1.Falling for phishing: One of the most common mistakes. It can include clicking on malicious links or attachments in phishing emails, on social media sites like Facebook and Twitter or even ‘ads’ on websites that look legitimate.
The fix: Be skeptical of everything, and to click only on links that you are certain have come from a trusted sender. Never include information of a personal nature, like credit card numbers, with an email.
2. Unauthorised application or cloud use: This includes posting private, or uncontrolled, data to the cloud.
This comes in a lot of forms. Anything from installing ‘gotomypc’ to buying cloud virtual machines and using them for corporate purposes. It is amazing how people can do these things without realising the dangers.
The fix: Use a trusted cloud storage system, and make yourself aware of what is appropriate to store in the cloud. If the data being stored is confidential, it should probably stay on premise.
3. Weak or misused passwords: It doesn’t take an expert to know that using a default or simple password is like leaving your door unlocked. But misuse also includes using the same password for multiple sites and sharing them with friends or coworkers.
Because everything demands a password we tend to do a lot of credential duplication between our various sites. But this is a critical and sometimes tragic error. Many crucial accounts are hacked because an attacker gets access to email or some other seemingly innocuous account where users have reused their credentials with another far more sensitive account, such as banking or healthcare.
The fix: Make it easier to manage multiple, complex passwords, to reduce the incentive to re-use them. Numerous experts have recommended creating passwords by using the first letters of a phrase or sentence that is easy to remember, with a few numbers and/or symbols thrown in. He and others also recommend using a password manager – there are a number available.
Two-factor authentication also improves security, especially for common apps such as Google Gmail or Facebook, experts say. So don’t rely on a password alone.
4. Remote insecurity: This is the common practice of transferring files between work and personal computers when working from home, or allowing family members to use a work device at home. It can also include backing up corporate data to a third-party cloud service. This not only exposes the company to malware, but also leaves data and data residue – data left post deletion that can be retrieved with proper tools – on an unmanaged system.
The fix: Be sure not to mix business with recreation. Keep your work devices for work, and your personal devices to use at home. This will ensure that you keep your data separated, and protect both your work and your personal devices.
5. Clueless social networking: The advantage of social networking is that it allows us to be much more collaborative and productive. But, among obvious risks is that confidential information gets posted on networking sites or in the cloud, where it is beyond our control.
The fix: Stay abreast of new social media scams and tricks. These sites are changing on a regular basis, so make it a priority to sit down and learn about their changing threat landscapes on a regular basis.
6. Poor mobile security: Millions of devices are being used in coffee shops, on mass transportation and other places with public Wi-Fi. Far too many of them are not even protected by rigorous encryption or good mobile device management (MDM). Even more are not even protected by a PIN.
The fix: Have a PIN for your device. Be aware of your surroundings in public places – coffee shops, airports, train stations, shopping malls and other areas where criminals can get personal information from something as low-tech as shoulder surfing. Make sure that your corporate data is encrypted, end-to-end.
