In a world where nearly all business and communications are conducted online, cyberattacks and data breaches are a massive threat to both organizations and individuals. Just as an organization must have a cybersecurity strategy, you should have one for yourself as well; the financial and reputational risks are simply too high not to. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone.
At work and at home, organizational security is everyone’s responsibility. Follow these rules of the road to stay safe and secure:
1. Be Aware When You Share
When you think of a data breach, you probably picture a malicious hacker. However, 92% of organiational security data incidents are unintentional, caused by broken processes and user errors. One of the most common ways that you can unintentionally expose your personal or professional data is by sharing material incorrectly.
When the pandemic hit, organizations turned to Microsoft Teams to quickly enable hybrid or remote work. In response to how users need and want to work today, Microsoft made it easier than ever for users to share files and provide permissions, stating that users “can give access to anyone, people in your organization, people with existing access, or specific people.”
With a variety of sharing settings at your fingertips, you should always strive to select the most conservative option, i.e. “Share with a specific person” as opposed to “Share with anyone in the organization.” While users should make every effort to follow best practices for sharing, the organization should also have a strategy in place to monitor and roll back permissions that were incorrectly or inappropriately assigned.
We’ve all likely had our share of digital “oops” moments, like accidentally sending an email to the wrong person or putting email addresses in the “cc” line when we meant to “bcc.” These simple mistakes can inadvertently expose personal information to an unintended party. Similarly, think twice before you casually share the password for your favorite streaming service with a friend—especially if you’re the type of person who uses the same password for everything (a classic cyber no-no!). While your friend might just use the login information to watch the latest TV hit, you could have just inadvertently enabled them to access all your accounts.
2. Actively Manage Your Digital Footprint
Can your IT admin easily answer critical questions, like “Where is our sensitive data stored? Who has access to it? How is it shared? Are any external users a threat? What is the record retention and deletion process?” Organizations must have an understanding of their digital footprint, including data storage, user permissions, and potential risks. Once IT has a comprehensive understanding, the next step is to implement a governance strategy. Best practices include:
Monitoring critical access control and sensitive data over time, prioritizing based on risk
Automatically generating a “renewal task” to re-certify user access, external users, permissions, and roles
Ensure data owners and administrators always have an accurate inventory of what they have, why it exists, who it belongs to, and when was the last time that information was verified
Employ automated policies that trigger alerts or roll-back unauthorized changes or risky actions
Similarly, can you recall every site where you’ve ever personally created an account, saved credit card info, or entered sensitive personal information? It’s important to employ your own personal governance strategy as well.
Compromised passwords are responsible for 81% of hacking-related breaches, so let’s start there. We’re all accustomed to conventional password security practices that seem intuitive and effective, but updated guidance from the National Institute of Standards and Technology—widely considered the gold standard on password security—suggests otherwise. Updated recommendations include:
Aim for length over complexity. While you may be accustomed to creating complex passwords with random letters and characters, a longer password is actually harder to decrypt if stolen. Try using a combination of a few easy-to-remember words to string together a long password, using a minimum of 8 characters.
Get rid of the periodic resets. Frequent mandatory password resets can actually make security worse. Users often resort to updating their passwords in predictable patterns, like replacing a character or adding a character to the end. If a cyber attacker already knows your previous password, it will be fairly easy for them to crack the new one.
Next, keep an inventory of each site where you’ve ever set up a password and created an account. Imagine, for example, you purchased a pair of shoes from an e-commerce site back in 2015, and you ticked the box to “Create account” at checkout. Unless you’ve transacted with that site in the ensuing years, you’ve more than likely completely forgotten about that account.
If that e-commerce company got hacked tomorrow, you may not even know that your information had potentially been exposed. Keeping track of your accounts is critical to understanding your personal digital footprint. On the same note, make a point of deleting accounts you no longer need—not only will this reduce your exposure, but it will also reduce the number of sites for which you have to manage your login credentials.
3. Always Have a Backup Plan
Since cyber threats often target your personal or professional data, it’s critical to have a backup plan in place. At work or at home, protect your data and bounce back fast from data loss with a cloud backup solution. Whether you’re facing a ransomware attack, corrupt content, or simple user error, this prior planning can help you avoid the worst-case scenario. Automated cloud backups preserve your data at regular intervals and allow you to restore to that point in time.
At the enterprise level, robust backup solutions can secure and encrypt your organization’s data. Should an issue occur, on-demand restore capabilities can minimize downtime and data loss.
For just a few dollars a month, cloud backup solutions can protect the files, photos, videos that live on your personal devices. Life is messy and anything can happen. Whether your cell phone gets stolen, your kid pours a drink on your laptop, or your hard drive gets corrupted, rest easy knowing that you can recover and restore the content most important to you.
When one wrong click can have financial, reputational, and operational consequences, you have a lot of power in your hands. Do your part to protect and preserve critical data by following simple organizational security best practices.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities.
Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School.
LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en
Twitter: http://www.twitter.com/danalouise