While news reports largely focus on cyber attacks by outside hackers, many studies have found that the majority of threats actually come from insiders. Some of these arise from malicious intent, but many come from negligence or accident – like Dilbert’s boss succumbing to a phishing scam.
Here are just two ways you might accidentally compromise your computer safety, the safety of your network, or the safety of your organization’s data.
- You come across graphic editing program or a browser extension and you download it to your computer. But it’s actually a harmful virus and – Bam! – you’ve infected not only your computer, but other computers on the network.
- You store sensitive data (like employee social security numbers) on your laptop. This, by itself, is dangerous and not recommended, but let’s go with it for a minute. You leave the office, taking your laptop, and stop at the grocery store. It’s just a quick stop so you think it’s okay to leave the laptop on your back seat. You come back out, and your car has been broken into and the laptop stolen. All of that sensitive data is now out in the wild.
Follow these seven tips to help ensure you don’t inadvertently open the door to an attacker in your organization.
- Learn and follow the rules – Most organizations have published policies regarding IT security. Take the time to familiarize yourself with your organization’s policies and, if a policy isn’t clear, ask your IT team for additional guidance. If your organization sponsors or delivers security training, make the time to attend so you become educated on potential threats and recommended safe practices.
- Be smart about passwords – Follow your organization’s guidelines on creating secure passwords. Ensure your passwords are unique and use a minimum of 12 upper- and lower-case characters, numerals, and symbols (for example, G87!htoP9n$a). You might also consider using a memorable phrase about a favorite activity or hobby (for example, ilovereadingonabeachchair). Don’t share your passwords, and remember to change your passwords periodically. To make it easier to manage your many unique passwords, consider using a password manager.
- Protect your equipment – Do not leave your laptop, mobile device, USB drive, or other external drive unsecured. Cable laptop locks are a simple solution for both inside and outside of the office. Lock your mobile device with a PIN or password.
- Protect your work – If your organization doesn’t have an automatic backup routine in place, it’s your responsibility to backup any local data to a server, an external storage device, or a cloud backup service. If you use an external device, protect that device in a safe and secure location.
- Watch out for suspicious emails, links or attachments in email, and other Phishing scams – These scams open the door for malware, viruses, and the possibility of stolen organizational data. Open email only from those you know or from those you’ve received email from before. When in doubt, follow TechRepublic’s advice: Stop. Think. Click. Think twice before clicking that link. Here are some examples of Phishing scams to help you identify and avoid danger.
- Don’t install unauthorized software – Such software may put your computer and organization at risk of malicious software downloads. Also, be cautious about plugging in USB drives from unknown sources – stay away from that USB drive found in a parking lot or conference room. Many manufacturers now produce secure USB drives for an extra layer of safety.
- Keep your virus protection, operating system, and programs updated – Always install the latest updates for your environment. Enable Automatic Updates for your operating system. Don’t disable virus protection software.
Bottom-line, it’s safest to assume you have something cyber criminals want, according to the Center for Internet Security. Keep this in mind, and act accordingly. By taking advantage of your organization’s policies and resources – and following some common-sense guidelines – you can protect your hard work and your organization’s data. Don’t miss a blog post. Sign up for the e-newsletter.