MAY 2013: It’s easy to get complacent about the things we do everyday — using our smartphones, chatting with friendly people, scrolling through email, and swapping information between devices can become mindless routines.
Yet these things can be the weakest links in your company’s network security! Criminals and hackers love infiltrating our routine habits because that’s when we let our guards down.
And what can happen if someone is also in a hurry? Mistakes. It’s human nature. Already this year we’ve seen high-profile hacks and security breaches, including one that caused stock markets to drop almost instantly based on a hacked Tweet on Twitter.
Even the most conscientious frogs need reminders, so to protect your organization, teach everyone on your team how NOT to become your organization’s weakest security link. Here are four key topics to cover in your next IT training:
Social Engineering: What’s the difference between being helpful and being had? The security of your company’s data! Social engineering scams involve real-life interactions during which people convince unsuspecting victims to do something that compromises security — opening a door for someone carrying heavy boxes or reminding someone who looks trustworthy the name or email address of a co-worker. Remind your team to be on the lookout for manipulation and to feel comfortable using the phrase “Sorry, it’s against company policy” with ease and frequency.
Spear Phishing: Your team may be sophisticated enough to spot a typical fake email when they see one, but what if the email comes from you? Or from a colleague or someone else they know and respect? Spear phishing techniques, or highly targeted attempts to access critical information, can be extremely effective because they lack the telltale signs of wide-net phishing scams. And when your team checks email on a mobile device, it can be even harder to determine what’s authentic and what’s not. Remind your team to get in the habit of sending a separate confirmation email to the sender if anything looks out of the ordinary or if the information being requested is confidential.
USB flash drives: While they’re one of the most convenient ways to bring work home and swap data between devices, they’re also one of the riskiest. Yet there is a really great use for USB flash drives.
Smartphone Smarts and BYOD (Bring Your Own Device): Smartphones and tablets can be our constant companions, from the moment we wake up until the moment we go to bed. So what’s the most logical point of entry for a cyber criminal? The one that’s in your hand! Whether or not your company has an existing BYOD policy, ask your team to adopt these Seven Habits of Highly Effective Mobile Device Users if they sometimes use their own devices for work (81% do):
1 Keep device firmware updated for the latest security patches
2 Always use passcodes
3 Turn off WiFi and Bluetooth when they’re not in use
4 Don’t allow apps to access to other data (like Contacts and Calendar)
5 Turn off location-based services that you don’t really need
6 Back up your device often
7 Make sure your device can be wiped remotely
Feel free to share and post this list! Also, talk with your leadership about these important BYOD policy questions.