4 Easy Ways to Protect Your Data

Written by:

Joel Caskey
Cybersecurity Manager & Partner
NET Xperts LLC

Greetings, Cybersecurity Super Heroes In Training!

In the last topic, we covered some best practices for Password Management. Hopefully, this helped you to check off some more of the boxes to improve that Cybersecurity Super Hero score. This topic is related to good password management, but takes protecting your data to a new level.

So let’s talk about how you protect your systems. A good chunk of this is going to be geared more toward a business environment, but some items will also help you on a personal level.

I’m going to start with a quick story. I recently had a user reach out to me because they had their personal information breached. After talking with this user, we discovered that the weak point, which was compromised, was their personal E-mail. The bad actors were able to breach the E-mail account, forward all E-mails to an external account that they have access to (so that the user monitoring their E-mail doesn’t see the things that are coming in), and start sending out password reset requests to common systems such as Facebook, Amazon, eBay, etc. Once the bad actor gained control of these accounts, they were able to make unauthorized purchases through these systems on stored credit card information. Since the E-mails were being forwarded away from the user’s account, this all took place without them knowing or having any indicators other than they hadn’t received any E-mails on their personal account for a little while.

Believe it or not, this is a common tactic that bad actors use. This is where systems protection comes in. I mentioned in the last topic that your password is the first line of defense and is like the key to a locked door. I want to take that a step further here to give you some additional examples of good security practices and how they compare. I also want to mention, before I get into the nuts and bolts of things, that these best practices are relatively cheap to implement, and cost much less than having your personal or business data compromised.

Use Multi-Factor Authentication. This is THE most important method in protecting yourself both personally and professionally. Similar to how a password is a key to a locked door, Multi-Factor Authentication is like having a deadbolt on that door with a different key. The best systems pair this with something that you KNOW (your password) along with something that you HAVE (for example, a token with a randomly changing number, a text message that goes to a mobile device, or even a push notification from an app). A good Multi-Factor Authentication solution should NOT use E-mail as the second factor – this can be easily compromised, as you saw from my example story. If the user had Multi-Factor Authentication enabled for their E-mail (or the other accounts, for that matter), it would have severely mitigated or even prevented this breach from happening.

Beware of Public WiFi – this is a controversial topic. I know that some people like to go to their local coffee shop and enjoy a nice Pumpkin Spice beverage while trying to get some work done. Coffee shops as well as other public places, such as airports and restaurants, typically offer free WiFi. How convenient! But beware – this comes with a risk. A lot of the time, this service is offered to you without having to enter a password to connect to the network. This leaves the door open for anyone within range of the WiFi to “sniff” traffic going across the airwaves. It also invites potential attacks where a bad actor can set up an access point claiming to be the “Free WiFi” network, but secretly they’re seeing everything that you do on that network, including doing some online banking or potentially working with protected data. Long story short – beware when using Free WiFi in public places – there is a risk to this. It’s there for your convenience, but as a general rule of thumb, you don’t want to transmit or work with any confidential data while using such networks.

Make sure your devices are encrypted. This is one that’s so simple these days, but everyone takes for granted. Let’s say that you’re going out to a nice dinner with your family and you’re going straight to the restaurant from work. You have a nice meal from your favorite restaurant and enjoy about an hour and a half of your favorite family members or friends. You exit the restaurant and get back into your car to discover that the unthinkable has happened – your car has been broken into and your laptop is missing. Your laptop contains private information, such as financial information for your customers. This is already a bad situation because you’re missing vital equipment to your daily operations, but what makes it worse – your laptop was not encrypted. This essentially means that the data on your laptop is now considered compromised, and now we pull out that bad word that we try not to use in the cybersecurity world – BREACHED. A simple task such as ensuring that your laptop is encrypted using something such as BitLocker (which is built into Windows) would have kept this situation from going from bad to worse. You may be missing a laptop, but if the hard drive is encrypted, this prevents the data from unauthorized access and mitigates the B-word.

Avoid confidential information on portable media. Portable media can be a USB Portable Hard Drive, an SD Card, or a USB thumb drive. These are great for moving information from computer to computer and for working while you travel. However, with the portability comes additional risk. A USB drive can easily fall out of a purse or pocket while walking between the office and your vehicle. Avoid keeping confidential or protected information on these types of devices. If you do have to transport confidential data using these items, ensure they are encrypted. Doing so will help better protect your information from getting “lost in the shuffle” for someone else to find.

I hope that this venture into systems protection, helped you pick up some pointers that you’re able to use both personally and professionally. Your data is your #1 asset. Whether this is your personal information or your customer’s personal information, it needs to be treated with care to prevent it from being exposed. Taking a few extra steps and using your Systems Protection Smarts will bring you one step closer to being a Cybersecurity Super Hero!

Until next time, my friends… stay safe out there, and stay tuned for more!