We all have confidential information to protect, both privately and in our professional work. It is increasingly common to read news about companies that have had their own information and that of their customers stolen. In many cases, what has led to the theft is the basic computer security deficit of some of its employees. We all have a responsibility in the use and storage of confidential information by electronic means.
I recently published an article in Herrero Digital entitled ” Basic Computer Security for Professionals ” dealing with this topic, highlighting those small security measures that cost little and provide so much value, explaining their importance and why they are necessary. I reproduce it below:
BASIC IT SECURITY FOR PROFESSIONALS
Table of Contents
When I write ‘professionals’ I am not referring to IT professionals. All of us who are part of a profession and use computers as an essential tool for our work usually handle private or even sensitive information. We must be aware of maintaining professional secrecy, confidentiality and adequately safeguard all information considered personal according to the LOPD (Organic Law on Data Protection) and even avoid espionage by people outside our work, which although it is seen as a A distant event happens, although it may go unnoticed because it is not detected.
I want to highlight some basic computer security measures both within the work environment and when working outside of it. I will define each specific measure and explain why it is important to take it into account.
Keep your computer up to date
This is something that security experts never tire of repeating and many consider that the most important thing for the security of a computer is to maintain the operating system (Windows, OS X, Linux, etc.) of the computer and the programs that are used Updated with the latest security patches . This is because as soon as a security problem is known in an operating system or in a program, cybercriminals analyze it and quickly look for a way to exploit it to achieve their ends. If we install the updates before a possible malicious program takes advantage of a security flaw and infects our computer, we will be better protected.
Use an antivirus on your computer
Every day we get more external information, download files and surf the internet a lot. Therefore, it is essential that the computer has an antivirus installed that acts as a guardian against so many possible threats. There is a false myth that Macs do not need antivirus, but it is simply a myth. It is true that cybercriminals pay less attention to Macs as they are less widely used than Windows computers, but they also need antivirus.
Be wary of external information carriers
It is common to receive information on USB memory sticks, CDs, DVDs or external hard drives. If possible it should be avoided. These media must be treated with caution and therefore have them analyzed by an antivirus before being used. In the case of USB memory sticks or DVD reading units, it is important to configure them so that they are not executed or used automatically, in such a way that they can be analyzed and that it is the user who decides what to do with that information medium. There is malicious software that if it has infected a USB memory and is inserted into a computer that automatically executes the contents of the USB memory, the computer will be infected. Antivirus systems usually protect against this threat. It is just as dangerous that they give us an unknown USB memory as that we lend one of ours, use it on another computer and later insert it into our computer.
Lock an unattended computer
When we move away from our computer for a moment it is important to block it. It is an operation that takes a couple of seconds and prevents someone from using the computer while we are away. If we leave the computer operating in our absence, someone could steal information using a USB memory, infect our computer, send an email message (and then delete it to delay its detection) for which we will be responsible or delete / modify important information.
Use trusted internet connections
When you are with a laptop or tablet outside our office , public WiFi networks are sometimes used , which poses a high risk to the security of our information and that of the company. If we still consider it absolutely inevitable to connect to a public WiFi network, we should at least use encrypted connections (for example, using websites whose address begins with ‘https’ instead of ‘http’). Ideally, we would use the laptop or tablet with the internet connection of our own mobile phone (better with a cable than the WiFi of the phone). Even better would be to use a VPN service(Virtual Private Network) that guarantees the confidentiality of communications by encrypting all internet connection.
Special attention to this rule must be paid in crowded places such as fairs or airports, where it is common for cybercriminals to spy on WiFi communications. A common practice they use is to create a WiFi network with the same name as a nearby restaurant or cafeteria, with great power, and leaving it freely accessible. Many people will consider that it is the WiFi of those establishments and will think that it is safe, when in reality someone is spying on all the traffic that circulates through that WiFi network.
Use of personal devices in the company
It seems important to highlight the information contained in an article I wrote a few months ago, ‘ Mobile strategy for companies (3): BYOD and private applications ‘, where important aspects such as cloud storage, loss or theft of devices are reviewed, privacy, applications allowed and prohibited or what happens when an employee leaves the company, all analyzed from the perspective of the use of own devices in the company (BYOD: Bring Your Own Device = Bring Your Own Device).
I want to finish this series of measures by talking about some habits in the use of passwords that if you practice them you will get the most fervent appreciation from cybercriminals:
- If you use one of the most common passwords , such as ‘123456’, ‘password’ or ‘qwerty’ they will love you for life.
- If you use personal information in the password, such as date of birth, phone number, name of a pet, etc. you should know that there is so much public information about us that this practice is a high risk. If you follow this practice, cybercriminals are going to make you wave.
- If you reuse the same password for multiple uses, you cannot imagine how cybercriminals will love you, because once they know it, it will be the key that will open all the doors they need without any additional effort. If it weren’t for the risk involved, I’m sure they’d send you a Christmas greeting card every year.
- If you want to make a cybercriminal happy, you must use very short passwords (less than 8 characters) or that are words that can be found in a dictionary so that it is very easy for them to try the different possibilities and find yours.
- Finally, if you ever find a beautiful gift with a red bow on your desk and you are one of those who write passwords on a post-it, you can be almost sure that the two things are related.
I think humor is a good teaching tool, but I want to make it clear that I am not trying to frivolize on this topic because computer security is really a very serious matter . Therefore, do not forget to update your operating system and your programs, install an antivirus on your computers, try to avoid or handle external storage devices with caution , if you are going to be away from your computer, leave your session blocked, use only secure internet connections trust , implement and comply with an appropriate policy in the use of personal mobile devices in your company and take care of the strength of your passwords , and if possible use a second authentication factor.