If you’re planning on doing any online shopping for the upcoming holiday season (and really, who isn’t?), do you know how to keep your personal data safe? If your business is using customer data to innovate, are your leaders taking the proper safeguards to protect their privacy?
For much of his career, Scott Klososky has been devoted to helping organizations protect their digital assets and pilot what is becoming an increasingly critical area for the health and survival of all: cybersecurity. He’s an owner in TriCorps Security which provides a host of cybersecurity services including internal and external assessments, vulnerability testing, forensics, remediation, and team member training. He has spoken in front of the FBI’s Cyber Warfare Conference, Federal Government for Financial Accountants and ASIS International, the leading organization for security professionals worldwide. Here are his top tips for you and your organization.
Improving Personal Cybersecurity
Use a Strong Password on Every Site: Use passwords that are long and contain a variety of letters, numbers and characters. Also, never use the same password on two different sites. If a site gets breached, and your password is compromised, wherever else you use that password is vulnerable as well.
Never Answer Security Questions Legitimately: When a website asks you to fill out security questions (e.g. Where were you born? What is your mother’s maiden name? What is the name of the street you grew up on?) do not give a legitimate answer. Make something up, even if it is gibberish. The true answer is likely floating around online somewhere or can be accessed by someone determined to find it.
Don’t Overshare Online: Be careful what you post. This information can be used against you, whether it’s to break into one of your online accounts, impersonate you, or discover your whereabouts to harm or rob you. We live in a society today where it’s difficult not to share online. Be cognizant of what you post and understand it could come back to harm you.
Regularly Monitor Bank Accounts & Credit History: Keep a close eye on your financial information. Especially now. Look for anomalies and report them right away if you see anything out of the ordinary.
Don’t Do Sensitive Transactions on Public WiFi: When you use public WiFi, people can see your online movements. They can gain access to information, such as a password or bank account information, if you access it while connected to an open WiFi.
Improving Organizational Cybersecurity
Keep Patching & Updates Current: As the Equifax breach proved, patching and updating is critical. When a patch is released, it’s like a timer for the bad guys. They know there is a vulnerability and they are working to discover places where they can exploit that vulnerability.
Encrypt & Segment Sensitive Data: Not all data is the same. Sensitive data, such as personal identifiable information, should be treated with greater caution. Use the rule of least privilege. Only allow enough people access to data that they need, so they can do their jobs, nothing more. Also, ensure all sensitive data is properly encrypted.
Be Wary of Third Party Access: Too many times we’ve seen breaches come at the hands of – not organizations – but their third-party vendors. When a third-party vendor has access to your data, your data is only as safe as their cybersecurity. When you’re handing over data or access to a third-party, ensure you fully understand their cybersecurity practices and the responsibility they will carry in the event of a compromise.
Use Multifactor Authentication: Your data should only be accessible through at least two different methods of verification.
Be Vigilant With On Premises Security: Physical on-premises security can be an important, and sometimes overlooked, component of cybersecurity. You must monitor physical access, be wary of strangers or people in uniform, look out for “tailgating” (in which individuals will try and sneak in a door without a badge), and never insert an unknown or foreign USB or external drive into a computer.
Team Member Training & Testing: Conduct regular cybersecurity training with team members and test them using a third party who can provide phishing, spearphishing, and/or social engineering testing.
Above all, is education. You must be constantly educating yourself about the latest in cybersecurity, the techniques the bad guys are using, and how best to protect yourself. Ways you can do this are to attend a speech or training, view a webinar, join a peer group that’s interested in cybersecurity, and regularly read about or listen to a podcast concerning cybersecurity. Make sure cybersecurity becomes a part of your business IQ. And if it is not already, give cybersecurity a primary position within your organization.
A former CEO of three successful tech startup companies and principal at consulting firm Future Point of View, Scott Klososky specializes in seeing beyond the horizon of how technology is changing the world. His unique perspectives on technology, business culture, and the future allow him to travel the globe as an international speaker, consultant, and author, working with senior execs in organizations ranging from the Fortune 500 to universities, nonprofits, and countless professional associations and coalitions.