Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure.
Cyber security can feel overwhelming. You just want to browse the Internet and do your job without having to worry about whether a cyber criminal is going to attack. Besides, isn’t it IT’s job to keep you and your organisation secure?
This frustration largely stems from misunderstanding. Yes, some elements of cyber security are complicated and IT is responsible for a lot of the things that keep you safe, but there are simple steps that everybody can follow to protect themselves and their organisation.
Here are three tips that don’t require any technical expertise.
Use a secure Internet connection
For many people, the workday rarely ends when they leave the office in the evening. But with flexible work comes the risks of public Wi-Fi. Unlike your office connection, public Internet usually doesn’t offer a private connection, making it easy for crooks to hack the network and access the information on your browser.
Crooks can easily loiter in public places and wait for someone who looks as though they are accessing sensitive information. A malicious party can generally tell when you are working (you’ll be the one in a suit, with paperwork beside you or work documents open on your screen), and they’ll jump on the opportunity to access sensitive information.
That doesn’t necessarily mean you can’t work in public, but you will need to use a VPN (virtual private network) or access whatever you need without connecting to the Internet. You should already have a VPN installed on work-issued laptops, but if not, you can ask your IT department to download one.
Create unique passwords for your work accounts
Weak passwords are without a doubt the biggest weakness that organisations face – and one of the most easily avoidable. You can find out what makes a strong password by reading our advice, but be warned: it’s no good creating one good password and using it for every account.
Ideally, you’ll have a different password for each account, or at least for sites that grant access to sensitive information. If you don’t, you’re linking every account and potentially allowing cyber criminals to compromise every piece of sensitive data that you have access to. In other words, a breach of one account would leave every other one vulnerable.
However, the problems really start when you use the same password for work applications and personal-use sites. Many websites don’t have sophisticated defence measures because they reason that there isn’t any sensitive information at stake. But that won’t be true if you use a password that’s also used for other accounts. After all, should cyber criminals gain access to it, they will probably try to link it with sensitive information. If they also have your name (which they usually will), it won’t take too long to find your place of work.
Separate passwords eliminate this risk, but only if they really are unique. Adding a ‘1’, ‘2’, ‘3’, etc. to the end of your login credentials isn’t a significant enough change. Crooks are well aware of this tactic and have already added millions of number combinations to their password-cracking machines’ lists.
Keep your login credentials private
While we’re on the topic of passwords, let’s discuss the risks associated with writing your credentials down. People do this for a couple of reasons.
First, they might not be able to remember their passwords. We understand that it’s often difficult to recall your login credentials, particularly when information security experts are telling you to create unique passwords for every account. But writing your details down creates an even bigger risk. It only takes one malicious employee to spot a password written on a Post-it note stuck to your monitor or one disgruntled cleaner to find your credentials in a scrap of paper in a bin for a breach to occur.
Anyone who has trouble remembering their passwords (i.e. most of us) would benefit from using a password manager, such as LastPass or 1Password. You can store all your login details there and visit the site whenever you need to remember a password.
The other reason for writing passwords down is if the account is used by many people in a busy office. In this scenario, putting the password on a noticeboard sort of makes sense – at least, if you don’t think too hard. After all, if you’ve got people coming and going at regular intervals, you don’t want to have to continually give out your password. Not only is this frustrating, but it’s also likely to lead to the same problem we just mentioned: bins full of scraps of paper with the login details written on them.
But when the password is displayed for anyone to see, how can you be sure that only people with appropriate permissions use it? Anyone could wander into the office and see the password posted on the wall.
Even if no malicious intent is involved, now that they have the password, curiosity might get the better of them. Either way, the loss of confidentiality is considered a data breach.
The solution is to create an email group consisting of approved employees that you can send the password to whenever it’s changed. Anyone who needs access to an account can easily bring up the credentials on their laptops or phones, reducing the risk of other people seeing it.
Encourage effective cyber security in your workplace
Organisations that want their employees to follow these and other best practices should take a look at our Security Awareness Programme. It’s a quick and effective way of boosting your organisation’s cyber security culture, with tailored solutions based on our experts’ assessment of your needs.