Employees Working Remotely Need to Take Proper Security Precautions

Since the COVID-19 pandemic made its presence known in North America, companies that continue to function have had to dramatically change their work habits. With social distancing measures in place, a huge number of people are currently working remotely from home.

Although this is a great help from a perspective of continuing to conduct business seamlessly, it has the potential to create security issues, since many employees are using their personal computers and devices to either connect with your company network. Although you’ve likely taken proper precautions to secure your network, using a personal computer to connect to it via a personal, possibly unencrypted wireless connection can add a layer of uncertainty.

Here are some things to consider to minimize or eliminate issues.

Clearly communicate to employees your computer security policies.

Whether your employees’ are using their personal devices or company-issued laptops, it’s important that they fully understand company policies and expectations regarding use of devices while doing work. It’s a good idea to review your company’s online policies and procedures, update where necessary to address any possible problems and communicate to them to refresh their knowledge.

Suggest they update their passwords.

For security purposes many companies mandate that employees change their online passwords on a periodic basis. This is an excellent practice that can be very helpful in maximizing their risks against security hacks while working from home. Recommend that they reset their work-related passwords on a weekly basis or every two weeks during this period. Hackers are crafty, and one of the most effective ways to safeguard against breaches is by changing passwords.

If possible, secure your home network.

Most people today have home wifi networks, and most of them are password-protected. You might want to suggest that your employees explore their computer or router instructions to learn if any additional layers of security are available. If so, it would be worth considering making their home connections as secure as possible, as it will not only help them connect with your computer network more securely but also serve them well personally at home after they return to work.

Back up sensitive files and keep them in a safe place.

Consider where sensitive files should be stored within the company’s system. If you have secure cloud- or hardware-based document storage in place that facilitates file-sharing, that’s great. You might also suggest that employees store copies of files on a separate personal drive that’s only used for company files that they keep in a safe place during the time they’re working from home. This could even be a company-issued external hard drive or simply a flash drive that they return to you when they return to work. In either case, only company data should be kept on the drive, just in case a backup file is needed. It pays to be secure.

Instruct them not to click on any unfamiliar email links.

This is a standard part of online security, and everyone knows it but doesn’t always practice it. If employees are working from home and there’s distracting activity in the environment, the last thing they want to do is click on an email link without first considering the source and whether it’s safe. If there’s any question at all. Delete it.

Telecommuting is a necessity for many companies now, and it has been for many others for years. It’s possible that it might become a preferred way or working for some of them once leaders realize the advantage of allowing their employees to not go to the office every day. If employees understand the online security risks they face, it will help minimize the possibility of security breaches and other problems occurring.


For Your Own Safety, Reconsider Your Company’s Email Policy

Ever since Internet-connected computers began appearing on company desktops, employees have been using them to send personal messages, surf the web and sign up for coupons. Most people have become so comfortable with having this convenience, and the Internet has become such a major part of our work toolboxes, that we often don’t think about problems that can result from misuse.

But ask any IT person who has had to search through lines of code to identify and remove a virus that was innocently downloaded by an unsuspecting employee, and you’re bound to hear scary stories of the dangers that lurk in the ether between a hacker and your company’s email server.

Businesses should regularly take a good, hard look at their company’s Internet and email use policy. Of course, we all need web access to do our jobs, look things up and communicate with clients, coworkers and customers. That’s a given. But it’s always a worthwhile exercise to learn what problems exist that could create unnecessary downtime and even loss of revenue, all because someone clicked on a link that they shouldn’t have trusted.

When planning your company’s Internet use policy, there are a few things you might want to consider.

Determine what is approved and what is off-limits.

Evaluate how your company as a whole is using the Internet as well as email, and develop a list of uses that are okay. The point here is not to limit anyone’s freedom, but to ensure that your company’s Internet connection and email applications continue to run smoothly. Some companies, for example, will block Web searches that contain certain keywords that have dicey connotations. Others will block specific websites. It’s up to you as a company leader to determine what you’re okay with and what you don’t want your employees to access.

Only allow file attachments that meet certain size requirements to be sent or received.

Many files, including a lot of those that contain multimedia, like high-resolution photos and video clips, can contain a ton of data. Even a short, 30-second video clip can be several megabytes in size. When you send or receive them via email, they can clog up the server connection and cause Internet speeds to diminish. Determine with your IT leader what size files are safe to attach to email messages. A simple notation in your email system can cause it to display an error message if the file is too large. The good news, there are some great web-based options for large files transfers, and some of them are free to use. Once you’ve checked them out, you can add them to your policy as preferred applications for transferring large files.

