5 Tips For Online Security
We’ve compiled some tips on avoiding simple security mistakes that could cost you and your team a lot.
There were nearly 4,000 data breaches in 2020 alone, and while having a top-notch cyber infrastructure is a given, there are often-overlooked ways of improving online security at the individual level. Since over 20 percent of the U.S. workforce is expected to be remote by 2025, we recommend reviewing these tips more than ever!
1. Acknowledge Risk is Everywhere Online
No matter where you work, public internet networks are risky and open you up to a wide array of breaches, leaks and worse. Do some basic research on your internet provider to ensure your internet speed and security are optimal for your job.
Keep up to date on types of phishing attacks. For example, fraud email scams related to the COVID-19 pandemic are still on the rise.
Digital hygiene is another important consideration. Every last site you visit, link you click and file you send should be prefaced with a common sense question: “Am I considering the potential risks of doing this?"
Even if you’re not on the computer at work, you’re forever at risk of digital danger. Whether you’re on your phone, tablet, friend’s device or sharing something like a rental car bluetooth or public wifi, you and any data associated with you is at risk. This means if you make a mistake, even if off the clock and perusing somewhere other than a dedicated work computer, you could still be putting yourself and your team at risk.
2. Invest in Individual Security
One of the greatest tools of internet safety is the virtual private network, or VPN. This is a dedicated network that acts as a proxy between your actual network and whatever digital spaces you're accessing. If your team doesn’t have a VPN service, you should still consider getting your own for work and for personal use. It’s an easy way to mitigate cyberattacks, data manipulation and access geo-locked content. However, VPNs can also contribute to slow connection speeds and there are VPN-blocking software that exist to compete.
Another nifty tool is a password manager like 1Password which allows you to store various passwords and licenses in a super-secure vault guarded by a PBKDF2 master password. This will get you off storing your passwords on sticky notes and random word docs.
Finally, you should consider visiting your firewall and antivirus settings. Make sure your security configurations are up to date.
3. Know Your Cookies
A web cookie is a piece of data that is retrieved when a visitor reaches a site, then sent back to another destination without any alterations. These are used to track your activity when you visit a site. Cookies allow sites to provide the best user experience (i.e. tracking shopping activity), but supercookies are a specific type of cookie that allow an internet service provider to collect data about a user's browsing history and habits, often without the user’s knowledge. Supercookies are not as transparent as regular cookies, meaning you won’t always be able to see if/when supercookies are being used. The only way around a supercookie is through an encrypted connection, such as a VPN as outlined above.
While cookies are typically no cause for concern, there are some red flags you should always consider. If a website is unencrypted, you should never accept cookies. These sites have less security in place to protect your data, and thus it becomes a prime target for malicious third parties.
Third-party cookies are also less straightforward, and you should usually decline these. These are the types of cookies that allow websites to sell your browsing data and are set up by a different entity than the site you're navigating.
Though less common, your antivirus software may sometimes flag suspicious cookies at which point you should consider deleting them if you accidentally accepted them.
One last rule of thumb is to avoid cookies completely when sharing private data like your bank or social security information.
4. Beware of Access
Systems access: the true joy of onboarding. Companies tiptoe when it comes to systems access for a reason. It’s not only about trust of the individual team member/newbie, but instead about mitigating risk. This is true at the top of the organization all the way down to individual projects. When you send access to a file, project, system, profile or the likes, understand who you’re giving it to and the full scope of the access. Make sure to assess that person’s risk factor, mainly what is their capacity to mess up or have an oversight that could lead to a bigger problem.
Similarly, if you’re sharing a project/asset such as a video, don’t cut corners on what platform you share it through and definitely consider password-securing the delivery among other things. For example, MediaZilla is one of the only video delivery platforms that treats security as a core part of delivery, not an afterthought. Namely, there is no public index of MediaZilla content, all information is https encrypted and you, the sole proprietor of your project, have control over invitations and access which can be adjusted at any point in real time.
5. Create a Mental Checklist
Some online security measures can be solved with common sense, but just in case, here are some common considerations to remember when navigating online spaces:
Enable 2-factor authentication when offered
Don't assume you're fully protected just because you're offline
Back up ALL important data
Keep your software up to date
Beware of plugging in external devices (i.e. phones & flash drives)
ONLY share information and communications on secured, sanctioned networks and platforms
Turn off/deactivate features and programs when you’re not actively using them (i.e. bluetooth, chat services, WiFi)
Be critical of every link you click and every person you interact with outside of your organization