Quick Tips on Information Protection and Security

Introduction

Recent figures suggest that breaches in digital information have grown more than 300% since last year, and today phishing is leading practice of hackers and cyber criminals. Individually we must be proactive. We must educate ourselves on the threats that are, in a sense, inevitable.  In both a corporate and personal environment, simple and consistent practices can be the most valuable.

Every day, around the world copious amounts of data and intellectual property are stolen and exploited. The vast majority of us will be targeted at some point in our professional life – more than once – especially those who are involved in the development or maintenance in critical infrastructure.

What follows is a short overview of the common tactics that are used in stealing data from companies and individuals, as well as simple and effective tips in protecting yourself from them.

PHISHING – Don't Get Hooked!

''Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details for malicious reasons, by masquerading as a trustworthy entity in electronic communication. Spear-phishing is when specific individuals are targeted within a company, and tailored emails are created and sent to them. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the internet today, accounting for 91% of attacks''  WIKIPEDIA

On a corporate level, safeguards are put in place to reduce the amount of spam and phishing emails received. However, there will always be a number of emails that find their way through the safeguards and firewalls, forcing the end users (employees) to act as final safeguards themselves.

As an example: an employee receives an email from an unknown sender, requesting for an immediate reply due to ‘suspicious’ activity with their account. Therefore, the request would be for the specific financial information to ''resolve the situation.''

The email will be structured to create concern about the suspicious activity and distract the recipient from the sender themselves. Be particularly vigilant if you receive and email claiming consequences, or rewards, with/without an immediate response. Four red flag examples of phishing emails are as follows: 

  1. Very generic greeting or introduction – “Dear sir/madam” 
  2. Generic email address – “@quickbooks.com
  3. Vague context requesting immediate attention
  4. Misspelled words and/or foreign characters

Depending on the intent of the sender, phishing emails may contain an attached file or link infected with malware. If you sense that an email is phishy, Do Not click on the link or attachment.

Targeted spearphishing emails are even more difficult to identify. Social media channels have widened the playing field and given hackers access to very specific personal information via Twitter, Facebook and LinkedIn. With that being said, if you receive a message that is personalized but feels at all suspicious, even slightly, take a few moments to re-read and re-evaluate the message. If it’s difficult to determine the sincerity of the message, it may be best to contact a friend or colleague for a second opinion.

Are you enjoying this article?? Follow us on LinkedIn and Facebook.. 

Mind Your Passwords

The list of passwords we’re meant to remember gets longer each week. Bank accounts, credit card companies, company related safeguards – the list goes on and on.  Although it’s convenient to use one password for multiple accounts, you put yourself in a very risky situation in doing so. This is why: 

If just one account has a weak security system and  it is breached, the hacker can use simple logic or an algorithm to uncover other accounts that belong to you. Then, the hacker will simply use that same password, or short variations of it, to access your most valuable accounts (e.g. bank accounts, credit cards, personal email, etc.)

A simple and effective strategy to avoid this situation is to create strong and unique passwords for each account; and use a password tool to store each password safety. A password tool eliminates the need to remember your passwords. The tool that my colleagues and I currently use is Password Safe, originally developed by Bruce Schneier, who is well-known in the world of security and cryptology. The tool enables you to copy a specific password from the tool directly to the password field on the respective webpage without ever seeing the password characters. Secure, reliable, quick and convenient.

The true benefit in utilizing a password tool is the ability to create strong and unique passwords without the need to memorize them. It’s much safer to have a strong password and change it once every quarter, than to create simple passwords and change them every month. 

Today there are dozens of password keepers on the market. Fully customized options for your PC, laptop, tablet and smartphone at little-to-no cost. A list of the top-rated paid password managers can be found at PCMag.com

SUMMARY

Several large companies have experienced security breaches in recent years which have been broadcast worldwide. From the standpoint of a corporation, the damage is vast and detrimental as it is not just the loss of data, money and information that companies need to worry about, but also the negative publicity and tarnished reputation that follows. A perfect example of this can be read in this issue of The Japan Times - link. 

Protecting personal data and intellectual property is a top priority in today’s digital world. Security breaches and cyber-attacks are prevalent now, more than ever. Do yourself and your company a favor and be aware; take simple and effective steps to protect your personal and corporate information properly. Cheers! 

Additional information:

Many sites offering information on phishing can me a scam. I have included two legitimate resources below for those who would like to learn more:

Homeland security information website: http://www.stopthinkconnect.org/ 

Anti-phishing working group: http://apwg.org/

Do you have a question about this article?? Send us an email