Instruct employees from clicking on suspicious links or downloading unfamiliar files.

If you have virus protection on your system, this shouldn’t be an issue, as you might get a warning message about bad links or spam attachments. That said, no one should attempt to open a file or click on a link unless they’re absolutely sure it’s safe. Many company employees receive official-looking emails from what purport to be legitimate companies, and it’s become all too easy to click on the wrong link. Hackers are crafty and smart. Teach your employees what they might expect and what to do/not to do if or when they encounter something that just doesn’t seem right.

Hold in-service training for all employees.

If you present your policy as part of a training session or series, it will provide your employees with the opportunity to ask questions and raise issues for consideration. While company Internet connections and email applications are part of doing business, you also have to remember that not everyone is Internet-savvy. It might take a little explaining to convey the policy. It’s much better to do this than to leave any policy details open to interpretation.


Storing Your Data in the Cloud? Be Safe.

One of the most helpful things to happen to home computing in recent years is the introduction of cloud storage, that nebulous place somewhere out in cyberspace that can store seemingly endless amounts of data.

You’re probably using it right now to store photos, movies, documents, and other data that would take up an enormous space on your computer’s drive. After you’ve purchased a book or a film online and you’ve read or watched it, a simple keystroke or two takes it off your device and puts it into the cloud, ready for you to download it again. Or maybe you share files with friends, family members or co-workers via the cloud. Virtually everyone uses it today in some form or other.

The cloud is here to stay, at least for the foreseeable future, so go ahead and use it. But do so safely. Here are just a few things to be aware of as you’re saving your vacation photos from last year.

As long as you have some security measures in place on your computer, your files should be safe. But your data can be hacked as it travels from your laptop to the cloud. The good thing is that many if not most storage peripherals encrypt your data while sending it to the cloud In other words, it essentially disguises it so that, even if someone does get access to it, they can’t interpret it or use it.

If you access the cloud via a web-based application, one thing you’ll want to look for is a web address that begins with “https.” The “s” means secure, and it appears in the URLs of websites that offer a secure connection between your server and theirs. If the address doesn’t appear this way, you might get a pop-up message that tells you that your server is unable to establish a secure connection. If this happens, you’re better off not using that web-based service. Find another that guarantees security.

This leads to another consideration. Explore and evaluate online cloud storage options before you commit to one, to ensure that the one you’re going to use has a strong track record of providing online security. Look online at ratings and reviews for various services and read user comments to learn which have lots of satisfied customers and which have experienced occasional (or even frequent) data breaches. Also, if you know someone who’s experienced in using the cloud, ask for recommendations. This could be a friend, a relative or a person who works at your local computer store whose opinion you trust. Get the facts before making a decision.

Be extremely careful about uploading personal files if you’re in a public wifi hotspot. While these spots, easily found today just about everywhere — in cafes, waiting rooms and even outside in public squares — provide a level of convenience we all appreciate, they’re not always resistant to hacking. Just as you wouldn’t conduct a banking transaction via public wifi, you’ll want to think twice before you send any personal information on its merry way to the cloud. You just don’t know if someone in close proximity might be able to intercept your sata or files.

Finally, when you do select a cloud service, you’ll receive a password. Keep it confidential, remember it and don’t allow anyone else to have access to it. Your cloud service might even mandate that you change your password on a regular basis, even sending you prompts to remind you to do so. They might also recommend two-step verification to add a second level of security.

Your personal files and data are meaningful to you, so it’s important to incorporate as much security as possible if you’re going to use a third-party cloud service.

5 Ways to Secure Your Smartphone in 2020

With the ever-increasing use of computers and mobile devices and the widespread proliferation of computer networks, there are countless opportunities for cybercriminals to do their dirty work. These people are not easy to pin down. More often than not, they’re working in a clandestine manner. They can be anywhere and can strike at any time. And they’ve usually very, very smart.

For those of us who lead companies that combat this kind of activity, it’s a constant challenge to develop tools and measures that successfully protect your data. Now that we’ve turned a corner into a new year, I’d like to share with you five tips for keeping your smartphone secure.

Use a screen lock.

We live with our mobile devices and count on them to help us connect with people, stay on top of things, run our businesses, and do all sorts of personal tasks. Because of this, we want them to always stay in tip-top shape. That said, you might be surprised by how many people don’t use a screen lock to secure their phones. Whether your phone’s lock can be opened by a difficult-to-guess password or your unique thumbprint, it’s worth it to take this extra measure to keep out those who might pick it up and attempt to access your data when you’re not paying attention.

Install security software.

