Technology is becoming a bigger part of our lives and businesses every day. For a while now, we’ve been increasingly using mobile devices for everything from email to Web browsing to making and receiving payments. The next big horizon is the Internet of Things: devices of all kinds—TVs, home appliances, cars, medical equipment, etc.—are being outfitted with computer chips that will connect them to the Internet and to each other. No flying cars yet, but otherwise, it really is getting to be a Jetsons world.
Unfortunately, this is also leading to what cybersecurity experts call a “broadening attack surface.” More Internet-connected devices mean more targets for cybercriminals to go after. Inevitably, they will figure out new ways to steal that Internet-shared data, perhaps even from your business.
One of the ironies of cybersecurity is that it is easy to get caught up in headlines about the most high-tech potential threats, while overlooking mundane security fixes you can make right now.
For instance, make sure your employees’ passwords are strong and frequently changed. Passwords are the weakest link in any business’s data security. They can be lost, stolen or even guessed, and once a hacker has a valid password, all the security software in the world is useless. In 2014, when celebrities had their iPhone accounts hacked and their private photos posted on the Web, some media coverage focused on the question of cloud security. If Apple’s cloud was so secure, how did all those embarrassing pictures get stolen? As it turned out, Apple’s cloud was plenty secure. Bad guys got into it not because they were evil coding geniuses who hacked their way in, but because they were able to 1) steal passwords that had not been secured, and 2) guess passwords that were too simple or obvious. These are exactly the same dangers businesses of all sizes face. Many businesses don’t prompt their employees to change their passwords regularly, or let them get away with passwords that are easy to guess (i.e., their name or “123456”).
Encourage employees to substitute passphrases for passwords. An example would be the first letter of each word in a favorite song lyric that is at least 10 words long. For instance, the immortal Jetsons theme song, “Meet George Jetson, his boy Elroy, daughter Judy, Jane his wife” becomes the passphrase: MGJhbEdJJhw. Hard to guess, right? Now, to increase protection, you might add some symbols like :-). That gives you a passphrase that you can remember, while improving security. The most secure are 20–30 characters long and include upper and lower case letters, symbols and numbers.
Until more sophisticated forms of identity protection like biometrics or voice recognition are widely available, we’re stuck with passwords and passphrases. There are, however, a number of free password and passphrase generators online (e.g., Norton’s password generator) to make it easy to improve secure access. And there are also many inexpensive password management apps (among them, Last Pass) that can help employees keep track of them.
One other easy cybersecurity fix is training your employees to be on the lookout for email phishing scams. Cyber thieves often bombard businesses with emails that look legit at first glance, but contain links or attachments designed to trick employees into giving away valuable data, like passwords or bank account numbers. There are numerous free resources online to help you and your employees spot and avoid scam emails. One place to start is the website of the Anti-Phishing Working Group or APWG.
Applying improved employee network access management practices, and staying on the lookout for phishing scams, are very cheap ways to make your business’s data more secure. And unlike the Internet of Things, they are here right now.