{"id":1883,"date":"2020-07-22T16:37:51","date_gmt":"2020-07-22T19:37:51","guid":{"rendered":"https:\/\/microhills.com\/?p=1883"},"modified":"2020-07-22T16:37:51","modified_gmt":"2020-07-22T19:37:51","slug":"5-business-security-tips-to-protect-your-workplace","status":"publish","type":"post","link":"https:\/\/microhills.com\/index.php\/2020\/07\/22\/5-business-security-tips-to-protect-your-workplace\/","title":{"rendered":"5 Business Security Tips to Protect Your Workplace"},"content":{"rendered":"\n

5 Business Security Tips to Protect Your Workplace<\/h1>\n\n\n\n

In the digital age we find ourselves in, security is more important than ever before. Keeping customer and employee personal information, sensitive business information and assets out of the hands of would-be attackers requires cooperation from every person in a business. All it takes is one person thinking a suspicious situation is harmless to result in an attacker gaining access.<\/p>\n\n\n\n

For many, the very word \u201chacker\u201d draws to mind a mysterious figure in a hoodie sitting in a dark room and typing furiously on a keyboard. It seems to be all about password cracking and creating backdoors into systems. Either they\u2019re too good to be stopped or a good enough firewall will keep them out, right? However, while there are some brute-force ways to attack a system the reality is that most hackers operate more like con-artists and scammers; piecing together pieces of information from discarded documents and gaining the trust of unsuspecting employees.<\/p>\n\n\n\n

This approach to beating security is known as social engineering<\/em> and it is one of the most insidious weapons in an attacker\u2019s arsenal. It takes advantage of the fact that people tend to let their guard down when everything seems normal and safe. Even the most level-headed and reasonable person can be fooled by social engineering if they don\u2019t have reason to believe the behaviour is suspicious. We at DigitalJTI have compiled a list of 5 security tips that you can use to identify suspicious behaviour so you can help keep your workplace and your personal information safe from attack.<\/p>\n\n\n\n

#1 Do Not Leave Sensitive Information Where Others Can Find It<\/h2>\n\n\n\n

This one seems deceptively straight-forward, but it can take a lot of awareness and discipline to keep information from slipping into the wrong hands. Desks and garbage bins seem like they\u2019d be safe from intrusion, but they\u2019re favored places for information gathering for attackers. You should be careful to file and dispose of documents, even informal ones, properly.<\/p>\n\n\n\n

Beyond the obvious, you should pay special attention to business information such as names and personal information of employees and customers, internal phone numbers, dates and times of meetings and other internal events and anything else that\u2019s not publicly available. This sort of information can help an attacker gain access to the system or provide a lead to where they can get that access. If you\u2019re uncertain, it\u2019s better to treat the information as sensitive.<\/p>\n\n\n\n

Documents should be carefully organized and stored to prevent unwanted access. Sticky notes with reset passwords or a business card with a colleague\u2019s personal email should be carefully tucked away in a secure place if still needed or destroyed if not. If left on a cluttered desk, even for a few minutes, they can be easily viewed by someone walking by or quickly searching your desk. Sensitive documents should be filed away somewhere that can\u2019t be accessed quickly and easily by someone looking. If they must be stored on the desk surface, keep them organized and stored in a way that they can\u2019t be easily identified at a glance. The more time it would take for a would-be attacker to find something, the less likely they will be to take the risk of being caught. A clean and organized desk goes a long way towards this and allows you to quickly recognize if something sensitive goes missing so you can report it.<\/p>\n\n\n\n

Documents with sensitive information to you or the business that are no longer needed shouldn\u2019t be simply discarded in the trash. Hackers have been known to dig through garbage bins and dumpsters to find sensitive and useful information. Sensitive documents should be shredded or thoroughly torn up to ensure they cannot be read by anyone getting them. A general policy of shredding all discarded documents would be even better to ensure nothing slips through.<\/p>\n\n\n

\n
\"Shredded
Properly Disposed Documents<\/figcaption><\/figure>\n<\/div>\n\n\n

#2 Do Not Put Sensitive Information Online<\/h2>\n\n\n\n

This is another one that appears simple on the surface. Anything that gets put online can have a traceable record and can be potentially accessed by anyone from anywhere. This can be as simple as sending the password to access the online store in an email to a coworker or posting on Facebook to complain about a meeting you must attend this weekend.<\/p>\n\n\n\n

A savvy hacker can potentially breach a less-secured system or monitor wireless signals to steal data as it is transferred. You should be especially careful of anything posted publicly or used in a public place such as a coffee shop. Some hackers use devices known as packet sniffers to snatch signals such as emails through a network which they can then access if they\u2019re not properly encrypted.<\/p>\n\n\n\n

Even basic information that seems harmless can be used by attackers. Good social engineers can piece together shreds of information from multiple people. A Facebook post with a couple employee names here, a Tweet about a meeting there, and an attacker can build up the information necessary to launch their intrusion attempt. If it\u2019s information the business doesn\u2019t actively make public, it\u2019s best to avoid putting it in a public place just to be safe.<\/p>\n\n\n\n

#3 Be Wary of Unknown People Even If They Seem Like They Belong<\/h2>\n\n\n\n

Social engineers are good at pretending they belong and coming across like they know you. You likely believe that you\u2019ll immediately recognize a would-be intruder as suspicious, but it\u2019s not as straight-forward as we tend to think.<\/p>\n\n\n

