The relative costs of data leakage have been increasing over the years, no doubt caused by the growing role of computers in businesses. Security vendor Symantec sent me a tongue-in-cheek list of top surefire ways to lose your data in 2013 (Flash).
I agree with many of the items on the list, which prompted me to ponder the steps that SMBs can adopt to ensure that data is not compromised. Below are four tips on how not to lose your data in 2013.
We wrote about the dangers of USB flash drives on SMB Tech as early as 2008, when the U.S. Army had just imposed a ban on USB flash drives and other forms of portable media. And though Microsoft has made it such that Windows will no longer load auto run without prompting, computers running an older version of Windows may still be vulnerable. So unless you are absolutely sure of what you are doing, do not plug in USB drives from unknown or dubious sources.
According to Symantec, cyber criminals make use of social networks to spread viruses, perpetrate fraud and distribute spam and phishing messages. While we intuitively know that a “friend” and “follower” isn’t necessarily who they say they are, it is also true that we instructively lower our guard when dealing with those who purport to be our friend. This may lead to inadvertent mistakes that compromise our data security.
Moreover, hackers are also able to glean for additional information used to pull off a social engineering attempt. For a more in-depth explanation of how wanton adding of friends can be exploited, check out “Possible Attack Vectors Using Social Networks,” where I outline the dangers and susceptibility to exploitation.
The BYOD trend means that confidential data typically accessed only on desktop workstations are increasingly being accessed from mobile devices such as smartphones and tablets. However, even the strongest encryption is of no use if the devices they protect are already switched on and accessible without a password.
As you can imagine, setting up a screen lock on portable devices is absolutely vital. This tip pertains to PCs too, and should also be configured with the use of a password-protected screen saver or self-locking timeout.
Perhaps the largest problems to security are employees who copy confidential data to an unencrypted USB flash drive to work on at home. Such actions place tremendous risks on the organization given that storage devices are easily misplaced or stolen. Indeed, it is my personal opinion that no business data should ever be transported unencrypted, whether on storage drives or on the disk drives of laptops.
It is understandable though, that encryption tools for flash drives may not be intuitive or convenient to use. In my next blog, I will be talking more about some secure methods by which employees can securely access their work from home.