You’ve heeded the headlines of the latest hacker and hoax and may have even changed all of your passwords. Perhaps you experienced the heartburn from the “heart bleed bug” or other notorious nuisances. Each worldwide threat, virus or breach gets increasingly complicated; but often the source for many contemporary cyberthreats is as simple as someone leaving a cell phone on the lunchroom counter.
Since we advise people on matters of business continuity when major cyberattacks occur, we thought it only appropriate to share five common everyday occurrences that all employees should be watchful for so that you don’t become the source for the next leak. These watercooler tips could keep the floodgates at bay.
1. Don’t give out your Wi-Fi information or password to strangers.
The first rule we learned as kids about revealing too much to those we don’t know applies in the modern workplace. Unless a consultant or contractor is assigned to your department or working directly with you, don’t give him or her company codes. You may not know the person’s credentials. One or two keystrokes into your network can mean someone who shouldn’t, has access into your company’s server. A 2013 Verizon data breach investigation report found that 76 percent of network intrusions exploited weak or stolen log-in credentials.
2. Watch out for what you leave in common areas.
Often we roam around an office from work station to kitchen to rest rooms to common areas – and we may have our laptop, phones, USB sticks or critical documents with us. Don’t leave these just sitting out. Think of your devices like you do your luggage at an airport: it needs to be on your person at all times.
3. Make sure old Web sites are secure.
Not all of us are techies, but many of us who grew up in the modern office may have started a Web site or a landing page that we don’t use anymore. Sometimes these are still connected to your business and may serve as a sieve of information for hackers. Ensure you’ve shut these down properly.
Perhaps you worked on a project a decade ago – or even one Web page that was part of a Web site that was never fully removed from the public domain. A vulnerable website can be a place where a hacker can facilitate an attack against a company. Scripted malware may loom large there.
4. Know a phishing scam when you see one.
Malware – the malicious software that comes in flavors such as viruses, trojans, spyware and other items that we don’t want on our computers – is a formidable threat. It takes but one initial infection from one person clicking on a single malicious email link or opening one attachment to fall into this trap, and all of a sudden you have a big problem on your hands.
5. Don’t mix work and pleasure on your mobile devices.
So many of us use our smartphone to access the Internet and social media that if we ever lose our mobile device, it’s inevitable we may expose ourselves to email, bank, social media, contact and other data that could have a trail right into your business system. Many hackers are using social media applications such as Facebook as an entry point to all sorts of other information about us to potentially do a business hack. It’s unbelievable how many people don’t have privacy settings enabled and leave cookie crumbs to contact lists and emails. Make sure you aren’t leaving an easy pathway into your company via this pocket-sized gadget.
So many human factors abound that can leave companies exposed — from the missing patches, the weak passwords, the silly stuff that shouldn’t be there and the internal access that gives the wrong person the keys to the kingdom. So be extra vigilant in your everyday pathways and decisions so the business continuity experts will have a whole lot less clean-up to do.
Preparis (www.preparis.com) is a business continuity and life safety technology and professional services company, protecting more than $250 billion in assets in more than 200 cities worldwide. Combining leading expertise, technology and client services, Preparis helps create actionable BC and LS programs which help its clients’ workforces prepare for, respond to, and recover from threats that put operational resiliency at risk.