Is Your Company Data Safe From Your Employees?
Given the usually destructive—and occasionally devastating—importance cyber-hacking has in our world today, there’s little doubt many people feel powerless to fight against it. Yet, cyber-security is vital for businesses of any size in 2017. These days, your IT department can send out a million warnings to employees about not acting in risky fashion. However, it only takes clicking one email link to open the back door to hackers. And suddenly, your company data is in danger.
Honestly, well-trained, informed and careful employees are far more valuable than the most advanced security software. According to reports, over 90 percent of security breaches can be traced back to employee negligence. That’s why upper management, HR and the IT departments should ensure that your company not only have a clear and concise company data security policy, they should back it up with thorough employee training that begins on the day they are hired.
Granted, small companies and mom-n-pop operations may not have the budget the big dogs do, but there are still many options that will keep them secure and not break the bank. And, if you determine the cost a single company data breach can have on your organization, the price tag of keeping your data secure is worth it.
Here are the essential points to cover with your staff on cyber-security and keeping company data safe from hackers:
Using USB Flash Drives
One of the most common ways to covertly install malware in your business network is through a common USB flash drive. The reason why it’s so easy is because most of us recognize flash drives and are comfortable using them at home. We back-up our home systems, or even save copies of the 4,000 pictures we took on our last vacation to Cleveland to see Grandma. (What? Am I the only one that does that?)
There are very, very few of us that would pick something up in the company parking lot and stick it in our mouths, but … are you sitting down for this … one recent study showed 48-percent of respondents said they would plug a flash drive that they found in a parking lot into their work computer. That’s the tech equivalent of putting something in your mouth without knowing where it came from, folks. Furthermore, 68 percent of them would open its contents without any precautionary measures, like scanning the drive with anti-virus tools.
OK, seriously … in addition to avoiding flash drives from unknown sources, you need to REQUIRE employees to use tools like USB Disk Security in their personal and work computers. These programs scan flash drives for viruses and malware. If it finds anything suspicious, it puts it into Quarantine immediately. Afterwards, you can decide if it is OK or not. For secure file-sharing between employees, it’s safer to use project management or cloud storage platforms.
Installing Unapproved Software
Much like the parking lot flash drive, if an employee is sent an application from an unknown source, chances are good it contains bad stuff. Stuff like malicious Trojan horses, viruses, and ransomware. But even if the source appears to be credible, make sure your employee tests the download URL through a service like Norton Safe Web to ensure its legitimacy.
Remember that employees need to follow the same procedures and practices with their personal devices, especially if you have a BYOD policy. For additional security, provide a list of acceptable applications and make sure they are always updated to the latest versions.
According to experts, despite all the news stories of identity theft, hacking, and cyber-crime, far too many people still use weak passwords like “123456,” “password,” and “12345.” (Seriously people, it’s 2017, not 1987 here!) One study showed that more than 90 percent of organizations don’t require passwords to be more than eight characters long. Even for today’s novice hacker, that is like leaving your car on a downtown street at night with the keys in the ignition, the windows open and $100 bills sticking out of the car doors. You’re begging for it to be stolen.
Simple, off-the-shelf hacking software can crack passwords like the ones above, instantly. Even more “complex” passwords are cracked in a day. The software uses what company data security experts call “brute force”. That simply means it tries every conceivable combination of numbers, characters, letters and symbols until it finds your password. And, while it sounds complicated, it’s not.
By increasing the complexity and length of your passwords, you increase their security, which exponentially increases the time it takes to hack it. No password should be less than 12 characters. 14 characters is better, but 16 is what you should shoot for.
But, here’s the thing … most people recycle passwords over and over again, and worse, use the same password on multiple accounts. If one of your passwords gets hacked (like possibly your LinkedIn password recently) than all your accounts with the same password are vulnerable. Therefore, capitalizing one letter in your pet’s name and adding an extra numeral to the end isn’t going to cut it. (By the way, pet names are one of the most common password roots.) Hacking software also looks at your geography and uses local sport team names, so using “D@Bear$1985” if you live in Chicago probably isn’t a good idea.
Rowena Bonnette has a blog post on Avatier.com about password security that is as interesting and fun to read as it is terrifying. If you have a few minutes, do yourself a favor and check it out. If you’re like me, after reading it, you’ll be thinking your “strong” 8-digit password on your banking app might last three minutes against hacking software. OK, maybe 90 seconds. OK, OK … 10 seconds!
For corporations: Your best bet is installing a password management tool for business that will force your employees to create strong passwords and creates a schedule for them to change it. Most of these tools work across multiple operating systems and on mobile devices to make it easier for you and your employees.
For individuals: Download your own password manager app or software that will store all your passwords. Afterwards, input every one of your passwords in it. EVERY ONE of them. Most password manager apps will rank password strength, and some will automatically suggest better ones.
Backup Company Data Often
Backups allow employees to pick up where they left off and resume their work at the soonest possible time. To create backups, employees have the option to use a cloud storage platform like Dropbox, or an external drive.
If they choose an external drive, additional security measures must be in place to keep the storage device safe. Operating systems like Mac OS and Windows 10 have built-in encryption features that employees can use.
Phishing scams involve links that lead to fake websites that masquerade as legitimate sites and ask for login credentials. These links may be delivered from an email, attachment, social media message, or ad. However, they don’t just scam Grandma anymore. They’re used to get at your company data.
Tell employees to avoid clicking links, especially if they came from unverified sources. In addition, show them red flags to look for, such as misspelled domain names and poor grammar. And, if it comes from a Nigerian prince that needs help transferring $250,000,000 to a bank account in the States,well ……
There are millions of very, very intelligent people in the world that behave in a way that makes your company data vulnerable. Which means, if you’re in a leadership position in your company, it is time to objectively look at your security policies, procedures and systems to ensure you’re making it as difficult as possible for criminals to get hold of your data.
Finally, in honor of Star Wars Day (5/4/2017) also being World Password Day, here’s the list of 25 worst passwords for 2016: