Top security tips revealed by industry experts

Tech professionals and executives share their top security tips for work—and home.

Geek Squad's FBI informant case illustrates need for good IT policies TechRepublic's Dan Patterson and Bill Detwiler discuss the importance IT security policies in the wake of news that some Best Buy's Geek Squad staff were paid FBI informants.

Regardless of your career, when you work with technology you're usually inundated with security risks and threats, many of which are tough to keep up with. Whether you face application or operating system vulnerabilities, insecure passwords, phishing attempts, scams, social engineering gimmicks, or more, it's important to stay nimble and aware. This can be challenging when there is another data breach or must-patch vulnerability on a weekly basis.

Technology professionals and executives are no strangers to such challenges, but being industry insiders often gives them a leg up on the security realm.

SEE: IT leader's guide to big data security (Tech Pro Research)

Here is a compilation of the best security tips recommended by both hands-on tech pros and the executives who lead them. Hopefully, this advice will make your job (or consumer endeavors) easier.

Joe Diamond, Director of Security Product Marketing Management, Okta

The best security tool you can possibly have is common sense. Even the best, bleeding-edge security tech can't save you from a sophisticated targeted attack. However, here are a few additional digital security tips to keep in mind according to Joe Diamond, Director of Security Product Marketing Management, Okta.

  • Separate browsers are a great idea, but virtual machines (VMs) are even more secure because they are an isolated environment from a physical operating system.
  • Do not connect with anyone you don't know on social media. Random connection requests are often used for scraping and data mining for social engineering attacks.
  • Before submitting any information to a website or service, ask yourself two questions: Have I heard of this organization? Do I trust them?
  • Enable two-factor authentication on every service and consider not signing up for those that hold sensitive data, but do not support two-factor authentication.

SEE: Information security policy (Tech Pro Research)

Mathew Rose, Global Director Application Security Strategy, Checkmarx

Hacks and breaches these days are rarely black and white. Hackers take time to collect specific personally identifiable information (PII) on people and use that data to either execute phishing attacks on your friends, co-workers, or family members—or possibly even gather enough PII data to open accounts in your name. Below are Mathew Rose, Global Director Application Security Strategy, Checkmarx, tips for how to avoid such attacks.

  • Don't enable hackers to phish your network or steal your identity.
  • Do not share any of your PII data on publicly available social media platforms or in interactions with companies unless it's truly necessary. Simple PII data points such as full name, address, cell number, date of birth, and the last four digits of your social security number spread across multiple places on the web and can be collected to create an accurate profile of you. This profile may then be used in targeted phishing attacks because the information looks like it actually comes from you.
  • Do not share any form of PII data—no matter how mundane it seems—as it could be leveraged in ways you never thought of by malicious actors.

SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)

Julian Waits, GM of Cyber Security at Devo Technology

If you have the fundamentals of cyber hygiene covered, it's time to think like a CISO who understands how your business works. Julian Waits, GM of Cyber Security at Devo Technology offers his advice below.

  • Don't be lulled into believing you have good SecOps if you just buy available security technologies—a security program constrained by the limitations of technology has already been compromised.
  • Technology must be deployed in the service of the business. The point of cybersecurity is to ensure business continuity.

SEE: Network security policy (Tech Pro Research)

Shirali Patel, Cybersecurity Program Manager, Dylan Owen, IT Security Manager and John Durkop, Cybersecurity Systems Engineer of Raytheon

Shirali Patel, Cybersecurity Program Manager, Dylan Owen, IT Security Manager and John Durkop, Cybersecurity Systems Engineer of Raytheon collectively share their security tips below.

  • Be wary of free public Wi-Fi-Hover over email links
  • Use passwords—they're your first line of defense
  • Use caution with connected devices
  • Keep systems updated with the latest security patches

Also see

istock-614154064phishingalert.jpg
Image: nevarpp, Getty Images/iStockphoto