Happy new year to all Delib customers!
One of the stories that’s been making the news over Christmas and the New Year is the ongoing fallout of the cyber attacks on Sony, supposedly by North Korean hackers. It’s becoming clearer and clearer to everyone the devastating effect that cyber crime can have on a business or on government.
We may not all be involved in global geopolitical struggles, but we should all take a few simple steps to protect our sensitive information:
1. One of the easiest things to do is to make sure that you use strong passwords that are unique to each account. A password manager like 1password, Credential Manager for MS users or Keychain for Mac users is useful for this – letting you store all your passwords locally on your machine, removing the temptation to either let your browser store them, or to reuse the same password. You can also keep a hard copy of important, shared passwords – but this should be kept in a safe or somewhere equally well protected.
2. It’s worth remembering that emails can be quite vulnerable as a form of information storage. In particular, you should avoid sending passwords or any sensitive information via email – telling it to someone over the phone or in person is a much safer method. If you think of emails as postcards, then you will avoid writing anything in them you may not wish others to see! If you really need to send something securely over email, you can do this using email encryption or a password-protected zip file for attachments, but please still provide the password via phone or in person and not over email.
3. Emails and all kinds of other messaging services can be vulnerable to spam and phishing attacks. These kinds of attacks are getting ever more convincing, so it is a good idea to make sure yourself and your colleagues are aware of their distinguishing features – and remember to take a ‘safety first’ approach when you receive strange or unsolicited emails, even if they seem to come from a trusted source such as your bank.
A few easy initial checks are:
Check the email address the message has come from – does this look genuine? Check it against the organisation’s website.
Do they address you in the way you would expect?
Check the footers – do they look normal?
4. Make sure your software is up to date! In particular, you should be sure to keep your web browsers current. No one should really be using Internet Explorer 6 or 7 as of 2015 – these older browsers can lack protection from common vulnerabilities.
5. Think carefully about the possibility of physical data theft and human error as well. If your staff use laptops, make sure they are password protected and consider having removable media controls in place (for example, preventing content from being downloaded onto USB drives) – although remember that there is a trade off here in terms of convenience for staff. Make sure to keep your offices locked and secure. If you receive emails or work-related information on your mobile, ensure it has a passcode lock on it as a minimum.
6. Make sure that you have good and up-to-date antivirus software installed on all office machines. There is plenty of good antivirus software on the market, and you don’t have to spend too much to get basic protection.
7. Keep your machine(s) backed up. It can be a hassle having to keep backing up your system, but accidents can always happen, so it’s worth it to make sure you don’t lose important data for good.
8. Be careful on public wifi – ensure you are on an encrypted connection when doing anything which involves your information or anyone else’s. Remember that telephone calls can be listened in to and unencrypted wifi connections can be susceptible to man-in-the-middle attacks.
Within Delib we take our own information security, and that of our customers, very seriously. Richard and Alan in our team make sure none of us make any of the above mistakes, and we occasionally have review meetings to remind us of the golden rules of information security – so don’t hesitate to get in touch if you need some specific advice on keeping safe online!
Matthew @Delib
