In the first part of this series, Joe Ferrara, president and CEO of Pittsburgh-based Wombat Security Technologies, offered suggestions on shielding sensitive agency information from the bad guys, including avoiding free Wi-Fi and the dangers of using file-sharing software on an agency laptop.
Ferrara speaks from experience. His firm provides interactive software-based cyber security assessment and training for employees in governments and other organizations. Employees practice concepts as they learn through the coursework. The training gives security officers the knowledge they need as well as information about their organization’s data security strengths and weaknesses. Here are some more of Ferrara’s tips on securing government data around the clock.
1. Do your research on emails that request immediate action. Google the company name and get a contact number to call and ensure you’ve received a valid request. Do not trust the contact information in e-mails because cyber criminals will include phone numbers that dial the criminal directly.
2. Don’t assume that e-mails from friends or colleagues have safe links or attachments. Cyber criminals can easily collect your colleague’s e-mail address from social networking sites or the Internet and send e-mail to you that looks like it is from a safe sender. When you receive a link or attachment from a friend or colleague, the safest approach is to call your friend and verify that they actually sent you what you received.
3. Be thoughtful about your password use. Create one separate unique strong password for each activity where you provide sensitive information, such as when purchasing online, doing online banking, registering for classes, or when you e-mail in the cloud (Gmail, Microsoft Office 365). If you use the same password across all of these activities and a cyber-criminal steals it, they will have access to all of your accounts. A strong password should not be easy to guess and, therefore, shouldn’t include your or your family’s address, birthday, anniversary, etc. It must be at least eight characters long and include capital letters, symbols and numbers.
4. Put a PIN on your smartphone. A PIN on your phone protects the information on it in case it is lost or stolen. If you lose your phone, you are unlikely to get it back anyway. If you password-protect it, then your and your agency’s sensitive data won’t be misused by anyone who has your phone.
5. Be cautious about using Bluetooth. If you aren't careful, a hacker can use Bluetooth to steal information from your phone. Bluetooth tip: Turn off "discoverable" mode on your phone and disable Bluetooth when not in use.