By Rebecca Herold, CEO, Privacy Professor®
Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month.
More and more breaches are announced almost daily. It really highlights the need for not only organizations to strengthen their information security efforts and improve their controls, but it also points to the need for everyone to be more aware of when others are collecting their personal information, and knowing how that information is used and shared, as well as doing a better job as consumers of securing our personal information.
So what security improvement actions have the most bang for the buck? Here are four actions for organizations, and individuals, to take this month to significantly improve upon the security of computing devices, along with the personal information used with them.
- Get rid of apps you don’t need.
Most folks have many more apps loaded on their mobile computing devices than they are actually using. There is a tendency to download apps, and then never delete them; even if the apps are never used. A recent study revealed that most smartphone owners use only three of the many apps they’ve downloaded. A different recent study reported that over half of smartphone owners have 40 to 70 apps on their phone, but over 70 percent of them use just one to six of them a day.
I think the number loaded is actually much higher. In my experience when I’ve asked friends and others how many apps they think are loaded on their phones, and then had them check to see the actual number, the actual number was always much higher. In one case one person said she thought she had around 25 apps, but when she checked she actually had over 150. She downloaded a lot of free apps, then never used them, and then forgot about them. Those unused apps are not just sitting there in storage; a large number of them are sending data from the phone out to potentially many others, that the phone owner doesn’t even know about. For example, a health tracking app approved by the National Health Service in England was discovered to be sending clear text personal and health data to others. Each unused app on a smartphone is a potential data syphon.
TO DO FOR NCSAM: Review all the apps on smartphones and completely remove all those that are not used.
- Use effective authentication, including two-factor authentication and strong passwords.
Many websites, products and organizations now offer two-factor authentication. Which is good! Because single-factor authentication has been shown to be weak and a significant vulnerability. Unfortunately too many organizations and individuals still do not utilize two-factor authentication when it is available.
When was the last time you changed your passwords? A recent study showed that over half of passwords had not been changed in over five years. And when you choose a new password, do you choose a strong one? One that has at least eight alpha-numeric-symbol characters? Most people still choose horribly bad passwords. For example, in the Ashley Madison hack the top five most commonly used passwords were:
Another problem is that far too many businesses and individuals still are using the default passwords that came on the devices; change those now!
TO DO FOR NCSAM: Implement two-step authentication wherever possible, require strong passwords, and ALWAYS change the default passwords.
- Apply security updates to all your systems and applications.
Recently I asked a group of executives at a large client of mine if all their computing systems were kept updated with the most recent security patches. Most said they assumed so. Then I asked if their personally owned computing devices were kept updated. They all looked around at each other. Then one said, “I would assume so.” I asked, “Do you ever see any update messages on your device? Do you have the settings to automatically download updates?” Most shrugged. If you don’t know if your computer systems are getting regularly updated, then chances are they are not.
Cyber crooks look for systems that have old vulnerabilities. Plus, those vulnerabilities can allow bad things to happen as a result of mistakes and interactions with other applications and systems. You are a digital sitting duck if you don’t stay on top of security updates. Case in point: Have you updated your OpenSSL to remove the Heartbleed vulnerability? Do it now!
TO DO FOR NCSAM: Check to ensure all your personal and business computing devices are updated with the most recent versions, apply all appropriate security patches available, and set your devices to automatically install new security updates.
- Learn about the latest security threats and vulnerabilities.
People are not born with an innate sense of how to secure information. Organizations must provide effective training as well as provide ongoing awareness communications, so they know how to incorporate effective information protection practices within their daily job activities. Just consider this: one recent study found that 57 percent of privacy breaches are caused by insiders, most of whom simply made mistakes, or did things not knowing that it would put information at risk. These could have been prevented with good education.
Every individual using computing devices of all kinds also needs to know and practice security and privacy protection. At the very least subscribe to my free monthly Privacy Professor Tips to get a monthly dose of news and advice for how to best protect your devices and data.
TO DO: Give good and effective information security and privacy training to ALL your employees and send them ongoing reminders and other types of awareness communications. Get information security and privacy news regularly for your own benefit.
Bottom line for organizations of all sizes…
These four things to do for National Cyber Security Awareness Month are just the start of improving, or building, your information security and privacy program into one that is effective, comprehensive and up-to-date. And certainly every organization, of every size, in every location, in every industry, needs to have an effective, comprehensive information security and privacy program in place. And every person that uses computing devices also needs to practice strong security and know how to protect privacy. Every month should really be Cyber Security Awareness Month for all organizations as well as all individuals.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.