Data pirating is a fact of life. Regardless of the device you are on or browser and email software you use, if you are online, someone is out there prowling for your personal information. If they get it, they can wreak all kinds of havoc. Businesses and clients alike are both victims of constantly escalating digital attacks.
Businesses are the stewards of client and employee data and the employees must be careful not to compromise their company's security systems. It's a never-ending struggle. To compound the issue, since every company is unique there is no single strategy that will keep hackers at bay. However, there are some workplace cybersecurity best practices that will help anyone who uses a computer or digital device to execute web-based tasks safely and securely.
Passwords are the first line of defense in the fight to protect personal information. Unfortunately, your password is also the security feature that is the most likely to be compromised. Change your passwords periodically, and change default passwords immediately.
Use strong passwords at least 8 characters in length that contain a mixture of upper and lower case letters, numbers, and symbols. Don't include real words or your name, names of family members or pets (sorry Fido). Don't use your address, birthdays, or hobbies. Make the password relatively easy to remember so you don't have to write it down anywhere. Be sure to password protect all of your devices. Last but not least, change your password every two months. I know it’s a pain, but it’s less painful than what a cybercriminal will do if he gets your password.
Make sure your laptops, tablets, and phones are secure. Lock them up and carry them with you. Don't leave your phone or laptop on the table at the coffee shop, not even for a second. Don't leave your computer bag on the seat of your car, even if the car is locked. Someone can break the window and be gone with your laptop before anyone even knows what happened.
Do not leave any device unattended without logging off or shutting it down. Make sure all your devices require a secure password to activate. Configure your devices to automatically lock when left unattended for a period of time. Consider eliminating sensitive information from workstations, laptops, and other devices whenever possible. Don't keep sensitive information or critical data on mobile devices unless they are properly protected. These items are easiest for thieves to physically steal.
The most often overlooked aspect of cyber security is the physical security of an office or place of business. Unless your company has proper security in place, criminals can simply walk onto business premises to steal whatever information they want. Lock windows and doors. Don't leave keys or access cards unsecured. Don't write down passcodes and never share your passcode with anyone.
Put in place workplace policies for disposing of physical materials containing personal information. Documents should always be shredded, never just thrown away. Make sure your exterior waste receptacles are secure.
Never engage with communications asking for your password. Do not disclose your password to anyone via email, texts, instant messages or phone calls. Don't extend private information to anyone who doesn't know you. Make your social media activities private to all but the people you trust and can verify the identity of. Only use trusted and secure web pages to conduct business. Look for https in the URL. This confirms a secure connection. If it doesn't have the "s" at the end, don't enter any personal information.
Never click on unfamiliar links. Tiny URLs and strange links can take you to web pages designed specifically to look like legitimate sites so that you let your guard down and enter passwords and information. Do not open attachments in emails you didn't solicit or expect. If you can't verify an attachment is safe and secure, delete it.
Be careful with wireless connectivity. Most public wireless is not encrypted, so information and passwords sent via standard, unencrypted wireless are easy for hackers to intercept. Make sure your wireless preferences do not auto-connect to any wireless network they detect. Auto-connecting to unknown networks could put your device and data at risk.
Software and Encryption
In addition to the practices mentioned here, any business who handles sensitive client and employee information should make sure all devices are protected with anti-virus software and that user software is updated and patched on a daily basis. Keeping your software current and up-to-date limits vulnerability.
Companies should also apply encryption to sensitive client and employee information. Encrypting your data makes it completely unreadable to anyone but you or its intended recipient. Only persons with the password “key” can decrypt the information. This not only prevents identity theft but also protects you if your device or email is stolen, hacked or otherwise breached. There are many ways to encrypt information and devices. Be sure to consult an IT professional to ensure your data is protected effectively.