If I were to name one word for 2018, that would be “data security”. Last year, a lot of big name brands have fallen prey to hackers - Mariotte, MyHeritage, Google+ and Facebook of course. Apart from congress hearings and the aftermaths of Cambridge Analytica scandal, Facebook is facing a billion dollars in fines because European regulators have determined the company did not effectively protect consumer data. In fact, it’s become rare to experience a news cycle that doesn’t contain mention of some company falling victim to a cyber attack, and the resulting impact it has on their or their customers’ data.
That’s not even the most disturbing part of all of this. There are hundreds, even thousands of other data breaches that are happening on a regular basis. You don’t hear about these, because they happen in SMEs, and aren’t considered newsworthy: 72% of breaches actually occur at companies with under 100 employees.
As SMEs increasingly use remote workers and freelancers, a troubling issue has emerged. 38% of remote workers that have been hired by these businesses lack the knowledge or tech support required to keep business or personal data secure. Imagine your data being accessed across an unsecure network in someone’s home, or an internet cafe.
All of this means that you have to take proactive action to protect your own data and the data you are entrusted with as part of your job. It’s not that hard to follow some baseline principles and quick tips on a daily basis to keep your information safe.
Cyber criminals dedicate a lot of time and resources finding new ways to exploit vulnerabilities and access your data. It helps to understand the most common cyber attacks used today. This includes, what they are, how they are carried, where they happen, and who is most likely to be a victim of each type of attack. Most important of all, by learning about cyber attacks, you can better recognize the signs that your information has been compromised. Unless you know what to look for, it can take months to realize there’s been a breach.
Multi factor authentication is a method of securing access to files and computer systems by requiring people present two or more pieces of evidence proving they have permission to gain that access. Two factor authentication is the most popular version of this. Inserting a debit card into a chip reader, then entering your pin number is one version of this. The first factor is that you you show you are in physical possession of the card attached to your bank account. The second factor is that you enter in the correct pin number.
Other types of multi factor authentication include:
- Entering a password and then answering a security question
- Logging in with a pin number and having an access code sent to your phone via SMS
- Entering a password and receiving an authentication email
- Scanning a fingerprint and entering a pin number
Social media platforms have done a dubious job of protecting user data. That’s well documented. At the same time, most businesses rely heavily on social platforms to reach their target audiences. As for individual users, yes participation is optional. However, that’s only true in the sense that having a phone is optional. It’s technically true, but it sucks.
Fortunately, many platforms have done one thing right. They’ve given you the ability to take the reins and handle your own security and privacy settings. For example, Facebook allows you to block people, determine who can see your posts, limit who can look you up by your email or phone number, and see the posts in which you’ve been tagged. There’s even a feature that allows you to log out of all of your sessions at once.
Never leave the default security settings as they are. The default version of your settings is going to allow maximum permissions and access to your data. You’ll have to lock things down yours.
If you swipe away app updates and ignore operating system updates, you do so at your own peril. These updates often contain security updates that are absolutely necessary to keeping your data secure. The few minutes of hassle is well worth the protection you will receive.
If you store sensitive data, that information is at risk of being lost or stolen. This can happen via malicious activities, technical failure, or natural disaster. One of the oldest ways of protecting your data is still the most effective. This is simply creating and securely storing backups.
The 3 2 1 rule is a simple, effective way of backing up your data. You create 3 copies of each backup. You use 2 different types of media to store your backup. Finally, you store 1 copy of your backup offsite.
If you are considering a hosted option for your website, you may be able to best ensure security by using a cloud based VPS. With a virtualized public server, you get the cost benefits of a publicly hosted solution, but you retain the ability to configure and customize your server instance to meet your own needs. This includes implementing the operating system and security apps that you believe will do the best job of protecting your information.
Unfortunately, hackers often have an easy time accessing data because we make it easy for them. Because we don’t recognize their efforts for what they are, we often fall for phishing emails, pretext calling, and other social engineering methods.
As a result, we give information away because we become convinced that somebody needs that information or that they are in a position to demand access.
You’re at Starbucks on your laptop. Would it really hurt to pull up that customer file and get a bit of work done? What about transferring money from one bank account to another? That would take less than three minutes. The temptation is understandable, but doing either of these things is so risky that it’s just not worth it.
All it takes is for one hacker nearby to steal your information as it is broadcasted across a public wifi connection. In the case of man in the middle attacks, the entity providing the free wifi could be the perpetrator. If you wouldn’t share the information in a publicly audible conversation, you shouldn’t share it over wifi.
Hackers are a problem, but all too often we’re on own worst enemies. We often share data that we don’t need to. This is simply because we don’t research, we don’t ask questions, and we don’t require that others justify collecting our information or how they plan to use it. Whether your filling out an online form or agreeing to allow an app to access your Facebook profile, stop to think about the information you are choosing to share, and the potential impact of that.