We hope that you didn't forget about National Cybersecurity Awareness Month! We wanted to discuss some elements of cybersecurity that you may not be familiar with. Cybersecurity is a lot more than just dealing with viruses and not clicking on spam emails. The true definition is "the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this." This means that anything you do to help protect against getting your data stolen can be considered cybersecurity. So let's go through some of the methods often overlooked and skipped.
Firstly, it is important to make sure that all devices on your network have adequate protection, especially the ones you don't normally think about. And if your computer is mobile, it is a good idea to make sure that device is encrypted and has a strong password on it. Encrypting devices that will be leaving work often, like company laptops, will help ensure company data isn't access when something is lost or stolen. Keep everything that is connected to the internet and your network in mind. Learn more about this in our "How secure is your network?" post.
Another important aspect of protecting your data is the physical security around your devices. Someone who should not be allowed to access your network remotely should not be able to access it physically either. This can be simply locking servers in a ventilated closet, or actually securing the rack with a locking door. When discussing the physical aspect of cybersecurity, one should pay attention to the risks that USB drives create. While being small makes them a convenient way to transfer data from one device to another, that size also makes them a liability as they are more likely to be lost or stolen. Keep in mind that it is generally bad practice to put sensitive information on a USB drive. Even if you find a drive in the parking lot and want to find out who owns it to return the drive, that could have been left in the parking lot in hopes you came along. Hackers often do just that and have drives with malicious software hidden in those USB flash drives. Once you plug it in, it could be game over.
While discussing physical devices it is also important to remember that cleaning your old devices before upgrading to new ones may save you from getting data compromised. More specifically, if you are going to get a new computer or phone, be sure to remove any data before you dispose of it. If you would not want someone else to see data from the device, make sure it is gone. Performing a factory reset is a good way of cleaning most of the data off a device in one swoop (not all data though since SIM or MicroSD cards and similar devices would still need cleaning)
One last thing to remember is that just because you “deleted” something does not mean it is truly gone. When a file is deleted, what really happens is its location in storage is marked as open space for new data to be saved in. So, until the deleted data is overwritten by new data it can be recovered. There are two ways to get around this; one is software you can use which overwrite the deleted data with random filler data that truly overwrites the data, or you can encrypt the data before you delete it then get rid of the decryption key. This essentially ensures no one will ever be able to read the data again. A good rule of thumb though is to wipe your drives with a number of passes (rewrites of the entire drive) so that even deleted files cannot be recovered.
Cybersecurity is not just about avoiding phishing emails and keeping your passwords safe. Updating your computer and the software it runs, encrypting data, and even ensuring your have good physical security of your devices/network all play important roles in what is usually thought of as a digital-only realm.
Cybersecurity can be scary, but we hope we can calm for of those fears!
Lighthouse IT Solutions hosted a webinar (October 31st 2019) in which we went over the many things you should be aware of in order to help keep you safe in this digital world.