The “insider threat” is a growing problem.
Remember that if you give someone privileges on your systems, you are giving them the keys to the crown jewels.
Plus don’t assume that simply because someone works in technology that they are not subject to human frailties.
They can be scammed out of logon credentials just the same as mere mortals, and unless your systems are configured to prevent it, those credentials could enable a hacker to walk away with data.
Make sure valuable data needs more than a simple username and password for access.
Some major data breaches have happened this way.
Rule 7: Encrypted data is only as secure as the decryption key
Encryption can be a great tool to prevent criminals getting at data if a machine is stolen.
But, as computers increase in power, decryption becomes simpler unless you have a key that is long enough.
Look for encryption that is known to be strong – for example the Advanced Encryption Standard (AES) – and has keys that are considered “long”.
Also, most encrypted devices have some means of recovering data if, as we all do, we forget our passwords, or something similar.
If you’ve ever encrypted a disk you’ll probably find you were asked to make a recovery key using a USB stick or even to print out some long sequence of letters and numbers.
If you store this recovery information with the protected device it’s hardly worth the effort of encrypting it in the first place.
Lock your recovery keys away somewhere safe and don’t carry it with you.
Rule 8: An out of date virus checker is only marginally better than none at all
Malicious software is being adapted at an increasing rate.
Hundreds of thousands of new variants appear each year in addition to completely new strains.
The set of malware that your virus checker knew about when you first installed it is out of date very quickly.
Hackers do still try to use older versions of malware but they know many of us fail to keep our systems up to date, so they tweak the malware in the hope that the virus checker will miss it.
Update your virus checker as regularly as you possibly can, and do the same for your operating system.
If you tend to turn on your machine infrequently then do your updates before you start checking those emails or visiting your banks website.
Rule 9: Absolute anonymity isn’t practical, in real life or on the web
Not everyone who wishes to browse the web anonymously is doing so for illegal reasons.
But be aware that many technologies out there that can provide anonymity need to be used correctly otherwise you can be tracked.
And remember that being tracked is becoming the norm online.
If you’re not a paying customer you are probably the product, as marketers track you to more accurately target you.
Try using a browser that has “private mode “or “do not track”. It doesn’t always work but it may lessen the degree to which you are monitored.
Rule 10: Technology is not a panacea
Don’t assume that just because your machine is using the latest versions of everything, and you have the full array of security software installed, that you are fireproof.
The weakest link in any security chain is us: humans. We fall for scams, we do silly things and we suffer from security fatigue very quickly.
Worst of all we assume it won’t happen to us – until it does.
But, keep in mind these simple rules, think about how they apply to your particular context, and if in doubt ask someone who knows.
That way you can avoid the hackers having a Merry Christmas.