Whether it’s the BASH flaw we blogged about recently, the JP Morgan/Chase hack this summer, or the discovery of the Reddit Mac iWorm, it seems that news about data breaches has been more prevalent than ever. Data security has never been more important – as the amount of data that is stored online continues to increase and hackers get significantly more sophisticated, making even the savviest of computer users susceptible to breaches.
While a business may wonder how they can keep their data safe when companies that have the resources of JP Morgan and Target are victims, there are several ways you can help mitigate the risk. We’ve listed a few of these “best practices” below.
1. Create and Manage Strong Passwords
Believe it or not, CBS News reported that the top three passwords of 2014 are, “123456,” “password” and “12345678.” As we noted in a recent blog, it’s important to develop passwords that are not immediately easy to uncover (no dog's names, kid's names, anniversaries, etc.). Instead, be sure to use at least eight characters, incorporating numbers and capital letters. Password generators can help as well, and using password managers can help keep track of your passwords and even automatically log you in. You should also use very different passwords for your less critical solutions, such as entertainment and social media sites, as you do for email and financial accounts.
2. Review Your Password-Protected Systems
Keep track of which systems require passwords and who has access to them. Review system security regularly and remove any unused accounts. Reset those passwords at least once a year – more often if you have high employee turnover.
3. Reduce Risk by Removing Unused Technology
Eliminate any Business Solutions which are no longer used. You should export data to a permanent storage solution, like a DVD, and shut down the unused system. We don’t recommend keeping technology around “just in case,” because it is another security risk.
4. Integrate Authentication
Try to integrate the authentication of as many of your systems as possible. Several systems now support ‘Single Sign On’ where one system will let you in if you have already authenticated to another one. Explore these possibilities with your IT team to reduce the number of passwords you need to enter. The less passwords you have the more willing you will be to make your passwords “strong” and it will shrink your risk profile.
5. Online Transactions
Never use your debit card at a place you don’t trust completely, use a credit card instead because your credit card has limited liability while your debit card does not. The security protocols for online commerce vary greatly, and it’s important to shop from trusted sites. For example, while even the well-trusted Ebay got hacked earlier this year, they responded quickly and alerted their members, automatically requiring each person to reset their password.
6. Recognize Phishing
While most of us are now aware of the most popular phishing scams (someone you know is stuck in a European country and has lost all their credit cards), it’s becoming harder to tell a spam email from a legitimate one. Here are a few tips to help you recognize a hacker that might be phishing for your data:
- If you receive an email from what looks like a trusted company (especially your bank), avoid clicking on the link. Instead, type the URL of that company directly in the browser. Banks don’t ask for personal information to be given by general URL or by email.
- If a company sends you an email asking you to call them, look up their contact information online. Don’t use the phone number in the email. If it’s a criminal, you’ll be calling them and not your trusted company representative.
- Review the email reply address. Once you click “reply,” you can see the email address in your reply field. If it looks suspicious, it probably isn’t safe to communicate. Phishers often cloak the email address when they email you, hoping you won’t look deeper to discover it’s a phony email.
7. Instant Messaging
Instant messaging (IM) has become a common means to communicate, even in the workplace. When you IM with friends or colleagues, do not give out critical information through IM because it is impossible to know whether the other computer is secure.
If you have any questions about the security of your technology, give us a call and we would be happy to tell you about the Sinu Solution and how we keep your data safe.