It goes without saying that security products like firewalls and antivirus software should be part of every organisation’s defences. But, as the human element of any data security chain tops the list of its weakest links, the security habits of employees also need managing.
Grand Theft Data: Butterflies of Anarchy
Chaos theory asks, ‘Does the flap of a butterfly's wings in Brazil set off a tornado in Texas?’ Maybe, maybe not, but in the hacker’s world the concept is a known phenomenon.
Hackers are good at exploiting the weaknesses of humans and, in many cases, rely on collecting seemingly unimportant pieces of information and turning them into something potentially devastating: the name of an employee’s pet dog posted on a social media site, or the probability of an employee having a PayPal account, or the knowledge that they’re always at Starbucks at 8am, could eventually gain a hacker access to your organisation’s network.
And that’s despite all the hardware and software you may have thrown at protecting your data.
No room for complacency
Hackers don’t just target the big guys for big rewards, they don’t just target the little guys because they might be easier pickings. Whether your business is a small start-up or a global entity, it’s at risk.
Data breaches can cause frustration and anxiety on the part of customers, loss of custom, loss of data, service disruption, and they almost certainly will result in financial and reputational damage to the business.
The 5-a-day anti hack plan
No, this 5-a-day has nothing to do with how many daily portions of fruit and veg your employees consume. It’s a code of conduct that aims to eradicate five common risky habits; instructions to live by, all day, every day:
- Love logging out. Not just at the end of the day (yay!), but whenever you take a break. Or, lock the screen instead. 35% of companies hacked last year were the victims of malicious insiders; the workplace is not safe from snooping.
- Put the pass into password. If you don’t want to fail the password test, make it a strong one: at least 15 characters including a mix of upper and lower case letters, numbers and symbols. It should not be the name of a pet or loved one – these details can be found on social media sites and tested elsewhere. Use a different password for each account, so that if one password is stolen, it will not give access to any other accounts. Use a password manager to remember, and securely store, lots of passwords.
- Cut phishing lines. Hackers use exciting lures to catch their quarry by embedding them in so-called phishing emails. If you receive an unexpected email containing, for example, an unbeatable offer, or the chance of a prize, or notification of a ‘PayPal’ refund, and it asks you to click on a link, don’t take the bait. You may be taken to a site that injects malware into the system or which steals your passwords by taking note of keystrokes.
- Watch out for Wi-Fi. Hackers love public Wi-Fi spots, where they offer their own network name (imitations like ‘Starbucks123’), so don’t use connections that aren’t protected - get the correct network name and logins from an employee, and only visit encrypted sites (URLs starting with https) or use a VPN (virtual private network) encryption service.
- Dodge dodgy downloads. Downloads should only be sourced from the developer’s own site. If there’s any hint of ‘Error: problem loading, please phone 0800-notascam’, then it’s almost certainly a scam which aims to collect logins, or data, or money, or all three.
Practice makes perfect
The 5-a-day anti hack plan is a vehicle for behavioural change; employees should be urged to climb aboard and drive it until it becomes second-nature. Little effort is required, and yet the outcome is, without doubt, mission-critical to achieving security objectives.