Smartphones are susceptible to cyber attacks, and it’s expected that this activity will increase in the months ahead. The last thing you want is to open your mail or a social media app and learn that someone, possibly even halfway around the world from you, has stolen your identity or accessed your information. Security software can help prevent this. Download it, install it and activate it today. You’ll be glad you did.

Back up data on a regular basis.

Have you ever had files that were on your smartphone one minute and somehow gone the next? I think everyone has lost photos or other items at one time or another. This won’t be a problem if you take an extra few minutes to back up your data on a regular basis. The good news is that it’s become easier to do this. Often, this can be accomplished by simply connecting your phone to your computer and transferring files. Now, you can also save your phone photos to a small external drive that plugs into your phone. It’s fast and easy, and worth the effort.

Don’t click on suspicious-looking texts.

It’s become routine to provide our cell phone number to companies with which we interact regularly or do business. Text messaging has become the new e-mail, and texts are often used today as part of security verification for some online transactions. That said, don’t automatically trust every text message you receive, especially if it contains a link. If you’re not 100 percent sure that a message you receive is from someone you know, be safe and don’t click. Delete instead.

Update your operating system and apps regularly.

If you haven’t been doing this, you may be surprised one day to click open your updates folder and see dozens of apps that have available updates. It’s smart to update your apps as often as the providers let you know that they’re available. In many cases, the updates contain updated security features that you’ll want to have on your phone.

Have a great new year and stay secure!

5 Computer Security Tips for Coffeehouse Commandos

We see them all the time. Maybe you are one of them. The people who bring their laptops to the nearest wifi-equipped coffeehouse, sip a cup of joe and spend hours working at their favorite table. They send and receive emails, transfer files, FTP web pages to servers, watch videos, connect with their school computer systems, play games and more.

It’s easy and convenient to set up shop at the neighborhood java hut, cafe or fast food establishment. Before you connect, though, it’s wise to do everything possible to maintain a secure personal digital experience, one that protects your computer’s personal files and data.

Below are five tips to help you maintain a strong level of security while enjoying your favorite beverage at the coffeehouse.

  1. Make sure the network you’re connecting to is secure.

The last thing you want is for that guy across the room to be able to hack into your account. For that matter, depending on how strong a wifi location is, someone from next door or even in the vicinity might be able to use that connection as well. While many if not most gathering places do install password protection, it’s better to be safe than sorry. Cyber crimes occur when someone finds a way to gain illegal access to someone else’s account, and you don’t want that to happen.

  1. Don’t do online credit card transactions in a public place.

No matter how secure the establishment’s Internet connection is, it’s just bad practice to use your credit card information using someone else’s wifi account. This includes making purchases and performing online banking activities. Your bank and credit card information are meant to be confidential, and unfortunately, hackers are both smart and devious. This, by the way, also applies to transferring any type of sensitive or confidential information.

  1. Add password-protection to your device.

There are some people who are so concerned about theft that they actually take their laptop or tablet into the bathroom with them when they need a break. If you’re not of the mind to do that, you might at least want to install password protection on your computer so no one can push a button and see what’s on it while you’re momentarily away from it. It can be a hassle to keep entering a code, but it’s worth the extra effort. By the same token, don’t leave USB drives unattended when you walk away, or they might walk away with a fellow patron, even by accident.

  1. Put a privacy filter on your screen.

You’re working on something that’s highly confidential, and you’re doing it discreetly, but there are people at surrounding tables who might be able to catch a glimpse of what you’re doing. They probably don’t care, but people are curious. This is when you’ll want to consider adding a privacy filter, a thin black filter that fits over your screen so it can only be viewed by someone directly in front of the screen, aka you.

  1. Get a VPN for your laptop.

A virtual private network, or VPN, is a technology that increases your personal online security by hiding your Internet protocol (IP) address and encrypting everything you send or receive, thus enabling you to access the web privately. Essentially, it builds a virtual passage between your device and the wifi server, so no one can view your data or even your activity. This is a must-have for anyone who spends time online in a public place.

As with everything else, hackers are crafty types and they’re always looking for ways to access data that’s off-limits to them. By taking the proper steps to secure your devices, you can make things difficult for them while having personal peace of mind.

How to Protect Your Home’s Smart Technology

From Google assistants to lights, cameras, door locks, and thermostats, smart home technology is based around devices connected to the Internet of Things that can be remotely monitored from anywhere.

According to Statista, by the end of 2019, there will be about 42 million smart homes in the U.S. alone; and while they offer convenience, smart devices also welcome digital thieves and hackers into your home.

Here’s some useful ways how you can secure your smart devices that will go a long way toward protecting you and your home.

