Common Information Security Threats for Working Professionals
In my earlier blog of the series Common Cyber Security Threats for Novice I’ve discussed about common cyber threats which are applicable to everybody. In this blog, I’m trying to bring up other common security practices to be exercised by working professionals. This group of people are very well versed with common cyber threats but should be aware of common vulnerabilities around work place.
1. Outside the workplace
It is quite common for working professionals to extend work related tasks/artefacts to home or outside workplace for obvious reason. In such cases it is possible to lose sensitive information about your profession, employer or business to strangers or competitors. Need to be aware of this fact and exercise due care.
- Avoid taking sensitive or valuable information away from work unless it is essential and secured via encrypted laptops or USB devices.
- When away from the premises and/ or in public areas, keep all sensitive information secure to prevent loss or theft. For example, never leave such items locked in a car overnight.
- Don’t discuss about confidential information openly in public.
2. At the work place
Most of the work happens electronically now a days and even organizations promote green or paperless workplace. Still on many occasions people need to deal with paper documents. These documents can be work related or personal e.g. flight tickets, financial or utility bills etc. All these documents carry important information about yourself or work/employer and can make damage if it falls in wrong hands.
- Keep desks and work areas clear and tidy.
- All confidential/commercial documents should be kept in a secure and lockable storage facility.
- Sensitive papers in particular should be securely disposed of – such as through a shredding machine – rather than left for collection or in dustbin.
3. On Social Media
Note that online conversations with friends can be seen by countless others and saved on internet. Competitors and people with bad intention keep gathering information by various means and tricks on the internet. Even, recruiting agencies or employers collect data about prospectus employees from social media. Therefore, its usage should be practiced diligently.
- Do not submit any details into an unfamiliar website or unsolicited email/internet pop-ups.
- Take care with the amount of information and photographs shared on any online social networking sites.
- Avoid discussing work related issues on social forums
4. Cyber Insiders
Insider is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage their employer. These insiders keep looking for avenues to gain credentials & access of others, gain information about confidential information which is not accessible to them. This can be any one – your close associate, team member or even manager.
- Never share your credentials or access to anyone, even your manager or personal assistant.
- Don’t provide any clues about how you constitute your password.
- Avoid shoulder surfing.
- Avoid discussion about confidential information openly or with unrelated colleagues.
5. Mobile Phones
Almost every professional uses mobile phones/smart phones now a days and it is directly linked with work. Many organization provides mobile or smart phones to their employees or allow employees to use their smartphones to perform the work. Mobile phones are very vulnerable to leak the confidential information about self and/or work.
- Think about all the personal data stored on your phone: text messages, emails, even intimate photos of you or your significant other. People are now carrying more and more personal information on their devices, one should ensure to wipe out that data when the time comes.
- While the factory reset button seems like the logical place to start, numerous industry and security experts report that even after consumers carry out this exercise, personal information often remains. The following tips will help ensure private information is erased.
- Remove the memory and SIM cards. Both store personal data and are best kept safe in your possession or destroyed.
- Use a data removal application to ensure data really is deleted.
- Once the data is deleted, then run a factory reset.
- Measuring SOC effectiveness – An Integrated SOC
- Organizations need to get ready with Digital Forensic: Part 2
- Organizations need to get ready with Digital Forensic : Part 1
- Digital Incidents Paradigm: Beyond Conventional Cyber Crimes
- Digital India – Early Adoption of Cyber Security Framework is Necessary