To the generations raised in a digital era, exchanging personal information online might feel as natural as breathing. But no matter how consciously one acknowledges the intrusion of cyberspace into our lives, doing so involves accepting another fact: the internet is often quite unsafe. Predators lurk in comfort from behind easy to achieve anonymity; ignore this, and you may end up as their victim. That doesn’t mean we have to cast away technology and live like Luddites; it simply necessitates taking precautions to protect sensitive information.
For Individuals
- Strengthen Your Password: One of the simplest, yet most effective steps to better security is to create an ironclad password for your user accounts. A random word intermixed with equally random numbers and symbols is ideal; extremely secure and long passwords are always the least susceptible to discovery.
- Ignore Sketchy Emails: Unsolicited emails bearing the tagline “urgent” or “alert” may be crafted to infect the technology of the gullible with malware, or carry out elaborate phishing scams to gather personal information. Take care when opening anything from unknown senders. Downloading ZIP files and attachments from anyone other than a trusted source will often be a costly mistake. Avoid spontaneous mail that asks you to take some odd action, or contains links to long, gibberish URLs, or those that imitate, but don’t quite match, the addresses of well-known sites — such emails are almost never sent with good intentions.
- Don’t Neglect Anti-virus and anti-malware Software: Keeping security software up to date is an absolute must, as viruses and malicious programs are constantly evolving new and sophisticated ways of breaking into your data. Another useful strategy is to install an SSL or TLS certificate on your browser, which will cloak information sent over your network in a layer of cryptographic encryption.
For Businesses
- Educate Team Members: Data threats can be unique depending on industry, and therefore require specific approaches to combat them. Training on company security policy should be prioritized for all employees with access to sensitive information or to the broader information system. Some companies opt for a BYOD (bring your own device) policy; organizations that do so should enact a uniform BYOD security policy, and get a signature from each employee confirming that they will adhere.
- Restrict Unnecessary Access: It’s also wise to consider limiting accesses and administrative rights on company computers to only those with a reason to have them; cases where firewalls are accidentally shut off, or malware is unwittingly installed are still unfortunately common. Another good idea is to disable USB ports, so that sensitive material cannot be transferred to an external device. In addition, recent versions of Windows allow for “whitelisting” of software, in which all applications–including malware–must be preauthorized before being permitted to run; whitelisting can be an effective method of minimizing malware threats.
- Screen Cloud Providers: Cloud computing is quickly maturing into a ubiquitous element of business. Obtaining new forms of software and storage capabilities is convenient, however businesses should stay wary of cloud vendors that offer deals and services too convenient or inexpensive to be true. Any cloud providers should be thoroughly vetted to ensure they engage in property security measures, and have been audited and found reputable. Undergoing an SSAE 18 audit and obtaining the requisite SOC reports, for example, demonstrates that a company adheres to international standards for service organizations.