2014’s string of disastrous and high-profile cyber breaches shouldn’t make us despair. Below is a list of good habits we can implement today. Some of them might seem intuitive and common sense — but, as you know, common sense isn’t so common.
With that, I suggest:
- Create strong passwords: This is a broad topic, but remember that a strong, hard-to-crack password isn’t just a string of characters a Web page’s strength meter claims is “Strong.” For instance, the strong password won’t contain “smart substitutions” (swapping in a character like “!” for the letter “l,” and so on). When creating the password, avoid using a pattern a computer can easily recognize and mimic. But, the password must also be easy to remember and to change — I can’t stress the change part of the equation enough. (Also, use a two-factor authentication whenever available)
- Ask the right questions about your cloud providers: Don’t accept substandard security for file sync and share (FSS), storage, or any other cloud-based services:
- Verify if the service is enterprise strength — especially if you are using the provider for business apps. You can start by asking about the provider’s security certifications, and keep going from there.
- Check whether your providers guarantee your data will be always available — or if only the website will be accessible when their services are up.
- Be careful when signing up for free services and moving important or private documents “up to the cloud.” You may be signing away your ownership, or giving the providers the permission to index your files.
- Password-protect your files when they might be shared: Emailing important personal documents to your accountant or mortgage broker? Or using a consumer-grade FSS service? Then protect these files and documents with passwords. Consider using your cell phone number as the password — or anything else your doctor or accountant will know (but the drive-by hacker won’t). Then you will have basic protection if your (or your recipient’s) email account or cloud service is compromised.
- Keep business data out of personal cloud accounts: Surprisingly, research from Harris Interactive indicates business professionals frequently store business content and data in their personal FSS apps. Managers are especially guilty of this bad habit.
- Watch for email attacks: Don’t just automatically trust every email you receive. For instance, never open an attachment unless you’re expecting it. Do not click on an embedded link without looking where it’s pointing to. If you have doubts, open a new private browser session and paste it into the address bar. This way your email session (and any other browser information) will remain invisible.
- Try “private” browsing: Going into private (or “incognito” in Chrome) mode prevents the browser from keeping its visit history in-memory. This can help deflect a browser based attack. The Internet service providers (ISPs) can still monitor you, but hackers can’t see which sites you visit (for things such as banking) when they are scanning for victims.
- Kill unneeded files: Make a habit of deleting unneeded copies of documents and files. That includes scrubbing the hard drives of old computers, tablets, and smartphones before donating them or handing them down to your children.
Security is up to us. The harder we make it for hackers to cause breaches … the better.
Mushegh Hakhinian, Chief Security Architect at Intralinks
Mushegh Hakhinian has been managing security initiatives for the past 16 years. He leads the application security practice at Intralinks, a leading, global technology provider of inter-enterprise content management and collaboration solutions. He represents Intralinks at the Cloud Security Alliance SME Council, is a Certified Information Systems Security Professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.