Information security and privacy is a topic that has been escalated time and time again throughout last year. Of course, that’s happening for a reason. 2018 was a record year for data breaches and cyber attacks. From Marriott Hotel, to Quora, to Google+ and Facebook – seems all the big companies we have come to know and trust are getting hacked left and right. But it’s not just enterprises that are under siege. The increasing number of cyber security breaches worldwide is no joke. Throughout 2018, there were more than 1.2 billion data breaches in the US alone.
The damages and costs involved in a data breach are no joke either. Statistics report that a data breach will cost a business as much as $3.86 million dollars. What’s more, it’s reported that 60% of small companies simply close down shop within 6 months of a cyber attack.
There is a reason GDPR and similar laws have started coming up around the world. They are a direct response to the alarming number of cyber attacks and data breaches worldwide. But laws were never enough to stop cyber attacks altogether. Every business and every individual is responsible to protect their own information security and privacy. We have prepared a list of top 5 threats and our tips on how to best deal with them.
1 – Using weak and re-used passwords
You can think of passwords as the keys to your house. You wouldn’t want a key used by your neighbors. Or your colleagues. You want to make sure your key is unique and strong, difficult to copy and crack. However ridiculous that might sound, the most popular passwords used today are still “123456”, “password” and “123456789”. A great trend that is picking up some traction now is the use of passphrases. Instead of using single-word passwords like “security!445” you should use passphrases “security_1s_imp0rtant!”. They are both more difficult to crack and easier to remember.
Better yet, you can use a password generator that comes with many password management tools – they will not only generate unique and super-strong passwords, keep them safe, but will also make them easily accessible.
2 – Storing data in not secure locations
Users today, on average, login to 25 websites every week. If we would count all the systems and applications, this number would increase dramatically. Remembering 40 secure passwords is an impossible task for the human brain. That means your information, whether it’s secure passwords, secret notes (such as banking information, entrances codes, etc.) or any other kind of sensitive information must be stored securely. Our research has shown that most people keep this information in some of the dangerous places – spreadsheets, notepads and sticky notes. Any physical tool (aside from safes) to store your sensitive information can be lost and that will result in a tragedy. Any spreadsheet can be extremely easily accessed by cyber criminals and wiped clean at best, or used against you at worst. That’s why you should choose storage secured with strong encryption and keep your sensitive information there.
3 – Lack of access control
In today’s fast moving environment, we must be able to access the information when we need it. Secure passwords or access codes have zero value to you if you are not able to access when you need them. They may be securely stored in your safe, but when you need to use them, what will you do? You will take out another sticky note, write the password down “just for a quick login” and then stick it on the monitor of your desktop or lose it entirely. And we’re back at square one. This is why an important aspect of your information security is accessibility and access control. You must be able to access the information when you need it and control who and when can access it too. Whether it’s a password manager with role-based permissions or shared G-drive account with access control, information without accessibility today isn’t worth much and may even jeopardize your security further.
4 – Sharing of sensitive information
We are living in the age of online collaboration. Teams today can’t survive without collaborating, sharing thoughts, ideas and sensitive information. And most of that is happening online. Every single individual collaborates with other people at some level. Programmers share their code; human resource specialists or lawyers – documents; designers – prototypes and designs; marketing people share their materials and contracts; accountants – spreadsheets filled with sensitive financial information. And every single team is sharing passwords.
The key here is to understand how we share this information. Most of the communication and file-sharing we do is only as secure as the systems we share them through. And truth be told, most of these tools aren’t secure at all. Hacking your email or social media messages is entirely too easy and this has been proven time and time again. If you understand the importance of storing information securely, this is double as important for sharing it. Luckily, there are tons of tools and ways for you to share information securely. Some have to be setup by you, like dedicated XMPP server. Some you can just grab and use, like a password manager for teams. The fact is, emails or social media, where your sensitive information is stored in plaintext, are the worst choice for sharing it.
5 – Education, training and understanding
Despite all your investment in tools, R&D and infrastructure, you still might find yourself getting hacked. That’s because security tools aren’t worth much without people understanding their importance and how to use them. An extremely disturbing fact is that a lot of data breaches are caused by human error. Even though the actual numbers vary, CNBC reported study shows that up to 48% of all data breaches are caused by employee negligence. Whether that’s due to bad training, lack of education or simply malicious behaviour, the fact stands. Everyone can relate to the situation where you hear or read about a threat to your security, only to close your eyes and keep going the same direction you were going, completely ignoring the knowledge you’ve just received. That is a basic human behaviour and it has to be changed in order to improve information security.
Companies have to spend more time educating and training their employees about the importance of security measures and tools. More importantly, every individual has to take upon himself to learn more about the good practises. An easier way to do this is to choose security tools that are easy to learn and use. Those tools are out there. You can still get high level security without diving deep into the technicalities. But it’s still up to each of us to make sure we’re at least doing what we can to improve the cyber security of our sensitive information.