10 ways to protect yourself online

Your data is at risk but there are steps you can take to protect yourself.

Technology blurs the boundaries between work and home but private data is vulnerable on both fronts. Follow these steps to protect both yourself and the company you work for.

5 security risks in the home

Smart appliances

Connecting household appliances to the web can be like planting bugs in your own home.

What time does your alarm go off? When do you turn on your TV, or the lights? What shows do you watch and – by-the-by – are you playing any pirated, copyright-protected DVDs?

Separately, these pieces of information might seem trivial, but together they can form a snapshot into your private life – in other words, a treasure trove of data waiting to be intercepted and data-mined.

Tip: Consider whether those “dumb” old appliances might actually be smarter than the new “Internet of Things”.

Wi-Fi

Sometimes it’s the most obvious that trips us up. Is your home network secure? Wi-Fi is probably the weakest link and one even a novice hacker can exploit. Your network needs to be secure and encrypted.

Tip: Always use networks with encryption such as WPA2 and a key sufficiently complex to foil “dictionary” attacks.

Apps

According to Gartner, by 2017 we will have downloaded more than 268 billion computer apps.

Nielsen says 89 per cent of our time on media is already spent via this relatively new life necessity. Unfortunately, Gartner warns that in 2015, 75 per cent of apps – regardless of ecosystem – will not have basic business-acceptable security protocols.

This is not only bad news for enterprises, but private users as well.

For example, a music player that also accesses contact lists or geo-location could be suspicious.

Neither Apple nor Google claim to be perfect with their app screening processes, but downloading from third-party stores carries a much higher risk of installing malicious software.

Tip: Try to stick with applications that have passed security tests by specialised application security testing vendors.

Social media

Never reveal more than what is barely required (of necessity, professional networks like LinkedIn are exceptions).

Not only is social media “private” data fair game for e-discovery in court, even sharing seemingly innocuous information about your company or potentially defamatory content about someone can cause issues.

That means no writing Facebook posts about the co-worker who just got fired – because you will be next.

Tip: Use it but don’t lose it.

Buying online

Whatever takes your fancy will inevitably be tracked. Books, music or movies – it doesn’t matter.

This isn’t to say stop shopping online, but be wary of the tricks data-mining companies will use if you want to reduce spam calls, unsolicited emails and other unwanted communications.

Personally identifiable information (PII) is more vulnerable than ever, and as companies increasingly collect it, the odds of it being compromised grow.

Tip: Be stingy with what you give to get.

5 security risks in the workplace

Cloud storage

CIOs have debated the pros and cons of securing files in the cloud for a while now. The cyber attack on Sony in November last year, which will almost certainly cost it at least US$100 million, has strengthened the argument for virtual migration.

But anything saved in the cloud is not invulnerable. Therefore, if you choose to store business files in the cloud, check that the security and availability is right for the types of information you want to upload.

Tip: Implement strict cyber security protocols and have a sound cyber security insurance policy for a worst-case scenario.

BYODs

In any business, you are going to have to share your files and other data with colleagues, employees and others.

Ubiquitous USBs aside, the causes of an inadvertent breach are endless, but perhaps key is:

•    Do recipients encrypt very important files on their disk ?
•    Do they ever check running processes on their devices to see if there is anything unusual, and how do they validate unusual versus usual?
•    Are they storing both private and company information on a device that is being synced with cloud storage during back-ups?

Tip: Develop a solid BYOD policy document based on your business requirements and risk profile, and insist employees sign it.

Vindictive employees

Even a well-executed BYOD plan may not stop employees with malicious intent from compromising your data. According to Gartner, 20 per cent of employees it interviewed said they access data behind the workplace firewall using private devices.

Worse, organised crime has been known to actively recruit dissatisfied employees to do so, and pay a fee for them to pass it on.

Tip: Try not to think about this at night.

Phishing

Phishing – a form of identity theft – continues to infiltrate company websites.

Last year, McAfee Labs found that 80 per cent of companies it studied in a test failed to detect at least one of seven phishing emails. It also revealed that finance and HR departments – which hold some of the most sensitive corporate data – performed worst at detecting scams.

Tip: Be vigilant, but also aware that corporate infrastructure technology is no longer matching it against cyber criminals.

Complacency

Despite years of repeated warnings about the dangers of pinning passwords to computer screens, having no understanding or care about the implications of opening attachments/files from unexpected emails, or simply failing to treat unsolicited messages with suspicion remain – and probably always will – one of the gravest, most common and preventable threats to data security in the workplace.

Tip: If you find a strategy that works, let us know.

Read next: Should you be afraid of data mining?



September 2019
September 2019

Read the September 2019 issue of INTHEBLACK magazine.

Each month we select the must-reads from the current issue of INTHEBLACK. Read more now.

CONTENTS