The message to everyone from the National Cyber Security Alliance this month is "STOP. THINK. CONNECT." It's Cyber Security Awareness Month and through those three words, they want everyone to stop for a moment, think about your online actions and how they can impact your safety, and then connect to the internet with the knowledge and awareness needed to safeguard yourself.
Sounds simple enough and generally should be common sense to most of us, but I'd also like to ask that we extend this beyond the personal nature. In business, we should be asking our employees to do the same in their actions in our work environments. The reason I say this is because those actions can easily have an impact on the personal lives of others as well. In our economy, with so much business now conducted online it's becoming increasingly common for businesses to ask you to quickly create an account on their site using one of your social media identities and permit the sharing of information. Think now of data breaches where personal customer info and passwords are leaked and the impact that can have. This can quickly create a domino affect if someone at one of those companies makes an error and releases your info. For a very scary and detailed account of such an occurance and the impact it caused, have a look at this personal recounting by Mat Honan (Senior Writer at Wired's Gadget Lab). Following that incident, Apple and Amazon each evaluated their procedures and took steps to avoid potential recurrences.
Such events are a pain for everyone involved, so during this month of Cyber Security Awareness, have a look not only at your own practices and potential vulnerabilities, but do the same in your work. Even if you are not in IT, there are still things you can do to help your company. Here's two very simple checks that any end user can do to help with IT security.
- Is your password on this list of most commonly used?
- Do you tape your passwords to your monitor?
Or you can even take it a step further, maybe you have access to sensitive data or file shares that you no longer need to use in your job? If that's the case, speak up, and tell IT so they can remove your access so that no one else can use it as an entry point. Think of it as having a bunch of unecessary keys on your key ring that could potentially be used if you ever lost it. These little things may seem small in the grand scheme, but it's not uncommon for breaches to occur from access through an end user's account on the front lines. Don't be the one who provides that entry point. Be aware in your own online actions and in your work, and do so all year round - not just in October.