SideChannel's Guide to Securing Information
Securing information is an increasingly fractured challenge
One can hardly read the news without some coverage of yet another data breach or loss of financial or personal data. A salient example I often reference is hackers stealing Mat Honan’s —tech journalist for WIRED—digital identity and deleting it; all in pursuit of his Twitter handle @mat. Or the numerous instances of fraudulent tax returns filed on unknowing victims. Or most recently, the story about how images of the interiors of Roomba user’s homes—including one of a woman on the toilet—ended up Facebook and Discord.
Securing one’s personal information is no one’s business but our own. So how do we better protect our own personal and company information, without going back to the Dark Ages? Evolve.
Here are some steps you can take to secure information:
- Create device passwords on all your devices (phone, tablet, laptop, wearables, etc.)
- Use a password vault or manager to create strong and unique passwords for every site where you have an account. Using the same password at multiple sites makes it easy for cyber criminals to break in.
- Distinguish work accounts from personal ones and use different passwords for each.
- Enable two-factor authentication for online accounts (e.g. Gmail, etc.) whenever possible.
- Never use free wi-fi to log into financial institutions and be careful of what you’re browsing when using free and public wi-fi networks.
- Use, at minimum, WPA or higher encryption instead of WEP on your personal wi-fi router.
- Monitor your credit reports and consider implementing a “security freeze” with the credit bureaus. Make use of the free annual credit report available from www.annualcreditreport.com.
- Be wary of phishing emails; don’t click on a link or download files from unknown sources.
- Install an anti-virus, anti-spyware, and firewall on your personal computers; keep it updated.
- Use encryption on your laptop, phone, tablet, and personal computer if possible. You may lose your device, but this may prevent your personal data from being exposed. Here’s a quick guide on how to encrypt your computer for Mac and Windows PC.
- Be wary of what you disclose on social media and workplace intranets (e.g. full birthdate, date of graduation, favorite color, etc.) because this information may be also an answer to one a security question used by some websites to authenticate individuals.
- When disposing of personal devices (an old laptop, phone, hard drive) reset to factory default or otherwise wipe data from electronic devices before you upgrade or sell your personal device. If you’re not selling it; some people physically destroy the drives on old devices; because you can’t be too careful. I do love a good shred day. If you don’t already; incorporate shred days into your quarterly office cleaning cycle. Make it a social function to encourage staff participation. Consider hosting coffee, ice cream or pizza social for staff who show up with old documents and devices.
Encouraging staff to adopt practices that protect information and model good cyber hygiene is challenging, but there are ways to encourage it while accommodating different work styles and environments. Let a virtual privacy officer help you build an exemplary privacy program with cybersecurity baked in.