There is no question that there are bad forces in the world that are out to take something that doesn’t belong to them. You must take steps to protect yourself and your business. We are not talking about putting a lock on a door or putting in a security system to thwart off criminals. We are talking about those criminals that you will never see. You may never know your were victimized until it is too late. Yes, we are talking about cyber attacks that threaten your business or personal data.
It’s not just the number of attacks that are on the rise, it is the complexity of such attacks. (Think about all of the security breaches of 2014.) Cyber criminals will continue to evolve and their attacks will become more complex. What can you do? Probably more than what you are doing today.
Mobile Devices and Laptops
What do you do if your mobile device or laptop is lost or stolen? Our phones are a little bit of everything to us, camera, computer/internet, music listening device, and even a wallet. Our laptops can contain all of that and may contain access to sensitive company data. Losing a mobile device can be devastating. Before theft or loss even comes in to play, the most common sense thing to do is to set a password.
Do you have the option to use a “find me” application of some kind? Apple users can take advantage of “Find My iPhone” or “Find My Mac” fairly easily. Android users have several choices available in the Google Play store. Laptops can be protected with tracking software that allows you to access the camera to take photos of the alleged thief and will track the device’s location. Many are cross platform and multi-device, so you can use the same application on your phone and your laptop. Having a find me application is the first step to figuring out if your phone has just been misplaced or if it has been stolen, and can potentially aid the police when you report the theft. But beware, having an application that identifies your device’s location is not a guarantee that you will get it back.
Disk encryption is another method to make sure that the files on your laptop are one more step removed from a would-be thief. You can find encryption solutions that work by encrypting a system’s entire hard drive – including the operating system and all applications and data stored on it. With these, when the computer is started, you are prompted for the encryption key. This enables the system to boot and run normally. Without the encryption key, the data stored on the disk remains inaccessible to thieves. One note of caution, disk encryption does nothing to protect your data if it is stolen while the computer is running.
The final line of defense (and possibly the most important) is the ability to remotely wipe the device. Many tracking applications also have the ability to wipe the hard drive, just in case you find out that the device has fallen into the wrong hands. And some mobile devices even have the option of wiping the device after a certain number of failed attempts to enter the pass code. Since there is nothing you can do to protect yourself 100% of the time, the ability to delete your data is essential.
Providing passwords to 3rd party integration applications
Many security breaches and crimes aren’t due to physical loss or theft. There are lots of 3rd party integrations that ask you to create an account by logging into another account you’ve already established. It’s very common for sites to integrate with Facebook, but also Google and other email accounts. In any case, make sure the source asking you for your private credentials to a secure site, is itself a trusted source. Is the site secure? Look for signs of security. Does it use https? Does it have the lock icon? And, as a precaution, do you need to use this integration? Dropbox and Snapchat both claim that their username password breaches were through 3rd party apps/sites with poor security. If you are going to go this route, find out what their method for storing your password is. Be sure that the area you enter your account credentials came up in a separate window and that the web address contains the proper URL for the site you are logging in with.
Watch for Part 2 of this post on protecting your data, we’ll go over passwords policies, social engineering attacks and staying safe while sending files.