Page 42 - Cyber Warnings August 2017
P. 42
be unintelligible - the equivalent of “shredding” the data and rendering it useless without a “key”
to decrypt it. It is important to make a well-informed decision on who is allowed access to these
keys within your organization. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
are two examples of common, sophisticated encryption technologies. Be sure to evaluate and
update your products every year, as technology is constantly advancing and becoming stronger
against cyber threats.
4. Use digital preventative measures
Another simple way to guard against identity theft or a data breach is to practice computer and
mobile safety. Ensure all computers have antivirus and antispyware protection installed, and
that these are regularly updated. Don’t cut corners on quality - you want the best products
available to guard against theft. Protect your entire network with a strong, stable firewall.
Promptly update all browsers, software, and mobile platforms with security patches, and avoid
storing any business data on personal devices - especially mobile phones.
For many people, checking their mobile device is the first and last thing they do each day. Their
entire lives are stored and organized on these tiny pieces of tech, which makes them a prime
avenue for potential hacking. One of the most common ways is through physical access - it’s
incredibly easy for someone to steal a phone, or for an employee to lose it at the airport, in a
cab, in a bathroom, etc. Once a hacker has the phone in hand, it’s only a matter of time before
they can crack even the most complicated password or security code. Advise employees to
keep a tight hold on their phones, especially while traveling.
As a side note, if any employee must bring their own device to work, advise them not to
download apps from untrusted sources and be sure the same security software is installed that
you have on company devices. While mobile devices often don’t support anti-spam and
antivirus tools, guarding against these “insider threats” are a simple way to lower the risk for a
breach.
5. Stop visual hacking
Visual hacking is exactly what it sounds like: looking at private information on a screen, on
paper, or by watching someone enter it on a computing device. This type of low-tech hacking
poses a significant risk to organizations and happens very quickly (less than 15 minutes on
average). In fact, an average of ninety-one percent of visual hacking attempts are successful
and can be nearly impossible to detect, according to global trials conducted by Ponemon
Institute in 2015 and 2016.
It’s important to educate employees about the risks of this particular brand of hacking because
they may never have considered this to be a possibility - while employees may follow all of the
necessary procedures for encryption, sidestep phishing, keep their anti-virus updated, and
everything else, they may very well ignore the obvious hazard of reading through confidential
company data in the middle of a crowded coffee shop.
Regardless of size or type of business, all organizations face the threat of visual hacking. To
combat visual hacking, users need to be trained to be aware of their surroundings. Create a
privacy plan for data taken outside the office - for example, suggest to employees who need to
work from home that they not open their laptops in public places, like a coffee shop. The same
goes for remote employees - even though much of their work may be conducted from a home
office, many remote workers choose to work in public areas or co-working spaces. If this is the
case, advise them to work with their backs to the wall and hide their screens at all costs. For
42 Cyber Warnings E-Magazine – August 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
