By Erik Driehuis, Vice President EMEA, Digital Guardian
For many modern businesses, their data is their most valuable asset. However, these days it seems every morning brings news of another high profile data breach. Sadly hackers are becoming more sophisticated and more determined than ever before, but this doesn’t mean businesses can’t take steps to protect themselves. Just a few considerations regarding security processes can be enough to ensure would-be hackers move on to an easier target. Here are ten tips which can help individuals and businesses of all shapes and sizes better protect personal data, financial information and privacy.
1. Keep your operating system and all software up to date.
This is a tip you’ll hear time and time again from security professionals. Those pesky OS and computer software updates are not only important from a functionality standpoint, but they more often than not contain critical security updates and vulnerability patches. Where possible, enable automatic software updates to streamline the process and ensure you are always up to date.
2. Encrypt sensitive data.
Data encryption is no longer just for large enterprises – there are many tools now available to individuals and smaller businesses (some free) that make it easy to encrypt your sensitive data. By using encryption you can ensure that your data will remain unreadable and safe, even if accessed by a malicious actor. Additionally, always encrypt sensitive data before copying to removable devices such as USB storage or portable hard drives. In doing so, you'll ensure that your sensitive information isn’t at risk if a device is lost or stolen.
3. Use antivirus software.
While it’s widely accepted that antivirus software won’t protect against all types of threats, it does still offer baseline protection against common, well-known malware. At the minimum, install a reputable free antivirus tool and perform virus scans periodically on all of your IT.
4. Ensure all employees use a unique, complex password for every account.
Reusing passwords (or slightly modified passwords) across different accounts is one of the biggest concerns in the event of a hacking attack or data breach. Many times attackers will attempt to access multiple other accounts (banking, PayPal, etc) using login credentials that they have obtained for a single, original account. If employees reuse passwords, a simple credential breach of a non-sensitive account can grant attackers access to an organisations most sensitive online accounts quickly and easily.
5. Securely archive or delete data no longer needed.
Minimizing the amount of data an organization stores is not only good housekeeping, but it also minimizes the amount of information that is available to an attacker that has gained access to those devices. If data is no longer needed, it should be encrypted and moved to an offline storage device or deleted altogether – particularly old bank statements, contracts, bills, health records, and work documents.
6. Regularly monitor activity on online accounts.
No surprise here – the best way to stay on top of a compromised account or fraud is to monitor account activity regularly. If suspicious activity is identified, all parties involved should be notified immediately. Even with other protections in place, vigilant monitoring is still often the fastest way to identify a compromise.
7. Change all passwords following news of an account compromise or data breach.
Sadly, data breaches make the news all the time these days – but what should be done when a company or website with which you have an account gets breached? The most important first step is to change all associated passwords. By doing so you ensure that your credentials are useless, even if stolen.
8. Manage privacy settings for mobile applications and online accounts.
While it may seem like a daunting task in today’s day and age, keeping up with the privacy settings for different accounts and applications is critical. It’s still the best way to ensure that companies (or individuals) do not have access to private information about yourself or your business.
9. Be wary of free Wi-Fi networks.
Hackers and online thieves often use unprotected Wi-Fi networks to carry out sniffing and/or man-in-the-middle attacks on unsuspecting victims, stealing credentials or other data in-transit. Avoid using free Wi-Fi networks, particularly in high traffic public places like cafes, airports, and similar places. If using an unprotected Wi-Fi network is unavoidable, be sure that HTTPS is enabled for any sites visited – a good habit for all online activity.
10. Learn to recognize and avoid phishing attacks (and educate your employees).
Social engineering tactics, particularly phishing attacks, are an incredibly popular tactic for cyber criminals. Why is that? Simply put, it’s often faster and easier for an attacker to trick another person into taking a desired action rather than conducting complex, manual hacking attacks themselves. Phishing attacks typically have telltale signs such as unfamiliar senders, strange domain names, spoofed web pages or emails, and messages with links or attachments that weren’t requested. Leverage free online resources to train yourself and your employees to better identify phishing attacks, and avoid messages that appear suspect.
Sadly cyber attacks and online fraud are becoming an increasingly prominent part of personal and business environments today, but there is still plenty that can be done to reduce the odds of an unwelcome attack. By following these tips and training employees to do the same, individuals and businesses alike can ensure they are not an easy target.