Use passwords

First, if you are able to protect any of your smart devices with a password, it is best to do so. Remember, keep your passwords hard to guess and don’t reuse a password that you already use somewhere else.

Start with the router

The router serves as the main connection between your smart devices and the outside world, so hackers can exploit it to gain access to your wireless gadgets. It is best to protect your router with and home Wi-Fi with a password.

Don’t rely on the default code that came with the router, instead, choose a new password to reset the router’s security. This will deter malicious hackers from accessing the device. For extra security protection, switch out the code on a regular basis.

Update your devices regularly

This may seem like a no-brainer, but it’s important to download and install updates as and when they appear. This patches your devices against the latest security bugs and keeps them as well-protected as possible from outside interference.

First, if you can protect any of your gadgets with a password, then do it. Remember, don’t reuse a password that you already have in place somewhere else.

Use two-factor identification

Another way to further secure your smart home devices is to implement two-factor identification. This prompts you to enter a code (which is sent to you via another device) each time you log into an app. It’s just an added layer of protection to prevent someone from accessing your accounts. Security experts also suggest rebooting your smart-home devices weekly as an added security measure. The reboot will automatically download new security and privacy settings as it reconnects to the internet.

It’s no surprise that smart technology has changed the way we operate our homes and lives. With that said, consumers need to be proactive, rather than reactive, about their smart-home security. By implementing a few of these simple measures, you can protect your privacy and your family from potential harm.

Password Fatigue: What It Is and How to Beat It

According to The 2019 State of Password and Authentication Security Behaviors Report, the average person spends almost 11 hours each year entering and resetting online passwords. As we create more and more profiles and accounts and live our lives online, it’s no wonder that so many people suffer from what’s known as “password fatigue.”

Password fatigue describes the feeling of annoyance and stress people feel with having to craft, remember, and enter tens or even hundreds of passwords at work or school and in their personal lives. Mobile devices have made password fatigue even stronger, as typing on touch screens can be difficult for some users.

As a result, many users choose the simplest passwords possible and often use the same login credentials across numerous accounts. Many sites require passwords to meet criteria like length, numbers, capitals, and letters. Unfortunately, though, hackers have taken advantage of this fatigue with breaches to some of the world’s largest systems. Even worse, a study by Norton found that 40 percent of users don’t bother to create complex passwords or change their passwords regularly.

So, how can we beat password fatigue while keeping sensitive data secure?

On an individual level, commit to creating more complex passwords and changing them often. You can also use a password management software that securely stores all of your passwords in one place, accessible by entering just one master password. Remembering one password is much less tiring and stressful than keeping track of hundreds.

Identity and access management (IAM) professionals are also constantly coming up with innovative alternatives to traditional password login systems. More companies are beginning to adopt two-factor authentication, although it is still far from the norm. Some in the IAM industry believe that biometrics will replace passwords in the future. Fingerprints and face recognition would both strengthen data security and reduce password fatigue by requiring a simple touch or look.

We may even see the implementation of physical security keys to protect data. At work or school, you would receive a device to insert into your computer, which then gives you access to your documents and other information without having to enter any login credentials. When the device is removed, nothing can be accessed. While this strategy is not foolproof, in cases when the key is lost or stolen, for example, it could be the future to eliminating password fatigue completely.

The Internet of Things: What it Is and What it Means for Security

The Internet of Things (IoT) might sound like a complicated, futuristic idea. While there are complex aspects, understanding the main idea is actually quite easy. The IoT is a network of devices that are web-enabled and use the internet to make our lives easier. 

By communicating with each other, internet connected objects streamline an almost infinite number of processes for both work and play. Most of us know about IoT devices like digital assistants, doors you can lock from your cell phone, and watches that track your physical activity. In addition to these everyday devices, IoT helps industries like farming, healthcare, air travel, oil drilling, and more to work more safely and efficiently.

While the IoT has made the world a lot easier for almost everyone, it also comes with risks. The more connected devices we use, the more personal data we put out into the world and the more vulnerable we become. Data like your home address, banking information, birth date, gender, and other identifying information may be stored in IoT devices. Even scarier, downloading apps and software onto your devices is a major way that hackers are snatching people’s data. From GPS trackers to sound recording software, bad actors are finding new and terrifying ways to invade users’ privacy, steal their information, and use it for their own gain, Today’s data thieves have more opportunities than ever before to steal your personal information.

So how do you protect yourself without giving up the convenience of your IoT devices? 

First, choose more secure login methods instead of passwords if you can. Using your fingerprint or facial recognition to authenticate reduces your risk of being hacked. Look for devices and programs that require two-factor authentication, too. Receiving a secondary, temporary password to enter after you log in lowers your risk of a data breach. 

