For a hacker, stealing your data is easy. Most users and companies make it painless for criminals to plunder valuable information. You might think your files aren’t that important but your business competitors might think otherwise.
An electrician walks through your front door and says he’s got a work order to replace some wiring. It could be legit or it could be fake, at least he’s through the front door. Then he pretends to do some work while he waits for lunch time. When most people leave their desks around noon, he wanders through cubicle land looking for an unlocked computer…. and Bingo!!! He’s got your data! He can now sell it to the highest bidder, delete it, falsify it, leak it. The possibilities are endless.
Too easy you say? Fair enough. Most companies monitor this and have preventative measures against this sort of intrusion. If we are talking about a multinational company with bio scanners at every door, then you’d be right. But what about the small/medium size companies?
How often have you gone into a doctor or law office where the receptionist left the front desk computer unlocked/unattended? How often have you heard a friend say: “I use the same password for everything.” Even worse is when you find that password stuck to a monitor on a post-it note.
People often think of hackers as international spies jumping out of buildings, infiltrating laser guarded government facilities, etc.… The reality is a lot simpler than that. It could be that charming lady sitting in front of you at the park, winking at you while she steals your credit card information. How about your angry neighbor connected to your wireless router deleting your family pictures while you are blissfully unaware and you have no backup copies.
The fact is: Stealing data is easy. It’s easier to steal than candy from a baby. At least the baby would cry to alert their mom. If you aren’t careful it can happen to you or your business. Endless countermeasures can be implemented but if you have one weak link they are all pointless. If that password is written on a post-it note, may the gods have mercy on your soul.
This is where educating your users becomes the key ingredient in the enterprise cyber security recipe. It’s a given that you cannot always trust everyone to do the right thing. However, you can at least prevent most intrusions by establishing best security practices and eliminating the weakest links.
Here are some tips to help users. Some are common sense. You’d be surprised how often some of them are overlooked:
- It can happen to anyone. You are an attractive target for hackers. If they can exploit you they will. Don’t ever say “It won’t happen to me”
- Password management. Use a strong mix of characters, and don’t use the same password everywhere. Do not share your passwords, and most importantly DO NOT WRITE IT DOWN.
- Lock your devices. You want to go to the water cooler to catch up on the gossip? Lock your computer for the love of all things that matter! The system administrators don’t want to enforce a lockout policy but they should.
- Don’t click on attachments from an unknown source. If you aren’t expecting a document question it!
- Banking online? Shopping online? Those activities can be safe if you browse to those sites from a trusted device. Don’t use the internet café’s computer at your Cuban vacation resort to check your credit card balance.
- Backup your data regularly, and make sure your anti-virus software is kept up-to-date
- Watch what you share on social media. A lot of information can be gained from those sites. Your address, where you went to school, when you are on vacation. It’s an information gold mine.
- Social Engineering, or gaining information through manipulation. If you don’t know the computer tech that mysteriously showed up to fix your computer, ask for his ID and/or business card.
- Teach others about new threats. If you see someone making it to easy for criminals, please help them. Pay it forward.
Data is precious. Protect it.