Leak of celebrity nudes reminds us how important digital security really is
By Nicholas Upton
September 4, 2014
Filed under Nicholas Upton
Jennifer Lawrence is likely wishing she had a better strategy for online security. The fact that popular celebrities can be attacked in such a way is a stark reminder that businesses must be wary of their data.
Don’t wait until your business has the embarrassing, financial equivalent of nude pictures getting past your security to think about how you protect yourself.
Here’s a few tips to keep your digital data safe on or off the cloud.
Update your software
You know that little prompt that you keep telling to go away every morning? Well, if you have sensitive data on your computer or network, stop ignoring it!
Operating system updates are critical for security. Almost every update mends a little chink in your online security armor. I know I’ve been guilty of it, heck, clicking “remind me tomorrow” is just part of my morning routine – but I don’t run a business from my computer.
Encrypt, well, everything
Any business has to have encryption for their credit processing system, otherwise Visa and MasterCard aren’t going to do business with you. But how many times have you sent a contract or a credit form via email just to keep the business moving along? Stop doing that.
If that email isn’t encrypted a hacker or a stolen computer with access to any email accounts in the chain can mean a security breach.
Even accessing the cloud should be done through an encrypted gateway like a secure VPN. A key logger or virus on an outside computer could have complete access if you allow non-encrypted access to your business network.
Keep your financials under lock and key
So you think you’re data is locked up in the computer equivalent of Fort Knox, but what about the door to your financing office? I bet it’s not a steel blast door!
Even the most stalwart digital security plan has analog weaknesses like access. Only give the keys to people who need it. It’s not prudent for many small businesses, but a keycard or code system to monitor access can go the extra mile.
Oh, and close the door even during business hours. An hour lunch break is ample time for some ne’er-do-well to walk in and download your sensitive data.
It reminds me of a Seinfeld episode when Kramer leaves the door open and Jerry’s fancy lock doesn’t do anything to stop someone from taking his TV. You can have the best lock on your data, but you have to close the door!
Don’t allow outside cloud services
It’s much easier for someone to dump a little work on their personal DropBox account to tackle at home. But business owners must drill into their employees that this is not OK.
Some business cloud services can be a little clunky, making it easier for employees to skip steps like signing into a VPN, going through levels of authentication and simply getting credentials to the business cloud. What’s known as “shadow IT” is when employees go around that secure system.
Illuminate the issue with your employees because as soon as financial or business data is on DropBox, Google Drive or the like, it’s as secure as that employees personal online security.
Think of all the places your employees might have that cloud account automatically sign on. Now think of all the people that still use “password123” for their logins…
Only give access to those who need it
No business owner wants to be mistrustful of their employees, but a 2012 report from the Association of Certified Fraud Examiners showed that 75% of employees stole from their employer at least once. Yes, 75%!
The majority of those thefts are certainly small: a soda from the fridge or a box of pens, but all those office supplies don’t add up to annual $37 billion in stolen assets that the study found.
If an employee doesn’t have a business reason to be accessing data — even parts of data like credit card information on a service order — don’t let them access it.
Sure, it might cause a little hurdle when someone needs to see the notes on a contract, but it’s better than losing sensitive data.
Have a strong password, and memorize it
As we saw in the celebrity nude picture leaks, social engineering is still one of the best ways to crack a system.
Don’t make your password your dog’s name, your business name and a number or any variation of your own name. Your password should be difficult to remember, then memorize it.
I’ve seen so many people put their tricky password on a sticky note on their desk. Sorry, but that’s really, really stupid. You might as well go back to “password” if someone can find your information right on your desk.
Always use two-factor authentication
The entire nude photo scandal could have been avoided with two-factor authentication. Really, all those celebrities needed to do was click the little option for two-factor authentication. Then, instead of hackers having free reign to guess passwords all day, the celebrities would not only get a text clueing them in that they were the target of a hacking attempt but keep anyone from getting in without a special pin.
The only reasoning I’ve heard for not using the added layer of security is that it’s clunky. Really? Picking up a phone or reading a text with a pin embedded takes all of 30 seconds and can keep data safe. In my opinion, that’s well worth the time – but I’m sure I’m not as busy as Jennifer Lawrence.