Articles Master of Science in Information Security and Assurance

Articles

Internet Safety Tips to Prevent a Data Breach

Internet Safety Tips to Prevent a Data Breach

Experts have estimated cybercrime costs U.S. enterprises an average of $14 million annually, twice as much as the average for the rest of the world. Altogether, cybercrime impacts 1% of the global GDP (gross domestic product) in any given year. It continues to grow annually, representing the second most costly source of downtime for information-focused enterprises.

These statistics might leave people in large organizations feeling like an attack is only a matter of time. While large enterprises can be highly targeted by criminals, organizations can influence the safety and security of their data by implementing and educating employees on a number of best practices. Some of the most important Internet safety tips an organization can practice to prevent a data breach include:

  • Be Careful How Passwords Are Created and Stored

    Many organizations have very complex password policies that require elements such as a number, different letter cases, and a special character for a password to be “acceptable.” Many experts have suggested, however, that such passwords actually make a data breach more likely because they are difficult for the intended user to remember. Instead of such complex standards, enterprises can help prevent many password-based attacks by disallowing login after a number of failed attempts.
    Additionally, it is a good practice to avoid writing passwords down or saving them in the web browser. Passwords saved in the web browser can be compromised if the device – or, in some cases, email – falls prey to an intruder. Strong, memorable passwords are typically made up of multiple unusual words that can be easily remembered, and are more difficult for an automated program to “guess”.

  • Be Wary of Suspicious Emails

    Hackers use automated “scraping tools” to explore the Internet and gather email addresses they believe may be active. These emails can be public as the result of membership in a certain site, due to a business leasing or selling information about its customers, or simply because of lax privacy protections in connection with “matters of public record”. Whatever the case may be, hackers harvest and attack millions of email addresses every day, a process called phishing.

    Phishing emails can look very similar to regular emails from an organization in which the organization and employees do business. It’s important to be very attentive to things like the color, layout, design, word choice, and images in an email. Do they look authentic? If an email provides a link to input password or other private information, it is most likely either a hacking attack or unprofessional conduct, and clicking the link often gives hackers direct access to the computer.
    Organizations should encourage employees to follow-up on email messages that seem suspicious by phone or in person, or to share with the IT department for feedback.

  • Maintain Updated Antivirus and Firewall Protection

    Many organizations have policies in place to manage software and security protection for its employees. However, more and more team members at large companies are working off-site as well as using their own mobile devices to conduct business. While some corporate networks scan these devices proactively to ensure that it meets basic standards, not all enterprises do this, so, it falls to the individual to take an active role in the security of the devices.

  • Download Only from Reputable Vendor Sites

    When at work, employees might be in a situation where they are called upon to download or update software. For example, many pieces of hardware – like printers – require “driver files” to be installed so the printer can communicate with a computer. While this is unavoidable sometimes, it’s important to make sure employees are downloading directly from the official site of the hardware brand or other vendor: .exe and .zip files can often mask potent malicious software.

    Even if employees are careful to download from a reputable site, it’s still important that they pay close attention in the process. In recent years, ads have been developed that look very similar to real “download now” buttons. While these ads don’t usually lead to viruses, they do typically install unwanted software that can be hard to remove and might even cause its own security issues. When clicking to download, look closely to ensure the button is similar in style and color to the rest of the site. Last but not least, it’s important to read every step of a software installation carefully.

    While most people probably won’t wade through an End User License Agreement, there are often add-ons and extras hidden in the fine print that may compromise a computer’s security by adding unwanted files. When an employee has a choice between a “Typical” or “Standard” installation and a “Custom” installation, always select “Custom.”

    While working through the installation process, be very wary of boxes that are checked by default, and know the option to decline to install extraneous add-ons and still get the main piece of software – often by clicking a button marked “Cancel” that’s designed to make it look like it impacts the whole software package, not just the unwanted add-on.

Information Security Professionals Can Help

While it’s important for everyone to have basic knowledge about Internet security, it would be unreasonable to assume that everyone will be an expert. Most organizations employ information security professionals who focus all their efforts on reducing risk and reacting to new threats. It’s important to know how to get in touch with these professionals in an emergency – and to recognize when an ordinary security situation needs to be escalated.

Alertness Goes a Long Way in Today’s Changing Technology Landscape

The information technology world is becoming more complex as trends such as the “Internet of Things” and “Bring Your Own Device” make it harder for enterprises to create all-inclusive IT security policies. Policies, and the people that they influence, must now be flexible and adapt to new situations. By being attentive to how they use Internet-ready devices, everyone in an enterprise can play a role in mitigating the risk of a serious data breach.

Learn More
As the nation’s oldest private military college, Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.

At Norwich University, we extend a tradition of values-based education, where structured, disciplined, and rigorous studies create a challenging and rewarding experience. Online programs, such as the Master of Science in Information Security & Assurance, have made our comprehensive curriculum available to more students than ever before.

Norwich University has been designated as a Center for Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security. Through your program, you can choose from the five unique concentrations that are uniquely designed to provide an in-depth examination of policies, procedures, and overall structure of an information assurance program.

Sources

http://csrc.nist.gov/publications/nistbul/itlbul2012_09.pdf http://www.politico.com/story/2014/06/cybercrime-yearly-costs-107601

http://www.emersonnetworkpower.com/documentation/en-us/brands/liebert/infographics/documents/ponemon-infographic-cost%20of%20downtime-r11-13-final.pdf

http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.html


July 2016