October is National Cyber Security Awareness Month. MaaS360 plays a major role in many organization's security divisions, as smart devices have permeated the enterprise in the last decade. When talking about mobile security, the conversation is almost always framed in the context of protecting the organization and its data. This is certainly important, but how can we ask our employees to protect the company data if they can not protect their own?
For many of us in the IT field, simple data protections are the norm, but for many end users, it's still not part of their day-to-day activities. Here are 10 common items that many normal, seemingly secure people, regularly neglect. This is by no means the definitive 10, there is always more to discuss, but these are good, easy starting points you can share with your friends, coworkers, and family. Have candid discussions with your employees about data security, and remember that if they are empowered with safe practices when it comes to protecting their own data, it increases the odds exponentially that they'll be doing the same to protect yours.
1.
Set a secure passcode on your device(s). Seems pretty straightforward, and many devices now have this enforced thanks to MDM controls, but there are still a lot of people who use '0000' or don't use passcodes at all. The passcode is the gatekeeper between personal data and potential intruders. We'd all like to think we live in the kind of neighborhood where folks don't lock their doors, but the reality is not that simple.
2.
Log out of everything - Facebook, webmail, corporate data - if you are on a device that can potentially be used by someone else. Lock your computers when you walk away, even at home. Set your phone's lock screen to come up automatically after a minute or less of inactivity. We've seen that friend who hops online to say "Sorry everyone, my Facebook was hacked." No, it most likely wasn't. It was probably a combination of 1 and 2 here.
3.
Know who has your data and what they can do with it. The cloud is just other people's (or companies) computers. Makes a funny meme, but the reality is that your data in the cloud is on servers owned by someone else. Understand what that means, how it changes from company to company (data on Facebook is not the same as data in Dropbox, even if it's the exact same file), and what could potentially be taken from you by the host. There is absolutely
N O T H I N G you can copy and paste in to a status update that will protect your data.
4.
Check the sender on that email. It may seem like an official message from Apple about your iCloud password, but you don't remember attempting a login. Tap on that sender and view the full email address. If the name comes out something like horseykid35765463@totallyrealinternetcompany.org, clicking on those links could lead to disaster.
5.
Beware of social engineering. A common practice whereby a stranger (or friend, depending on the company you keep) asks seemingly benign questions in an attempt to gain access to personal data. Never hand your unlocked phone over to someone you don't know. When sharing sensitive data on a device is a must (or perceived 'must' - coworker just has to see those pics of the kids), maintain control, and keep eyes on the screen.
6.
Verify identity. Anybody calling or emailing stating they are an official of XYZ should be able to prove it beyond a shadow of a doubt. In many cases, they are required to by local, state, or federal law. If you receive a call from the IRS, a badge number doesn't do it - if they demand payment, demand official correspondence with verifiable contents.
7.
Do not download apps from unverified sources. Many of us do this mostly on our desktops/laptops, but there are increasing numbers of scams that prey upon mobile devices. "Hey, we had a problem with the Google Play store, so follow this link to get our app."<--- Anything like this should set off immediate alarms.
8.
Google yourself. Seriously. Seems silly, but take a look at what information you can find out about yourself doing simple searches - see what's out there, what data is exposed. Browse in incognito mode and view your social media pages - what you can see is what any stranger can see. If it's bad, try to wrangle it in.
9.
Research, research, research. The world wide web can be a wasteland of hotly debated content, but there are genuine facts and guides to be found amongst the tabloid headlines. If you feel you're being taken advantage of, there is a strong chance that someone else has been victimized too. Whatever situation you're in, there are resources available to you. Someone sending fake iCloud resets - call Apple. You feel like there is an errant charge on your card - call your bank. Facebook "ad" seems like a deal - research the company and the promotions, make sure the links are legitimate URLs. Unfortunately, in most cases, there is already a victim, but their misfortune is a learning opportunity. If you happen to become a victim yourself, report it, and help others learn.
10.
If it seems too good to be true - it probably is. I've yet to meet a single, trustworthy person living a life turned around by handing over their personal data to a "company" that just happened to reach them via email promotion. Don't give strangers the keys to your life.
Cybersecurity doesn't have to be spooky. In most cases the baddies aren't a ghoul or goblin, they're people ringing doorbells to see what kind of candy they can get. When they find the house with full bars, they'll tell all their friends. Safe cybersecurity practices benefit all of us.
#MaaS360