Security in 2022 is simultaneously an incredibly simple and precarious balancing act. We are surrounded by technology that improves, simplifies, and rules our lives. Our phones have access to our credit cards, desktops are filled to the brim with family photo albums, and our workplaces are bound together by networks of servers humming away in silent corners of our offices. As ransomware attacks and other unfortunate data breaches become cheaper and easier for bad actors to execute, we have a duty to take actions that secure our privacy online.
Updates
The simplest security tactic you can implement is regularly updating your software. We understand the frustration of sitting down to work only to be greeted by requests to shut down your machine in service of an update. It intrudes on workflow and often seems frivolous, but that could not be further from the truth. More often than not, software updates are done to patch out exploits. Software engineers have a personal and professional stake in keeping their products secure for their customers. Nobody wants to release the app that costs them millions in lawsuits or has their name tied to weeks of negative press[1].
If you think of security as an arms race, we can begin to see why updates are crucial to the continued digital safety of your workplace. Hackers rely on back doors, loose locks, and dropped keys. Software updates shut those doors tight and continue to provide digital safety. Every security breach acts as a teaching moment for developers. When a single customer loses their data, developers are presented with the opportunity to address a new security issue. Updates are an effortless asset in the security toolbox, and while they may put a brief pause on work, the time spent is well worth the benefits received
Phishing Scams and Spam
Emails have been around for decades. They’re the default mode of communication in professional settings, they’ve become the mailbox of the modern world, and a world without email is one without effective communication. That doesn’t mean that emails are flawless. Brad Tempelton, founder and CEO of ClariNet Communications, the first company founded to engage in commercial activity over the early Internet notes that email scams and spam have existed nearly as long as email itself has existed[2].
Like anything, we need to employ our critical thinking and best judgment. Phone scams and pyramid schemes are met with skepticism, and emails need to be treated with equal scrutiny in the workplace. When we receive emails that ask for information or take us to unfamiliar webpages, it’s always better to be safe than sorry. Follow up with someone if an email address seems suspiciously similar, risk seeming over-cautious rather than clicking blindly on a convincing scam.
Securing credentials
Movies have given us a popular, if flawed, perception of hackers. We tend to overlook one of the hacker’s preferred methods of entry, the login screen. Of course, passwords are often brute force cracked by algorithms tirelessly testing out common letter combinations, and workarounds are found for systems every day, but if a bad actor can pluck a password out of a recycling basket or talk an unsuspecting coworker out of private information over the phone, then that saves them time and resources.
We need to remember that our security online doesn’t stop at the computer screen. Avoid writing passwords in unsecured emails or texting them to untrustworthy recipients. If “IT” asks for an administrative password, insist on entering it yourself rather than sharing it. Change them early and often, and establish office-wide best practices that generate uncommon passwords that are easy to remember to deter coworkers from writing them in easy-to-lose places.
Encrypting your files
In many workplaces, sensitive information is exchanged hundreds of times per day. Internal communication, social security numbers scrawled on contracts, and scans of driver’s licenses are piped from system to system to keep work happening smoothly. If a hacker is able to “wiretap” your file transfers, then they can pluck your unencrypted files out of a stream of data and lay bare their contents. Unsecured or public wireless networks are points of entry often overlooked by remote employees, and hackers love dipping into these streams of naked information to see what they can find.
End-to-end encryption is the process of obscuring that data while it’s in transit. Encrypted data can only be read when unlocked by a randomly generated key, meaning intercepted data is effectively useless to an unauthorized third party. File sharing services that offer simple end-to-end encryption and secure file retrieval are an easy way to secure your business’s everyday dealings.
Education
By reading this piece, you’re already setting yourself apart from the competition. By far, the weakest link in security infrastructure is the lack of information[3]. The three most common points of entry for ransomware attacks — phishing, poor practices, and training — boil down to gulfs in education. We need to keep our workplaces well-informed if we want to protect our businesses from bad actors. Taking a little time out of our schedules each quarter to update colleagues will pay off dozens of times over.
When it comes to online security, knowledge is power.
Join AXEL
We creature secure ecosystems for your sensitive data. Our end-to-end encryption, secure fetch, and dedication to privacy easily slot into any workplace. AXEL is the industry leader in private and secure file storage.
You can try AXEL Go Premium with all features unlocked free for 14-days. Sign up today and see how AXEL Go can improve your workflow and supplement your organization’s cybersecurity
References
[1] “5 Reasons Why It’s Important to Update Your Systems Regularly.” Datek Solutions. Accessed April 21, 2022. https://www.datek.co.uk/blog/software-update#:~:text=Increased%20efficiency,giving%20greater%20efficiency%20to%20users.
[2] Reaction to the DEC spam of 1978. Accessed April 21, 2022. https://www.templetons.com/brad/spamreact.html.
[3] Johnson, Joseph. “Leading Cause of Ransomware Infection 2020.” Statista, February 16, 2021. https://www.statista.com/statistics/700965/leading-cause-of-ransomware-infection/.