It costs little or nothing to prevent data theft or other digital mischief. Studies have repeatedly identified that you and your co-workers are far and away the most likely source of any digital security breach. Computers and systems can only go so far in protecting us from our own laziness, bad habits, and outright goofball moves.
Just a few habit changes and simple precautions will result in reasonable assurance that your digital information is safe from intrusion by all but the most dedicated hackers:
- Use “strong” passwords and a different password for each device, site, and account. If you do not know what a strong password is use a password manager (see below) or other app to create them for you. And don’t use any of these passwords (https://www.passwordrandom.com/most-popular-passwords).
- Use a “Password Manager” such as OnePass or LastPass which allows you to have to remember only a single (strong) password to unlock all the other passworded functions and can create “strong” passwords as needed. Such programs save you from the big three password sins: (1) writing down passwords (and “hiding” them under your blotter, in your top drawer, or in a Word file); (2) using the same password for multiple purposes (one breach unlocks them all); and (3) not using “strong” passwords.
- Don’t be “social engineered.” Heart rates go up a tick when you see an email pop in with the subject line “Urgent,” “Payroll,” “Are you available?” Better read “The 12 most common phishing email subject lines cyber criminals use to fool you.” https://www.zdnet.com/article/these-are-the-12-most-common-phishing-email-subject-lines-cyber-criminals-use-to-fool-you/. BTW – this same 2019 study found that more than half of employees have replied to unsolicited emails or clicked links in them.
- Don’t be a “phish.” An amazing amount of information is just handed over to thieves by people believing that they are communicating with a client, a superior, or a government official. For a good read on this see https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/.
- That includes government agencies, too. As the federal government repeatedly broadcasts, the IRS does not call or email you out of the blue for any reason. And whether IRS or not, don’t give your private information to anyone you do not positively know is on the other end of the line. And don’t “correct” your personal information if someone says they have it but just want “to confirm” it – and gets it wrong.
- Examine the email address. I can guarantee Bank of America or Citibank is not having someone from .az (Azerbaijan), .cz (Czech Republic), .ng (Nigeria) or .ru (Russia) working on account security issues. Also look for closely misspelled email addresses (e.g., cittibank.com or citibanc.com instead of citibank.com). However, there are ways to fake email addresses as well as ways to fake website addresses. “Hovering” over a link in an email is no guarantee that it will reveal the “real” destination. If the email address looks authentic but the email is suspicious, call the purported sender to verify it.
- Think before you toss or donate anything with a plug or USB port. Almost all devices you use contain some type of information about you, your business, or you clients, including your cellphone. But how about the office copier you just gave to the local homeless shelter or the thumb drive you threw in the trash? In this TechCrunch story, a security researcher collected 366,300 files and images on 85 devices he found on “discarded” devices. For information on safely disposing of old tech, see Old Technology & Equipment.
- Finally, please don’t give “Nigerian Princes” or other “royalty” or corporate executive your credit card number no matter what their love or sob story. That includes “friends” who email you with “travel emergencies” which require immediate funds transfers to “save” them for further troubles. You may laugh but the “Nigerian Prince Scam” is still raking in the cash – a couple of years ago a raid in Nigeria netted $43.4 million in cash from a suspected “Prince.”
Hopefully, you can see that reasonable digital security can be achieved by a few commonsense good practices.