TOP 10 SECURE COMPUTING TIPS FOR YOU AND YOUR ORGANIZATION:
Arts BC Insight Team insurance expert, Jamie Saunders, shares his favourite cyber security tips that we should all be practicing, both at home and in the workplace.
1. You are a target to hackers. Don’t ever say “it won’t happen to me”. We are all at risk and the stakes are high – to your personal and financial well-being, and to your organization’s standing and reputation. Follow these tips and do your part to protect yourself and others.
2. Keep software up to date. Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices.
- Turn on Automatic Updates for your operating system.
- Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
- Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.
3. Avoid Phishing scams – beware of suspicious emails and phone calls. Phishing scams are a constant threat – using various social engineering ploys, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
- Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email.
- Be suspicious of any official-looking email message or phone call that asks for personal or financial information.
4. Practice good password management. We all have too many passwords to manage – and it’s easy to take short-cuts, like re-using the same password. One option is to use a password management program to help you to maintain strong unique passwords for all of your accounts.
Here are some general password tips to keep in mind:
- Use long passwords – 20 characters or more is recommended.
- use a strong mix of characters and never use the same password for multiple sites.
- Don’t share your passwords and don’t write them down (especially not on a post-it note attached to your monitor).
- Update your passwords periodically, at least once every 6 months.
5. Be careful what you click. Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically, and often silently, compromise your computer.
If attachments or links in email are unexpected or suspicious for any reason, don’t click on it.
6. Never leave devices unattended. The physical security of your devices is just as important as their technical security.
- If you need to leave your laptop, phone or tablet for any length of time, lock it up so no one else can use it.
- If you keep sensitive information on a flash drive or external hard drive, make sure to keep these locked as well.
- For desktop computers, shut-down the system when not in use or lock your screen.
7. Protect sensitive data. Be aware of sensitive data that you come into contact with, and any associated restrictions. In general:
- Keep sensitive data (e.g. credit card/health info) off your workstation, laptop, or mobile devices.
- Securely remove sensitive data files from your system when they are no longer needed.
- Always use encryption when storing or transmitting sensitive data.
8. Use mobile devices safely. Considering how much we rely on our mobile devices, and how susceptible they are to attack, you’ll want to make sure you are protected:
- Lock your device with a PIN or password – and never leave it unprotected in public.
- Only install apps from trusted sources.
- Keep your device’s operating system updated.
- Don’t click on links or attachments from unsolicited emails or texts.
- Avoid transmitting or storing personal information on the device.
- Most handheld devices are capable of employing data encryption – consult your device’s documentation for available options.
- Use Apple’s Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
- Backup your data.
9. Install anti-virus protection. Only install an anti-virus program from a known and trusted source. Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective.
10. Back up your data! Back up on a regular basis – if you are a victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system.
From UC Berkeley’s Best Practices & How-To Articles on Security Awareness. Content retrieved from UC Berkeley website, October 2018.
DID YOU KNOW?
Good records management has a direct link to cyber security.
The foundation of any good information security program is good information governance. But before you can secure your data, you need to know your data: what do you have, where do you keep it; why do you have it and how do you use it.
Data breaches are thefts of information, and are considered a records management problem. Organizations need to understand this and include records management as part of their long-term cybersecurity strategy.
On November 1, 2018, new regulations come into force requiring organizations to report all privacy breaches. Organizations are now required to determine if a data breach poses a risk to any individual whose information was involved and then notify the Privacy Commissioner of Canada; the individual(s) affected by the breach; as well as other organizations (such as law enforcement agencies) to help mitigate any harm to the affected individuals. The new regulations can include fines of up to $100,000 for non-compliance.
Arts BC members with Directors & Officers Liability Insurance can add in “Privacy and Security Breach” and “Social Engineering” coverage to their policy to help cover expenses in the unfortunate event of a data breach or social engineering fraud.
FIND OUT MORE by contacting Arts BC Insight Team member Jamie Saunders at email@example.com.