8 things to stop doing immediately

We can always take online security a little for granted but some behaviours put us at more risk than others. This isn’t an exhaustive list so if you can think of more, please add it to the comments. Another one I wanted to add but couldn’t find a picture for is failing to verify a BSB/Account Number with someone you are transferring money to. You should always verify over two different mediums before transferring e.g. sms/email/phone (especially if you are transferring a large amount of money). People have lost a lot of money by missing this simple step.

1. Give away personally identifiable information about children’s whereabouts, likes/dislikes and birthdays.

firstdayatschool

2. Plastering family/bumper stickers all over your car. You might as well wear a “come rob me” sign.

Car-Photo-with-Stickers-Cropped

3. Using Windows XP and/or Internet Explorer 6. No anti-virus/spyware protection

winxp

4. Checking emails/banking accounts/social media accounts over “Free Public Wifi”. Ok so if this is a little hard to avoid, at the very least be aware of the risks, avoid doing banking over this channel and change your passwords frequently. Also, set different passwords for your accounts…

FREE WIFI

5. Logging in/entering your password details from email links. This can be a phishing attack to steal log in credentials. Instead, always log in via the official website.

PHISHING

6. Going to the official site and entering login/password details in without checking the URL/certificate details. Instead, look for a green bar.

notcheckingcertificate

7. Doing stupid things in public like Karen Bailey’s epic racist rant against Chinese people. You will be publicly disgraced and even arrested.

Do: Stand up to racists (non-violently). The guy in the background became a national hero after hitting back with “You’re scum”

caughtracist

8. Posting stupid things online that you can never take back. Justine learnt the hard way after losing her job after this tweet. The tweet spread like wildfire and a campaign for her immediate dismissal had taken off during her return flight. By the time she landed, she had already lost her job.

BADTWEET

Advertisements

3 PR disasters caused by innocent mistakes

badhillary31

What the Hillary Clinton email scandal proves is that you don’t even need a proven data leak to brew a public relations storm. The media will punish you nevertheless. It was recently discovered that Hillary Clinton ran a private email server from home for all emails, including work related ones. This makes it easy for eavesdroppers to obtain state secrets. (Which they can do without her knowing) Given that she is Secretary of State and in regular contact with the President, this is bad news for US national security. How bad? The backlash is severe and may affect her chances of securing Presidency at the next election. She is not alone though. History is littered with many examples of how disastrous, even a potential data leak may be.

1. Bank of America

In 2005, the Bank of America lost unencrypted backup tapes containing the banking and credit card details of 1.2 million federal employees (including senators). This was embarrassing. Technology executives were forced to issue public statements about the loss and regulators made fresh inquiries into whether new regulations were needed. 

2. NARA

In 2009, the National Archive and Records Administration lost two unencrypted hard drives. One contained the names and social security numbers of 76 million US military veterans. The other contained the private information and social security numbers of 250000 White House employees (including the daughter of Al Gore). They were thrashed by the media and had to compensate the victims. A $50,000 bounty was also offered for the missing hard drives. Not sure if that offer still stands. 

3. Emory Healthcare

In 2012, Emory healthcare misplaced 10 unencrypted backup discs containing 315,000 patient file records and social security numbers. These were misplaced or stolen after being placed in an unlocked cabinet. They were never found. The CEO of the company had to publicly apologise for the data breach. 

This may seem extreme but this is more commonplace than you would think, even in companies with solid IT Security controls. Voltage security found that 85% employees bypass security controls to get access to more data and 46% companies have breached security controls to avoid the possibility of a sales loss. The worst offenders are senior managers. Stroz Friedberg found that senior executives are the guiltiest culprits when it comes to sending work emails to their personal email and taking intellectual property with them when they leave the job.

To defend against this, classify information, encrypt your data and increase security awareness across all levels.