Happy Secure 2014

AppRiver's senior security analyst, Troy Gill, offers his top 10 list of security resolutions everyone should be making to stay stafe and out of a criminal's clutches next year:

  • Monday, 6th January 2014 Posted 10 years ago in by Phil Alsop

"A security breach is the digital equivalent of a wardrobe malfunction - except it can be very expensive in addition to a red face.


With hackers and data thieves working desperately to steal confidential information, whether its company data or an individual's personal information, 2014 must be the year we all take security to the next level. To that end, here's 10 New Year's resolutions that will help make you a much harder target for online criminals.


· Change your passwords frequently. Think of it like changing the oil in your car. Sure, you might get some extra mileage out of the old stuff. But is it worth the cost if you're wrong?
· Make your passwords stronger. Use upper and lower case letters, numbers and symbols. Making it hard to guess also makes it hard to remember, but you know what's harder? Explaining to your customers that their credit card data was stolen because you thought "password" would make a great password.
· Use different passwords for different accounts. Again, this might strain the memory a little, but we're pretty sure you've got some storage space left in your mental hard drive. Maybe skip the sudoku and use those brain cells to keep you safer online.
· Beware of "TMI" on social media. The world doesn't need an illustrated story about your appendectomy and you don't need to arm hackers with information that can help them socially engineer their way past your security. Before you post, ask yourself how the information might be used by a crook. For the sake of security and your friends' sanity, remember that less is more — especially when it comes to Facebook.
· Go hack yourself. Periodically test your own security. We also recommend having a professional firm conduct a security audit, but you can always take a walk around your office and see who has their latest password on a sticky note by their desk. Check around outside and see if anyone has a clear view of your computer monitors. If you're feeling really ambitious, look through your wastebaskets to get a preview of what a dumpster diver might find. (We recommend a powerful hand-sanitizer after that last one.)
· Get spam and virus protection, a web filter and endpoint security. You don't have to get those from AppRiver, just that you get them from somewhere.
· Trust no one. Okay, that's a bit of a stretch. But it does pay to have systems in place to make sure people are who they say they are. If someone shows up to fix your copier, make sure you know who called them, check their credentials and limit their access only to areas where they are working. And the bathroom.
· Have a security plan — and follow it. To paraphrase an old saying, the best time to develop an IT security plan was 10 years ago. The second best time is now. If you have a plan in place, great. Just make sure that it's being followed and updated frequently.
· Teach good practices. Your security plan should be confidential, but that doesn't mean you keep it a secret from your own staff. Incorporate security into your employee training program.
· Make it clear that security is everyone's job. You'd be surprised how seriously your employees will take security when they find out it's part of their performance evaluation. Let them know the boss is watching and that IT security is also job security."