish
I am not talking about the jam band, but attempts by hackers to gain your credentials through trickery. This can be as simple as getting an email from the Nigerian Prince or FBI, or as complex as creating an identical webpage. Banking, social media, and retail sites use the HTTPS standard. These secure websites often have a lock icon in the address bar or start with “HTTPS”; some hackers will use a variant of the site name to trick people into logging in if they happen to enter the wrong address; for example Faceebook.com could lead to a duplicate page where a hacker would wait for people to enter in their credentials.
Updates, They Are Important
Throughout the year software manufactures will issue updates that are not only intended to keep your device up to date with the latest features, but to also keep it secure. Inside these updates are patches that will fix any bugs that are reported; some have been helpful at defending virus and malware threats, but they mostly patch vulnerabilities that might otherwise remain exposed.