As the threats of hacking and cyber attacks continue, how can you navigate the Internet without exposing yourself to attack? Shlomi Adar, an Israeli information security specialist, has released eight simple instructions to avoid the common mistakes that allow hackers to target employees working at organizations.
- Custom Permissions according to Position and Necessity – Adar began his list by calling to use organized permission definitions in having organization supervise employees’ computer activities. He recommended the limitation of installation permissions according to employee’s positions, allowing the installation of applications needed for that position.
- Surfing the Internet – the specialist warned against visiting websites not used for work, particularly free game sites which often have spyware or tracking software, as well as sports sites and online chats.
- Using a Laptop – Adar warned against having employees carry a laptop between their work and home environment, noting the home network is less secure than an organizational connection. He called to separate work and home connections and not allow children and other users to access the work laptop.
- Loss or Theft of Laptops – laptops, tablets and smartphones are more prone to loss or theft given their portability, noted Adar, who called to encrypt mobile devices and install a system that can locate and erase information remotely if needed.
- E-Mail – the most common cyber threat has become “phishing,” or sending messages or e-mails to bait employees to click on links and then gaining access to sensitive information. Hackers often disguise links to look as if they are from reputable sites like PayPal, banks, Gmail, Facebook and others, and a single click on such links may implant a virus in the computer or make the users update their personal information in a dummy imposter site, and that is how they actually give away extremely sensitive details to the hacker, including passwords, unknowingly.
- Setting Passwords – Adar recommended opting for complex passwords with upper case and lower case letters along with numbers and special characters to block automatic password cracking software. He also warned against using birth dates, children’s names, or other information that can be reasonably guessed, and suggested changing passwords relatively often without reusing similar passwords.
- Physical Security – information security is not just in the realm of the Internet; it also requires physically making sure that visitors to an organization’s offices are closely escorted and have to identify themselves, and documenting their arrival and departure.
- IT Department – no organization would be complete – or secure – without an IT department, which should be assigned on the organizational level with managing information security, control and monitoring. The IT department likewise is tasked with implementing procedures to prevent human error. Also, the organization has to hire external advisers (specialists) to fill in the needs the IT department is not expected to answer, such as handling emergency incidents and events or general unusual occurrences relating to information security.