Technology and the internet have permeated through to every aspect of our lives, slowly percolating their way into businesses functions. While it has helped transcend boundaries and collaborate at a pace which was not thought possible even a decade ago, the side effects come with a similar momentum. The gaping vulnerabilities which seem to surface everyday are posing a serious threat to the economy at large, and are especially challenging for organizations to remediate.
Recent statistics demonstrate the velocity of the issue – The Indian government’s cyber security arm: Computer Emergency Response Team-India (CERT-In), pegged the cybersecurity incidents reported in just the first 5 months this year itself at 62,189, as compared to 71,780 incidents through 2013.
Our involvement at crucial stages of an organization’s tryst with battling cybercrime has made it clear that emphasis on basic security hygiene protocol works as your best defence. This begins with creating a more conscientious workforce, where employees are attuned to the implications of tech carelessness. We have highlighted a few crucial elements, which may seem trivial, but go a long way in helping curb cyber-malice.
A personal call to action
- Do not write down and leave around your passwords and maintain a clean desk
- Restrict usage of removable storage media
- Avoid unknown websites or emails
- Do not install unauthorised, free or pirated software
- Protect your cards – Ensure all your credit/debit cards are renewed with the bank to include the chip/pin technology. Scrub out the CVV number from the back of your Visa/Mastercard and memorise it. Also purchase services that provide anti-fraud insurance cover on your cards. Do not store or write your ATM/ credit card pin openly. Keep track of the information alerts sent by your bank about each transaction.
- Protect your smartphones and tablets – Ensure your phone has advanced security features like encryption of phone and external memory and auto-wipe due to failed unlock attempts. Do not jailbreak or root your devices and avoid installing unauthorized apps.
- Protect your home network and computers – Ensure your home network and Wi-Fi is protected with strong passwords. Ensure all home devices have anti-virus, firewall and individual accounts created without administrator rights. Keep a separate administrator account for maintenance or infrequent admin activities. Do not store unencrypted hard drives, memory sticks/cards etc. that have sensitive information openly. Use encryption tools to encrypt all drives.
- Avoid personal usage of data on official machines and vice versa – Company provided assets are governed under the rules and regulations of the enterprise, while personal IT assets are not. Personal devices could be compromised more easily and therefore using official data on these machines can cause data loss or data theft. These vulnerabilities can spread due to transfer of the data using external media storage devices.
- Printing – Printed copies should not be left unattended on the printer. This prevents from data to be accidentally leaked into the hands of other unauthorised users.
- Report what you see – Employees should stay alert and report any suspicious behaviour, which includes:
- Someone suspicious roaming within the office premises
- Receipt of targeted phishing emails
- Unusual behaviour of the system
- Unauthorised/ unknown software installation on the computer
- A phone call that hints to be a social engineering call related to the company
Ultimately, the battle to create virtual safety is still at a rather nascent stage, despite the upheaval it has caused in recent times. The industry is struggling to tackle the situation at a macro level, and organizations are grappling with adding even more technology to the fray to bridge any identified gaps in virtual networks. Despite this uncertainty — in fact, because of it — you need to be clear about the basics.