One of the easiest ways to secure your data is to connect all of your IoT devices to a “guest” network at home and use your regular network for your phone and computer. Doing more sensitive activities (like online banking or shopping) on the regular network protects your data. And if your guest network is compromised, it won’t act as a gateway to your personal information.

As IoT becomes more mainstream, more and more platforms are focusing their innovations on security. A stronger focus on maintaining users’ privacy on web-enabled devices and better data management could make living in our ever-connected world even more convenient.

Reddit Security Breach and Other Forum Digital Security Breaches

On Wednesday, August 1st, Reddit announced that it had uncovered a data breach, according to NBC News. Hackers were apparently able to access a database containing email addresses linked to user accounts, including email addresses from some current accounts as well as a 2007 database backup that included old passwords that had been “salted and hashed” (in layman’s terms, they were scrambled for digital security protection).

Hackers were also reportedly able to access email addresses and public and private messages in the old database, Mac Rumors and other outlets reported.

Reddit reportedly sent an email to all affected users, which was mainly people who joined Reddit in 2007 or before. That’s a great proactive step, and it’s certainly better for those who might have been affected by the security breach to know sooner rather than later.

But this breach is clearly very serious, especially for a site that allows users to be fairly anonymous in their correspondence if they choose to be. It is possible that a database of emails connected to Reddit usernames could make it easier to link anonymous accounts to people’s identities, NBC News pointed out.

So what should you do if you were impacted by the Reddit security breach, or if this ever happens on another online forum you’re a member of?

The truth is, you can’t just delete your Reddit account and hope for the best. The information is out there, but there are steps you can take to protect your account on the site or on any sites where this could happen (and really, it could happen anywhere).

Reddit is recommending that users who are using passwords similar to the ones they had in 2007 should change them, but it’s probably not a bad idea to change your security login info even if you know you’ve changed your password and such since then.

Reddit also recommended that users enable two-factor authentication; take advantage of that extra security step is important whenever it’s available. Even if you weren’t specifically impacted by the Reddit breach, changing your password and setting up the authentication is a definite better-safe-than-sorry move.

Running a dark web scan to see if any of your information, like your phone number or email address, are floating around the web, and monitoring your identity online is never a bad idea either. If you’re not sure how to do all of that, a digital security expert can help.

It’s a good idea to always be careful about what you share online, but security breaches happen. The best thing you can do after they occur is take proactive, appropriate steps to protect your information and identity, on Reddit or any other corner of the web.

How To Keep Even the Most Basic Email Account Secure

Today, it seems there’s no shortage of stories about email hacks or online data security breaches. Just recently, Lifelock — which is meant to help consumers protect their identities online — was the victim of a massive customer email address exposure, according to Mashable.

If you know very little about email security, those stories can make you feel hopeless when it comes to trying to protect your information and identity. With that said, there are steps you can take to better protect your email account.

daniel-falcao-418398-unsplash (1)

Password Security

Password security, and more specifically, the complexity of the password you use to protect your email account, is significantly important. Don’t just throw together part of your name and birthday and call it a day. Make sure to use numbers, symbols and uppercase and lowercase. Consider also making your password long, as opposed to a short string of a couple characters. Lastly, consider using password generators to provide a complex, multi-character password that will be more difficult to break.

As one final note for strong digital security best practices, do NOT reuse your password across multiple digital platforms. The reality is that if and when a web service you use is hacked and the password you use on that platform compromised, if you had used the same password on other platforms, they will now be at risk as well. Yes, it takes extra work and remembering multiple passwords is never fun, but this mitigates a lot of extra digital security risk.

Security Questions

First and foremost, if your email platform allows for 2-step verification, always turn it on. This verification process is highly important in increasing the security of your account.

Outside of that, most email platforms have a security answer question process to recover accounts or gain access to them. In the same vein, your security question answers shouldn’t be obvious for just anyone to come up with either. If you’re friends with your mother on Facebook, and she lists her maiden name, and one of your security question answers is her maiden name, that is incredibly easy for someone to work out with very little research. The answer to a good security question shouldn’t be easy to guess, and should be something you’ll remember — even if it’s an answer that doesn’t actually make sense with the question. If you’ll remember it, and someone else wouldn’t know it or be able to research it, that’s really what matters.

You should also always be sure your recovery options are up-to-date. Don’t just leave it to fill out later. If someone gets into your account, and you’re alerted, you’re going to want to have a recovery option like your personal phone number set up so you can fix it ASAP. Check out your recent activity often, too. If it looks like someone has tried to log in from somewhere strange, that’s something to flag, and means it’s time go in and change your password just for good measure.