Basic rules for protecting yourselves from data breaches
Following the data breaches at Deloitte and Equifax, both caused by basic security failures, it’s clear that everbody needs a reminder of the essential things they should be doing to stay secure so here are four simple rules that all employees should follow.
1. Create strong passwords
We are often told that passwords should have at least eight characters and mix letters, numbers and special characters. However, doing this runs the risk of creating ridiculously complicated phrases that are hard to remember and, ironically, comparatively easy for computers to crack as these passwords tend to originate from a base word that’s then manipulated to include character substitutions, a tactic that password-cracking technology takes into account.
A simpler and more secure technique is to create a mnemonic or cipher, such as taking the first character and punctuation from each word of a sentence. So ‘The 50-year-old man caught the 15:50 train’ becomes ‘T50-y-omct15:50t’, which experts claim would take 41 trillion years to crack.
Alternatively, you might find that length alone is an effective method for security. Each character you add to a password creates one more element that a hacker needs to correctly guess. A password such as ‘YellowDinosaurFortitude’ avoids predictable patterns by using a series of unrelated words and, according to IT industry professionals, would take 45 quintillion years to crack.
2. Don’t reuse or share your passwords
No matter how secure your password is, if you write it down or share it, you invite ways for people to gain access to your account. Using the same password for multiple accounts compounds that risk. Once hackers have your login credentials for one site, they’ll inevitably try it on other accounts – so a data breach at your email provider could soon turn into a breach of your online bank account or your company’s systems.
Password managers such as LastPass and 1Password help you generate and keep track of unique passwords.
3. Watch out for phishing attacks
Broadly speaking, phishing is any attempt to pose as a trustworthy source in order to get people to hand over personal information. These attacks are usually delivered by email and are characterised by poor grammar and claims that you need to address something that’s gone wrong. For example, such messages might claim that your account has been hacked, you need to confirm a card payment or your bank account has been frozen.
If you fall for one of these schemes, you’ll inadvertently hand over login details, personal information or payment card information to criminals. If it happens at your workplace, you’ll expose your entire organisation to a potentially massive cyber attack or data breach.
Although technology can help filter out phishing emails, Mimecast’s third quarterly Email Security Risk Assessment claims that 24% of all malicious emails pass through spam filters. So, as well as technological defences, organisations need to invest in staff awareness training.
4. Apply patches
Companies create patches for a reason; namely, to fix bugs and vulnerabilities in their software that would otherwise allow criminals to conduct an attack. Once a patch has been announced, the vulnerability is made public. Every day that passes without applying that patch is a day that you leave yourself open to an attack. Patches are common, with security company Bromium reporting that, on average, organisations have to issue an emergency patch five times a month. In order to make sure no application is overlooked, organisations should have a patch management policy in place.
Boost awareness in your organisation now - it is far better to prevent a situation happening than having to rectify things after it has!