Hackers routinely steal. They steal credit card information from ecommerce sites and sensitive information from company websites. It’s a game for them, a puzzle to solve, a code to crack. The fact that they are ruining people’s lives is rarely a thought that occurs to them, and even when it does, they are quick to dismiss it. Here are some tips to help you protect sensitive information.
Protecting Your Information
- Security doesn’t have to be complex to be effective
One ingenious yet simple way to protect sensitive information is to use Secure USB to protect your data with a customized encryption PIN and plug-and-play functionality. First, you’ll enter your carefully chosen encrypted PIN by using the device keypad. Second, once authenticated the device is ready to use plug-and-play functionality. Third, just unplug to securely lock with your encryption. This happens automatically when the device is unplugged and disconnected.
- Avoid storing all sensitive data if it’s not necessary.
While you might need to store your employee’s social security number and other sensitive information for HR purposes, you don’t have to secure your customer’s personal and financial information, too. By limiting the sensitive information you add to your computer systems, you limit the security risk.
According to the Director of Digital Forensics and Incident Response at Trustwave Chris Progue: “There is no reason to store thousands of records on your customers, especially credit card numbers, expiration dates and CVV2 [card verification value] codes. In fact, it is strictly forbidden by the PCI Standards.”
His argument is simple and elegant, “if you have nothing to steal, you won’t be robbed.”
- Prevent employee security leaks.
When hackers break into a computer system, they rarely use superior technology to break into the defensive grid of the high-quality security software you have installed in your computer system. More often than not, they find the weakest link in the chain – and this happens to be your people.
While antivirus software and ransomware protection solutions are hard to outwit, people are easy to fool with some slick psychological manipulation. So the greatest threat to your security may not be coming from outside your organization but inside it. In rare cases, it’s a disgruntled employee acting out of malice, but for the most part, the security leaks are due to poorly trained employees or poorly enforced security policies.
Let’s take a look at how to close those loopholes.
1. Secure your system from an inside job. If an employee turns rogue, it’s usually because they are disgruntled. Usually, however, they don’t hack into your system while they are under employment and capable of getting caught in the act. Often they wait until they quit or get fired. They then access your computer system remotely. This can even happen 30 days after their departure which makes it harder to make the connection between the hack and the absent employee. When AT&T experienced a malicious insider attack, the company lost sensitive information like social security numbers, driver’s license numbers and birth dates. The way to prevent a malicious attack is to change all the information that a former employee might have access to such as their email or their VPN login.
2. Conduct formal employee training on security issues. Formal training will teach employees basic things like the value of using strong passwords, not downloading files from their emails, and detecting phishing scams that occur via email, chat rooms, or over the phone.
3. Create strong security policies and reinforce them. Consult with a security professional to help you create strong security policies and design ways to reinforce that they are followed. You need a system of checks and balances to counter negligence about security issues on the part of employees.
Also consider using multi-factor authentication. Multi-factor authentication (MFA) adds a layer of security that allows companies to protect against the leading cause of data breach — compromised credentials. Users provide extra information or factors when they access corporate applications, networks and servers. Check out Centrify to learn more.
Motivated Career Criminals
In order to prevent an attack, it’s always useful to understand the enemy you’re defending against.
What is the profile of a hacker like?
The most frightening thing about hackers is not their criminality or the distressing lack of empathy, but how good they are at what they do.
Like psychologists who have observed neuroses over many years and can make a fairly accurate diagnosis of a new patient in the first five minutes of their session, hackers are equally skilled at scanning for any weaknesses in your computer system. Using sensitive hardware devices and special software, they look for loopholes to launch an attack. They may also resort to psychological tactics on your employees to break into your system.
Not only are hackers excited by the idea of pulling off the perfect cybercrime, but they are also motivated by the thought of how much they can steal and monetize the information they find. They are also as fearless as kleptomaniacs. If they can’t break into a computer system, they might simply pick up the phone, call your company, and hoodwink an innocent employee into giving them enough information to pull off a phishing scam.
In summary, then, in order to discourage hackers, you have to be equal to the task of securing your sensitive information. What you don’t know about online security is the biggest risk you face.
Photo Credit: Pixabay