A year ago, in November 2014, Sony Pictures suffered huge losses due to the leaking of personal information about employees and their families, employee e-mails, new unreleased films, and much more. Before that, in August, Apple found itself the target of hackers when provocative photos of celebrities stored on their phones emerged. That even state institutions are not safe was shown by the case of the Office of Personnel Management of the United States of America from June 2015, when four million files of employees in the state administration were leaked due to security breaches. These are the cases that made the headlines, and the number of similar incidents that have gone unreported or undetected is much higher.
With this said, one thing is sure – data is a company’s most valuable asset, and its security is a top priority, probably because it’s becoming increasingly difficult to protect. We will deal with procedures that lead to more secure data in the text below.
Data leaks aren’t just a problem for big companies and government agencies. All organizations, whether small or large, possess sensitive data whose loss could have disastrous consequences. This is why data protection should be a priority for every organization.
Spring cleaning
The first thing we recommend is to go through all your devices—computers, tablets, and smartphones—and look at the apps you don’t need or don’t use anymore.
In addition to using your device’s storage space, it may also be silently loading in the background and using other system resources. They can also – especially on a smartphone – silently follow you or monitor your behavior. In the worst-case scenario, one of those apps might actually be malware, spyware, or some other type of potentially unwanted app that’s actually causing some damage.
So if you don’t need it, uninstall it! You’ll probably be pleasantly surprised at how much cleaner and faster your device is without all those unnecessary apps piling up. If you’re using a business computer, check with YOUR IT admin before you uninstall anything, just to make sure it’s not something the business needs to have.
If you’re not sure if you need something or not, you can keep an eye on it if that makes it easier for you. Because dealing with these issues may take a lot of your time, energy, and resources, you should think about hiring different IT professionals to make the process smoother and free up more time. You can also look for a Microsoft 365 consultant and a business consultant to help you with configuration management, data recovery from possible disasters, monitoring and analytics, and security. Assessments of the things you really need can be performed by specialists, while the arbitrary and trivial things you can live without will be taken care of (such as the video game you installed or music app).
Raise employee awareness
Employees are the weakest link in the security chain. Organize regular training for employees, from directors to receptionists, and familiarize them with the rules and procedures related to the use of sensitive data.
Don’t forget your browser!
You undoubtedly want to keep your web browser installed, but you should check to see if there are browser extensions installed in your browser that you don’t need or want. For most browsers, you can find them in your browser’s settings or by typing about extensions in your browser’s address bar.
Looking for more extreme cleaning?
Every once in a while, you will “factory reset” a computer or smartphone, which basically means it goes back to the state it was in when you first took it out of the box. Then you’ll reinstall only the software and data you need. If you choose to go this route, make sure you have separate copies of all your data, files, and photos; know how to reinstall important apps, and have all the product keys you might need.
The steps to be taken are slightly different for each type of device.
Deep scan
We hope you have a good anti-malware program running on your computer. Now is a good time to get a second opinion or a deeper scan.
On Windows 10 or 11, try Microsoft Defender Offline. To check this, make sure you have saved all open files, then go to Windows Security > Virus Protection & Threats > Scan and select Microsoft Defender Offline Scan. This tool will restart your computer and run a deep scan that can sometimes detect malware that regular antimalware software cannot.
Regular updates
Now that the devices are clean and clear, let’s make sure the remaining software has all updates and security patches installed.
On Windows, this means using Windows Update to ensure you have all system updates, updates for other Microsoft products, and most device drivers. On other devices, this usually means you need to go to the system settings or app store for that device and check for updates. But don’t stop there. If you have third-party software, you should check each of those apps to make sure you have the latest versions of those apps. Don’t neglect your software. It’s not enough to just install it; you need to make sure you always have the latest version of the operating system and other software, as well as security and other patches. Otherwise, you will be easy prey for cybercriminals.
Protect the most important data
Most organizations do not know where their key data is located or who can access it. The first step in prevention is to define what data is sensitive, where it can be stored, and who can access it. Start with the most important ones, the ones that you think someone would want to steal or that someone could benefit from. Once you’ve identified the most important, move to the next level of importance, and so on.
Data classification is the simplest security measure an organization can and should take. When you define which data or documents are sensitive, mark them as “confidential,” “for internal use only,” and similar. Protect your most sensitive data with encryption and/or data loss prevention solutions (such as Symantec DLP), which allow you to create and enforce specific rules for the use of this data.
Protect laptops and mobile devices
Use passwords for laptops and mobile devices. If you store sensitive data on these devices, make sure that the data is encrypted. Passwords should be long and unique for each site where a person is registered. You should never use something like 1234. There should be some randomness, and characters other than letters and numbers should be used. Since passwords should be different and complicated, it is wise to use the so-called password manager program. In this way, it is enough to remember only the password for it.
Turn on two-factor authentication
The two-factor authentication option often appears when creating an account, and certain sites often remind you later to turn it on if you haven’t already. Most often, you are asked to enter your mobile phone number, after which you receive a message with an additional number that you enter before logging in.
Although this is the most common method, it is not the most secure, as SMS messages can also be intercepted by the Internet service provider, the police, and other government organizations.
Beware of phishing
Not all attacks are the result of malware or hackers sneaking into other people’s accounts. Sometimes people are simply tricked into giving their information to malicious actors.
Phishing is a type of online fraud where an attacker, usually through impersonation, tries to steal your username and password or infect your computer.
This type of attack can be carried out via email, SMS, or phone call. The best advice is to be careful, as there are often signs that messages are not from reliable sources—typos, links to sites that are different from what they should be, or if the email comes from a strange domain.
Don’t relax, and don’t think you’re safe forever. Hackers are constantly finding new ways to attack. Incident management is preparation for cases of unwanted intrusions and infections. Consider hiring experts to help navigate the crisis and incident and provide another outside perspective and point of view.