Regardless of your career, when you work with technology you're usually inundated with security risks and threats, many of which are tough to keep up with. Whether you face application or operating system vulnerabilities, insecure passwords, phishing attempts, scams, social engineering gimmicks, or more, it's important to stay nimble and aware. This can be challenging when there is another data breach or must-patch vulnerability on a weekly basis.
Technology professionals and executives are no strangers to such challenges, but being industry insiders often gives them a leg up on the security realm.
SEE: IT leader's guide to big data security (Tech Pro Research)
Here is a compilation of the best security tips recommended by both hands-on tech pros and the executives who lead them. Hopefully, this advice will make your job (or consumer endeavors) easier.
Joe Diamond, Director of Security Product Marketing Management, Okta
The best security tool you can possibly have is common sense. Even the best, bleeding-edge security tech can't save you from a sophisticated targeted attack. However, here are a few additional digital security tips to keep in mind according to Joe Diamond, Director of Security Product Marketing Management, Okta.
- Separate browsers are a great idea, but virtual machines (VMs) are even more secure because they are an isolated environment from a physical operating system.
- Do not connect with anyone you don't know on social media. Random connection requests are often used for scraping and data mining for social engineering attacks.
- Before submitting any information to a website or service, ask yourself two questions: Have I heard of this organization? Do I trust them?
- Enable two-factor authentication on every service and consider not signing up for those that hold sensitive data, but do not support two-factor authentication.
SEE: Information security policy (Tech Pro Research)
Mathew Rose, Global Director Application Security Strategy, Checkmarx
Hacks and breaches these days are rarely black and white. Hackers take time to collect specific personally identifiable information (PII) on people and use that data to either execute phishing attacks on your friends, co-workers, or family members—or possibly even gather enough PII data to open accounts in your name. Below are Mathew Rose, Global Director Application Security Strategy, Checkmarx, tips for how to avoid such attacks.
- Don't enable hackers to phish your network or steal your identity.
- Do not share any of your PII data on publicly available social media platforms or in interactions with companies unless it's truly necessary. Simple PII data points such as full name, address, cell number, date of birth, and the last four digits of your social security number spread across multiple places on the web and can be collected to create an accurate profile of you. This profile may then be used in targeted phishing attacks because the information looks like it actually comes from you.
- Do not share any form of PII data—no matter how mundane it seems—as it could be leveraged in ways you never thought of by malicious actors.
SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)
Julian Waits, GM of Cyber Security at Devo Technology
If you have the fundamentals of cyber hygiene covered, it's time to think like a CISO who understands how your business works. Julian Waits, GM of Cyber Security at Devo Technology offers his advice below.
- Don't be lulled into believing you have good SecOps if you just buy available security technologies—a security program constrained by the limitations of technology has already been compromised.
- Technology must be deployed in the service of the business. The point of cybersecurity is to ensure business continuity.
SEE: Network security policy (Tech Pro Research)
Shirali Patel, Cybersecurity Program Manager, Dylan Owen, IT Security Manager and John Durkop, Cybersecurity Systems Engineer of Raytheon
Shirali Patel, Cybersecurity Program Manager, Dylan Owen, IT Security Manager and John Durkop, Cybersecurity Systems Engineer of Raytheon collectively share their security tips below.
- Be wary of free public Wi-Fi-Hover over email links
- Use passwords—they're your first line of defense
- Use caution with connected devices
- Keep systems updated with the latest security patches
- How to manage your passwords effectively with KeePass (TechRepublic)
- Consumers prefer security over convenience for the first time ever, IBM Security report finds (TechRepublic)
- Why nearly 50% of organizations are failing at password security (TechRepublic)
- Man-in-the-disk attacks: A cheat sheet (TechRepublic)
- 7 tips for SMBs to improve data security (TechRepublic)
- Phishing attacks: Why is email still such an easy target for hackers? (ZDNet)
- Most consumers have cyber security concerns, but a fraction take action (ZDNet)
Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.