Technology blurs the boundaries between work and home but private data is vulnerable on both fronts. Follow these steps to protect both yourself and the company you work for.
5 security risks in the home
Connecting household appliances to the web can be like planting bugs in your own home.
What time does your alarm go off? When do you turn on your TV, or the lights? What shows do you watch and – by-the-by – are you playing any pirated, copyright-protected DVDs?
Separately, these pieces of information might seem trivial, but together they can form a snapshot into your private life – in other words, a treasure trove of data waiting to be intercepted and data-mined.
Tip: Consider whether those “dumb” old appliances might actually be smarter than the new “Internet of Things”.
Sometimes it’s the most obvious that trips us up. Is your home network secure? Wi-Fi is probably the weakest link and one even a novice hacker can exploit. Your network needs to be secure and encrypted.
Always use networks with encryption such as WPA2 and a key sufficiently complex to foil “dictionary” attacks.
According to Gartner, by 2017 we will have downloaded more than 268 billion computer apps.
Nielsen says 89 per cent of our time on media is already spent via this relatively new life necessity. Unfortunately, Gartner warns that in 2015, 75 per cent of apps – regardless of ecosystem – will not have basic business-acceptable security protocols.
This is not only bad news for enterprises, but private users as well.
For example, a music player that also accesses contact lists or geo-location could be suspicious.
Neither Apple nor Google claim to be perfect with their app screening processes, but downloading from third-party stores carries a much higher risk of installing malicious software.
Try to stick with applications that have passed security tests by specialised application security testing vendors.
Never reveal more than what is barely required (of necessity, professional networks like LinkedIn
Not only is social media “private” data fair game for e-discovery in court, even sharing seemingly innocuous information about your company or potentially defamatory content about someone can cause issues.
That means no writing Facebook posts about the co-worker who just got fired – because you will be next.
Tip: Use it but don’t lose it.
Whatever takes your fancy will inevitably be tracked. Books, music or movies – it doesn’t matter.
This isn’t to say stop shopping online, but be wary of the tricks data-mining companies will use if you want to reduce spam calls, unsolicited emails and other unwanted communications.
Personally identifiable information (PII) is more vulnerable than ever, and as companies increasingly collect it, the odds of it being compromised grow.
Tip: Be stingy with what you give to get.
5 security risks in the workplace
CIOs have debated the pros and cons of securing files in the cloud for a while now. The cyber attack on Sony in November last year, which will almost certainly cost it at least US$100 million, has strengthened the argument for virtual migration.
But anything saved in the cloud is not invulnerable. Therefore, if you choose to store business files in the cloud, check that the security and availability is right for the types of information you want to upload.
Tip: Implement strict cyber security protocols and have a sound cyber security insurance policy for a worst-case scenario.
In any business, you are going to have to share your files and other data with colleagues, employees and others.
Ubiquitous USBs aside, the causes of an inadvertent breach are endless, but perhaps key is:
• Do recipients encrypt very important files on their disk ?
• Do they ever check running processes on their devices to see if there is anything unusual, and how do they validate unusual versus usual?
• Are they storing both private and company information on a device that is being synced with cloud storage during back-ups?
Tip: Develop a solid BYOD policy document based on your business requirements and risk profile, and insist employees sign it.
Even a well-executed BYOD plan may not stop employees with malicious intent from compromising your data. According to Gartner, 20 per cent of employees it interviewed said they access data behind the workplace firewall using private devices.
Worse, organised crime has been known to actively recruit dissatisfied employees to do so, and pay a fee for them to pass it on.
Try not to think about this at night.
Phishing – a form of identity theft – continues to infiltrate company websites.
Last year, McAfee Labs found that 80 per cent of companies it studied in a test failed to detect at least one of seven phishing emails. It also revealed that finance and HR departments – which hold some of the most sensitive corporate data – performed worst at detecting scams.
Be vigilant, but also aware that corporate infrastructure technology is no longer matching it against cyber criminals.
Despite years of repeated warnings about the dangers of pinning passwords to computer screens, having no understanding or care about the implications of opening attachments/files from unexpected emails, or simply failing to treat unsolicited messages with suspicion remain – and probably always will – one of the gravest, most common and preventable threats to data security in the workplace.
If you find a strategy that works, let us know.
Read next: Should you be afraid of data mining?