We do things on a daily basis without considering what their risks are.
There are many ways that you put yourself at risk every minute of every day. Whether it’s the risk of personal safety generated by where you are or the risk of personal health by careless exposure to germs and bacteria, it’s constant. But do you know how often you make yourself vulnerable by doing some very simple and perhaps seemingly harmless things when you’re on the web?
And for facility owners, did you know that 93% of your employees are engaging in risky behavior that could compromise your data or your customers’ data while using your computers? This figure comes from the recent survey by Intermedia (2015 Insider Risk Report) Of these employees, 97% of them have access to your and your customers’ sensitive data. Long-term employees represent 23% of your risk.
What are some of the behaviors that can make you, your business and your customers vulnerable to online threats? To find out answer these questions:
Do you fill out online forms?
Do you share photos on social media?
Do you use the same password for everything?
Do you use public Wi-Fi networks?
Do you accept any and every privacy policy?
Not sure why these actions are risky? Check out the brief synopses below.
Filling Out Online Forms
Basically, when you fill out a form online, you’re passing your information to a third party. It’s possible that a form is a fake and is not capturing your information for the purpose that you think. This is often referred to as phishing and legitimate sites – i.e., PayPal, eBay and Facebook – are often targets for this practice. Your information could be sold without your permission, so before passing out data like your addresses (email and physical) or phone numbers, be sure you know the site’s intentions. Often legitimate sites are targets of phishing (i.e., PayPal, eBay and Facebook.)
Also be careful about logging into third-party sites using your Facebook account. It may be easy but it isn’t safe. You could unintentionally give permission to share your Facebook data – and regret it later.
Be alert to anything that seems too good to be true or is just not quite right. I may be a scam, a phishing expedition or a hacked site. You’re better off passing on anything that makes you skeptical rather than passing your information to those with nefarious intent.
Sharing Photos on Social Media
Boy, do we all do this! If your phone is geotagging your pictures, others can pinpoint exactly where you are – and where you aren’t. This probably doesn’t matter for most of your pictures (assuming you take most of your pictures when you’re out somewhere) but if you post something from home, you could be giving away your home address to those you’d rather didn’t have it. To avoid this, just turn off geotagging on your smartphone or take the data off of any image that may be from a spot you’d rather keep private when you share it.
Using the Same Password for Everything
Yes, it’s tough to remember multitudes of passwords, but it’s safer. You should use unique passwords that are difficult for others to figure out for every service you use – especially when it comes to banking information and email. This is important because bad stuff happens: security breaches, stolen passwords. The unique passwords ensure that even if someone gets into one of your accounts, they won’t be able to get into all of your accounts with one set of credentials.
There are services available that help you create and remember good, unique passwords. It’s best to use two-step authentication with these services to make them even more secure. This type authentication requires the use of a unique code that is texted to your phone for login. So even if a hacker has your password, it’s highly unlikely that they also have your phone – and therefore won’t be able to access your account.
In addition to re-using passwords, lots of people share their passwords for many reasons. Most common are cost-savings (only purchasing single-user access), laziness (don’t take the time to set up individual user names and passwords). Some even think that not giving individual employees their own user names and passwords is better for security because they won’t have access after they leave your employment. This is a false sense of security since sharing one password is much riskier and gives you no way to track what individual users do while in the software.
Using Public Wi-Fi Networks
Almost everyone does it but that doesn’t make it safe. If you use public Wi-Fi in crowded places (like coffee shops) where we all have professional or social meetings, you can be exposing you and your computer to attacks. The risk comes when commonly named and seemly safe sounding networks (i.e., AT&T or Starbucks Wi-Fi) can be easily spoofed for the sole purpose of capturing your logins. Even legitimate networks have security that is so low, it can be easily hacked. It’s much riskier than private Wi-Fi. So when you connect to “free Wi-Fi” at a restaurant, hotel or even a hospital waiting area, you could be connecting to a fake network – even if the public network you connect to requires a password, it is still vulnerable to hacking. Using a VPN (virtual private network) is safer – using encryption to keep your data much safer than a public network.
Accepting Any and Every Privacy Policy
Automatically accepting privacy policies on websites is also a way that you can increase your risk of compromise. Doing this is pretty much a necessary evil if you want to use many online services, it can pay to read through the entire policy statement. That is the only way you’ll know exactly what you’re approving.
Check on:
- How the company treats your data.
- If you can opt out of sharing your data.
- If you can delete your data when you delete your account.
- How the company secures your data from threats.
- What the policy is for notifying you of changes to the privacy policy.
- How the company (especially social media) treats data created by a child.
- What the company’s abuse policy is.
Other risky behaviors include clicking on pop-ups, clicking on Facebook ads, opening email from unfamiliar people or emails that have questionable subject lines – even if they are from people you know.
The gist of it? If you’re online, be smart, pay attention and be careful what you share.
Sources: Entrepreneur Magazine, MIT Information Systems and Technology, eSecurity Planet