Even IT security professionals are guilty of developing bad habits and making some of the common security assumptions that place data at risk. There is now a legion of cybercriminals ready to take advantage of security vulnerabilities that have been allowed to develop. If you don’t correct bad security habits, there are criminals ready to take advantage.

Protecting company assets from cyberattacks used to be a fairly straightforward process. Many attackers were opportunistic and amateurish. They would hunt for companies or individuals with little to no security, and would take advantage. Spam emails would be sent out in the millions in the hope that some individuals would respond. Those emails were not even run through a spell check. They were easy to identify.

Today, the situation is very different. Sure, there are still many amateurs out there, but today’s cybercriminal is a different beast entirely. The men, women, and even children who are conducting attacks are organized, highly motivated, and they possess a wide range of skills. They are professional and their job is to make money online. They do that by taking it off of other people.

The attack surface is now broader than ever before and the threat landscape is constantly changing. Keeping data safe is no longer easy.

How is it possible to defend data with a constantly changing threat landscape?

It is difficult to keep networks and data secure, but it is far from impossible. It is essential not to make some of the common security assumptions that leave data unprotected, and to take a step by step approach and ensure that all Internet connected devices are secured.

Virtually everyone now has at least one Internet-connected device. Many people have several. With Internet-connected devices being so common and an essential part of daily life, one would think that we have all become quite good at ensuring those devices are secure. Unfortunately, that is far from being the case.

Furthermore, there are now so many data security threats that it is virtually impossible to keep track of them all. We now need to watch out for viruses, malware, spyware, rootkits, and ransomware. Then there are denial-of-service attacks to prevent. Cyberterrorists want to delete and corrupt data and take businesses down. Scammers are using social engineering techniques to obtain login credentials. Even your ex may be uploading and sharing compromising photographs of you online. The digital threats now faced by everyone are considerable. For sys admins it is even worse. So how is it possible to protect against all of these threats?

The best place to start is by determining what needs to be protected. There are many threats, but what is it that attackers all want? The answer to that is data. They may want to steal it, share it, corrupt it or delete it, but regardless of their intention, the worry is data. To protect data, you must know what data you have and where they are stored.

To protect your assets, you must first define your assets!

The first step to take if you want to protect data is to determine what data cybercriminals would like to obtain. This may seem obvious. Criminals want your bank account password and login name and your credit card numbers. However, that is not all they are after. One of the most common security assumptions is thieves are only after financial information. In fact, more money can be obtained from other data.

Assets you must protect

Cybercriminals want more than just your banking information. They would love to steal…

  • Social Security numbers
  • Government ID numbers
  • Passport details
  • Medical records
  • Insurance IDs and provider names
  • Financial records
  • Credit card numbers
  • Health insurance payment histories
  • Online passwords
  • Email addresses and passwords
  • Personal data such as dates of birth, genders, ages, addresses, & telephone numbers
  • Employment histories and employer names
  • Information that allows security questions to be guessed
  • Education histories
  • Business plans
  • Legal documents
  • Trade secrets

Many common security assumptions lead to data theft and financial loss

Once you have identified all the data that need to be protected, you must determine where those data are located. Where is information stored, and who has been given access? You must also forget a lot of the common security assumptions that many people are guilty of making. Common security assumptions invariably leave data exposed. What are these common security assumptions? One of the biggest is that the people that are trusted to secure data are putting all of the necessary safeguards in place to make sure information is secured. That is not necessarily the case.

If you want to keep your data secure, you need to develop some good habits and stop all the bad ones.

Bad security habits to eradicate

  • Not being aware what data you have
  • Not being aware where data are saved
  • Being unaware of your bad habits
  • Leaving data security to others
  • Storing data in multiple locations when it is not necessary
  • Sharing passwords with friends, family members, or work colleagues
  • Reusing passwords across multiple online accounts
  • Using passwords that are easy to guess
  • Believing most of the stuff you read on the internet or receive in an email
  • Trusting an email because it has been sent from someone you trust
  • Writing your login credentials down so you can remember them
  • Installing apps and software without checking authenticity
  • Giving out too much information about yourself online
  • Oversharing personal information on social media websites

Good security habits to develop

  • Using secure passwords containing letters, numbers, upper and lower case characters and special characters
  • Changing passwords at least every three months
  • Using a different password for each online service
  • Keeping your password totally private and not even sharing it with your partner
  • Keeping abreast of the latest data security news
  • Setting software to update automatically
  • Checking for security patches and software updates on a daily or weekly basis
  • Not storing your passwords in your browser database
  • Locking your devices (phone, tablet, desktop, laptop) with a security mechanism
  • Encrypting your communications
  • Not always answering truthfully when asked about your personal information online
  • Using a web filtering solution to block malicious websites
  • Stopping and thinking before taking any action online
  • Assuming that all email attachments are malware until you determine otherwise
  • Using powerful anti-spam, anti-malware, and anti-virus software on all devices
  • Ensuring devices do not automatically connect to open Wi-Fi networks
  • Not installing any software on work computers unless authorized to do so by your IT department

Develop good habits, stop making common security assumptions, and eradicate your bad habits and you will be much less likely to become a victim of a cyberattack!