\n
\"Cybersecurity
Is he a rushed coworker or a potential hacker? How could you tell?<\/figcaption><\/figure>\n<\/div>\n\n\n

Consider this: have you ever had someone come up to you who knows you by name and is friendly, but you don\u2019t remember them? Maybe they were introduced by a mutual friend or they met you at an office event. Likely you didn\u2019t want to admit you didn\u2019t remember them and chose to be friendly back. Chances are they were who they said they were, but this is exactly the kind of situation where social engineers shine. This is also where the information from tips #1 and #2 can be useful to attackers. They can make their presence in the company seem more authentic if they can show they know your name and face (which they got from a document in the dumpster) and can recount a funny story from the recent office Christmas party (which they saw you post about on Facebook). If you don\u2019t remember them and they can\u2019t prove their identity, don\u2019t trust them with access to the office or documents.<\/p>\n\n\n\n

A common trick for social engineers is to act like someone official who just needs their password reset or access to an area to do their job. They make you feel sympathetic to put you off guard; they\u2019re in a hurry, their boss is breathing down their neck, and they were so flustered they forgot their password, couldn\u2019t you just help them out? Even if they seem like they belong and you feel like you should give them a break, don\u2019t help them if you don\u2019t recognize them and can\u2019t confirm they should have access. Instead, find someone who can confirm their identity and access such as an administrator or the IT department to help them out.<\/p>\n\n\n\n

#4 Do Not Interact with Suspicious Messages<\/h2>\n\n\n\n

Another common tactic for would-be hackers is trying to get information electronically, especially via email or social media. This is known as phishing and can be as insidious as the methods mentioned in tip #3. We\u2019ve all probably seen obvious phishing attempts: poorly worded messages requesting banking info or password resets. It can be easy to conclude that phishing messages are easy to identify, but this is not always the case. Some attackers use carefully crafted emails that look nearly identical to official emails sent by a company.<\/p>\n\n\n\n

Another risk from messages is malware: dangerous software meant to harm or steal from your computer, such as viruses. A message may contain an official-looking link or attachment, such as what appears to be a Word document from your department head. Clicking on such an attachment or link can give the malware a chance to install itself on your computer where it can damage the system or even copy files and data to send back to the hacker.<\/p>\n\n\n\n

If you receive any emails or social media messages that appear official, but request sensitive or personal information, or have attachments or links, take a moment to confirm the email is from a trusted source. Look for small mistakes in any images, logos, or titles, and confirm that the sender name and email is correct. Mistakes and misspellings, especially in the sender name or address, can indicate a phishing message. If you\u2019re uncertain, contact your IT department for advice.<\/p>\n\n\n\n

#5 Beware of Suspicious Devices<\/h2>\n\n\n\n

Our last tip for today covers a couple seemingly-harmless devices hackers can use to trick people. If you find a lost USB thumb drive, do not use it. It may seem like someone forgot it on a table or dropped it on the floor. You might think you should plug it into a computer to see if you can identify who it belongs to so you can return it. However, while most thumb drives are simply a storage device for files, a hacker can set one up to automatically access your system when plugged in, stealing the data on your computer, or creating a backdoor access for them. Then they just have to leave it somewhere where it looks like it was forgotten. If you find a thumb drive or similar device, instead ask around to see if you can find who lost it or turn it over to your IT department to deal with.<\/p>\n\n\n

\n
\"Digital
This could harm your computer<\/figcaption><\/figure>\n<\/div>\n\n\n

Another device some hackers use, sometimes called a pineapple, appears like a regular Wi-Fi router. However, it can track any data sent through it by computers that connect to it. They\u2019re often named in ways that seem sensible. If you notice a new open Wi-Fi network appears near your workplace, or the coffee shop you\u2019re taking your lunch break in has a second Wi-Fi network with the same or similar name, do not connect to it.<\/p>\n\n\n\n

Conclusion<\/h2>\n\n\n\n

Attackers have a wide range of subtle techniques for getting access to sensitive information. But they can be stopped if we all remain aware and vigilant. You should always be careful with how you manage sensitive documents and information and destroy them properly when they\u2019re no longer needed. You should be careful of people and messages who can\u2019t be identified, even if they seem legitimate. You should be careful of unfamiliar digital devices even if they appear innocuous. Security starts with the individuals and so long as we\u2019re all alert and careful we can keep our businesses safe.<\/p>\n","protected":false},"excerpt":{"rendered":"

5 Business Security Tips to Protect Your Workplace In the digital age we find ourselves in, security is more important than ever before. Keeping customer and employee personal information, sensitive business information and assets out of the hands of would-be attackers requires cooperation from every person in a business. All it takes is one person thinking a suspicious situation is …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-1883","post","type-post","status-publish","format-standard","hentry","category-jeabs-technologies-inc-jti-blog-posts"],"_links":{"self":[{"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/posts\/1883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/comments?post=1883"}],"version-history":[{"count":0,"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/posts\/1883\/revisions"}],"wp:attachment":[{"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/media?parent=1883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/categories?post=1883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microhills.com\/index.php\/wp-json\/wp\/v2\/tags?post=1883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}