It was recently announced that Yahoo suffered a data breach of 500 million account usernames and passwords. Credentials of customers who may be using the same login on their bank, credit card, medical sites, as well as other sites that contain sensitive information not desired for public consumption, should immediately change their passwords.
As this story unfolded, some of the security professionals within Yahoo reported that, despite recommendations, security may not have been the top company priority as the company struggled to regain market share and stay viable, as senior executives believed implementing more stringent security would degrade the user experience.
This should be a reminder to us all that computer security is something we all share collectively. We need to protect our personal data as well as any sensitive data of our clients and colleagues.
You can do your part by adhering to a few computing behaviors:
- Ensure that your computer is configured to lock after a certain period of inactivity.
- Always manually lock your computer when you step away (Ctrl-Alt-Delete or <Windows key> + L on Windows and Ctrl + Shift + Eject/Power on a Mac). Do this even if you think you will be gone for a few seconds. We all get side tracked when we leave our computer and return minutes or sometimes hours later than we anticipated. Relying on your system to lock automatically should not be your primary security option. Be proactive.
- In the work environment, if you see a colleague step away without locking their system, remind them to do so. Again, protecting data and securing the IT infrastructure is everyone’s responsibility.
- Be mindful of who is around and who might be paying attention to your keystrokes as you log on to your system in public areas.
- Never enter sensitive data in a public computer. You never know who has had access or what they might have installed.
- Don’t stick found USB drives in to your computer. They could contain malware. A recent study has shown that people are too curious about what’s on found USB drives to resist the temptation.
- Don’t leave sensitive information on your screen such as client records. Get what you need and then close that record and log out of your CRM unless your position calls for real-time processing of information throughout the day.
- Alert your IT group to suspicious emails you receive or any activity that you feel is an effort to thwart security.
- If you don’t have IT support, implement the use of anti-virus and malware programs such as the ones found here.
- Don’t click on links within emails from unknown sources.
- If you do receive a suspicious email from a known source asking to transfer funds or provide them sensitive information, please understand that this is known as a “phishing” scam. It doesn’t automatically mean that someone’s account has been “hacked”. If you report that you have been hacked to any IT person, their reaction will be very different than if you report a phishing scam. Confirm with the sender whether they generated the message or not. Anyone can send an email with anyone’s name and email address in the “From:” field. This is one of the weaknesses of email.
- Use different passwords and logons for different sites. If you have difficulty remembering passwords, implement the use of a password manager such as the ones found here.