Data Breaches are Inevitable

Here are a few ways to Protect Yourself from Data Breaches

Last couple of years have been the ones where data breaches and ransomware attacks forced the enterprises to relook at their security program and countermeasures that have been implemented. 

As much as protecting customer/sensitive information from being compromised is important, so is the need to protect one’s own data. Information Security is not only the responsibility of the compliance team, but, every individual is a custodian of information security policy and responsible for protecting sensitive information.

For long, “humans” have been considered as the weakest link in Information security chain and “Insider Threat” is considered to be one of the topmost challenges of CISOs across Organizations. However, as individuals, there are a few small measures that we can take to stay protected from data breaches –

1. Protect all endpoints – Be it laptop, desktop or smart phones: all need to be protected. Ensure that you have all the latest versions of software installed and anti-virus is also installed. We, generally, tend to ignore our smart phones thinking that it is not needed, but that is the most critical device that needs to be protected. A lot of financial losses at individual levels have happened in the past by compromising bank credentials through smartphones. Hackers can even have access to corporate networks using your smartphones as most of us now-a-days check official mails on smartphones. Therefore, it becomes very important to patch your systems with critical updates that are released by OEMs like Microsoft, Adobe etc from time to time.
2. Protection from phishing attacks – Remember when we were children, our parents used to tell us not to talk to strangers or take any gifts from them. Similarly, if you see any mails in your inbox where either the sender or the email address is unknown to you or seems fake, do not click on it as it may result in a potential system attack. This goes true for emails as well as browser links or ads which promise some freeware.
3. Password protection – How many times have you kept a single password for all your accounts or used your date of birth or child’s name or spouse name in passwords? I am sure many of us will have a “Yes” as a reply. One thumb rule in protecting data is to ensure that the passwords that are used are complex, non-repeatable and non-identifiable to an individual. An example would be “abc123”, “password12345” Vs “i5!sMyP@s4” or “t@136Jb45k”. In addition, ensure that you keep changing the passwords of your bank accounts, email accounts from time to time.  Just as you would keep money safely in a bank or jewellery in a locker, always keep your mobile password protected to avoid people from stealing sensitive information and its misuse.
4. Use multi-factor authentication – Many sites and banks these days offer you extra layer of defense through multi-factor authentication. For eg, in Gmail, you can now have a password as well as an OTP for logging into the account. Similarly, while making funds transfer from one bank to another bank account, it may ask you for your Transaction password along with an OTP that is sent to your phone or authenticate using some digits of your card. Even in smartphones, you can enable a combination of PIN as well as fingerprint for authentication. This is called “multi-factor authentication” or the use of more than one method for authentication. You should turn this on for your bank accounts, email accounts and smartphones to ensure that extra layer of defense.
5. Lock, lock & lock – As the name states, whether it is your phone, laptop, desktop or drawer – ensure that is not left unattended and when it is, it should always be locked.

There is a proverb which says, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards”. In reality, we cannot cage our systems or power them off, so, it is better that we be a bit more disciplined, implement some of the security measures at an individual level and prepare our defenses well to stay protected and cyber resilient.

Meetali Sharma, Head – Risk, Compliance & Information Security, SDG Software