IT Security Tip #29: Keep sensitive data off employee equipment
If a laptop is stolen, even a strong password will likely get cracked. Once the thief succeeds, any private data that is unencrypted is free for the taking. One solution: keep sensitive data on a secure private cloud service, so it’s never on your employer’s hard drive in the first place. By storing this information in the cloud, you can immediately revoke access when a device goes missing. If you have an internal file server in your office, make sure it’s secured properly – you need to talk to your IT provider and discuss options for shared folders for things like HR that only certain people need. You may have a q:\ drive for documents, and s:\ for accounting, and a p:\ for workflows and processes. Everyone can use q:\ and p:\ but only people who do accounting can use s:\. It’s simple stuff – but think of the possible damages of data on a lost laptop at the airport. If you are in the medical field, this could also engage the Office of Civil Rights as a HIPAA violation. If your laptop hard drive has the option to encrypt, use it!
IT Security Tip #30: Start with a fresh session or browser window
You’d like to access the company website or a site for one of your vendors from work. When you click on your favorite browser, it opens to your homepage: msn.com, yahoo.com, aol.com, espn.com… You get the point. You then select the bookmark for the desired website and go. BIG problem! Most websites these days have tracking cookies, microdots and other advertising and data-collection bots that sit on them. These little spies are now following you across your browser session. Be careful with your information. Web portal sites like I listed are filled with ads, and the site’s overhead is paid for with information they get from you.
- Consider changing your homepage to something like https://startpage.com/. They don’t spy.
- Always open a new browser tab when navigating to a new website. Close the last one to keep things tidy after the new one loads.
- Consider using add-ons in your browser to cut down on ads and spies. Not sure how? Ask us.
IT Security Tip #31: Lie, lie, lie!
Social engineering is big business. What is it? Figuring out who you are and then using that information to make money off of it. People list password challenge and identity verification publicly or at least freely on their Instagram, Twitter and Facebook pages and feeds without giving it a second thought. Maiden name? Check. Favorite pet? Check. High school? Check. Town they grew up in? Check. Favorite or first car? Check. Throwback Thursday is a social engineer’s dream! They love this stuff. Combat it by always giving false password and identity challenge and verification information to the sites and services that require it. Keep the answer file off-line or at least in a format that’s not easily guessed. Remember, if it’s a handwritten list, you can still take a photo of it.