How good are you at protecting your physical and digital data? What about company data? We’re seeing an increased number of security and vulnerability concerns at NW Computing, so we’ve compiled a few ‘how to’s” and helpful tips to better protect you and the company you work for.

(The following information can also be found in whole, or in part, on NW Computing Facebook and Instagram)

WHAT MAKES A GOOD PASSWORD?

Is your online password ‘PASSWORD’? Does it contain your, or a relative’s, name, birthdate, favourite movie, place, game character, or any identifiable word for that matter? Well, your data, and the data of those people you’re acquainted with, is at risk. Here’s our recommendation:

A strong password has a mix of upper and lower case letters, a special character (like @, $, !) and some numbers. It is also recommended to NOT USE consecutive numbers, birthdays, postcodes, and other significant dates or numbers. Random letters, characters and numbers are best practice.

Why does your company get you to change your login password(s) frequently? Although it can be annoying, most companies make it a policy for employees to change their passwords frequently. They put policies in place to prevent data breaches.

According to the Australian Cyber Security Centre:

“If your password or PIN is captured, guessed or stolen, a cyber criminal can potentially send emails from your accounts, withdraw money from your bank accounts, change files on your computer such as invoices, steal your identity. Weak passwords are easy for cybercriminals to guess. They use automated software that can potentially guess 350 billion passwords per second!”

WHAT IS 2-FACTOR AUTHENTICATION (2FA)?

When your company, IT department, and data provider are touting the benefits of 2FA (2-Factor Authentication) for protecting your data, it’s probably a good idea to initiate this added layer of security on all your online accounts.

The 2-Step Verification process goes one step further than entering a password on a website by sending a code to your phone or device via text message (SMS). The user then enters that code when prompted by the site to get access.

“Now that I have 2FA my data is safe, right?”
Not necessarily. Although your data is more secure with 2FA, hackers are relentless and will exploit security flaws in software, websites, and even a company’s cyber security.

Hackers have the potential to infiltrate a cellular/mobile network.

“2FA can fail when a hacker has hijacked a cellular network and can intercept text messages. They could then, for example, send a user a text message pretending to be from Google stating there’s a problem and they require the code about to be texted to them. The hacker then tries to login to the users Gmail account, prompting a 2FA text to the user. As the user has been told by ‘Google’ to expect this, they don’t think twice and reply with the code to the hacker, giving the hacker access to the user’s Gmail information.”

Now this scenario isn’t common, and 2FA is still much better than only entering a Username and Password on a website or App, but for an added layer of security NW Computing suggests an MFA (Multi-Factor Authentication) option. For every step forward by cyber security experts, hackers are right behind coming up with nefarious ways to steal your data.

MULTI-FACTOR AUTHENTICATION (MFA)

MFA is used via an Authenticator app on a mobile device. It protects your accounts from password theft and can be used in conjunction with 2-step verification (aka 2-factor verification or 2FA), which is offered on most of your social media and email accounts. In our recent Free Software Friday post on Facebook and Instagram we recommended Google Authenticator. It works on both Android and iOS devices. There are other apps for Multi-Factor Authentication, but Google Authenticator is the most accessible for most users.

Here’s how it works:

Although using 2-Step Verification (2FA) is good security practice, a “devoted hacker” can still get access to this code by going through your phone company.

The Google Authenticator app provides an additional level of security by eliminating an SMS attack by using algorithms to generate six-digit codes on your mobile device (MFA – Multi-Factor Authentication).

Now that it’s all set up, a website (a site you’ve authorised for this service) will prompt you for a code, which can be randomly generated through Google Authenticator app. This step bypasses the ‘text message’ that poses a potential risk.

CLEAN YOUR DESK! CLOSE THE DOOR BEHIND YOU!

While it might seem like the company you work for is over-managing you, a Clean Desk Policy is important for security.

Keeping notes and paperwork on your desk, or in an unlocked draw, may seem convenient, but all it takes is one person getting access to the building, floor, or office you work in to steal sensitive information.

Never keep passwords on sticky notes, addresses on a notepads, or USB’s in unlocked draws. This data should be destroyed appropriately in a shredder or secure document bin.

It’s also good security practice to lock your computer when you leave your desk, even for a moment. It’s as easy as pressing (Windows key + L) on PC, or (Control + Command + Q) on a Mac. Many companies have their IT Partner set up auto lock on employees work computers, so they lock after a few moments of inactivity.

And if you’re sitting in an open office plan, with your computer monitor’s screen viewable by passersby, a privacy screen is an easy to install, and affordable, option to add that extra level of data security.

STRANGER DANGER. THE IMPORTANCE OF CLOSING THE DOOR BEHIND YOU.

Social Engineering is one of the business threats business face. “It’s the use of deception to manipulate individuals into voluntarily providing confidential or personal information that could be used for fraudulent purposes” (afta.com.au). This can be by SPAM or Phishing emails, a caller posing as a representative of a utility company or government agency, or as mentioned, someone who has hacked into a phone provider and requests your 2FA password. Social Engineering doesn’t necessarily need to compromise software or systems, it’s the “human interaction and persuasion” that makes this type of theft more difficult to deal with.

Hackers use what’s called tailgating (or piggybacking) to gain access to a restricted areas of a building by using well intentioned employees who are overly courteous, and trusting of others who appear ‘official’ or ‘safe’. Have you ever held a secure door open for someone you didn’t know without seeing an ID or a security access card? Don’t blame yourself too much, most of us have done it at one time or another.

The danger in being ‘courteous’ is it puts the company’s data at risk. A hacker posing as a technician, delivery driver, or even a fellow employee, will use your kind act to quickly make his, or her, way in and out of the office, along with all the data left on employee desks, mobile phones, laptops, and USBs. They also may have the opportunity to install malicious software on a computer, which will allow them to access the systems remotely.

It’s also never a good idea to let anyone, other than authorised company personnel, use your mobile phone or computer; even if they say “It will only be for a quick second”. That could be a one second you may regret.

HAVE A GOOD SECURITY CULTURE

Why do we wear Hawaiian shirts on Friday? Why do we do burrito birthdays? Why is everyone encouraged to contribute to the office music playlist? Because it’s the culture!

As written in an earlier blog post, culture is important because it shapes our identity, our communications and our behaviour when interacting with our clients and our peers. When it comes to Cyber Security – more often than not, all discussions will be about technical controls and mitigations of threats and ways to reduce risk through discrete systems. A positive security culture, and an aware workforce is an untapped and overlooked resource in protecting company assets (… more)

IN SUMMARY

– Choose a strong password
– Use 2-Factor Authentication
– Add even more online security by using Multi-Factor Authentication
– Clean your workspace
– Lock your computer
– Don’t be so nice. Take part in your company’s security culture.

We’ll keep adding to this list of ‘How To’s’ and Tips. If you have any suggestions for cyber security content, or helpful tips of your own, send us a message on our Facebook or Instagram pages. And check out our social media pages for Free Software posted every Friday.

At NW Computing WE DO MORE.