Thinking Strategically about Cyber SecurityBy Shawn Dougherty | December 22, 2014
The recent data breach at Sony Pictures has raised some important questions about how we should use e-mail and store important documents. By now, many people know that they should avoid writing anything in an e-mail that could potentially embarrass or hurt someone. They also know that they should keep electronic files in password-protected folders and that those passwords should be changed regularly.
But there are also security measures we take that potentially leave us vulnerable to hackers. For instance: Do you use passwords that are hard to guess? Or do you use "password" or "123456" or any of the other identified worst passwords? Do you use the same user name and password for multiple sites? If not, how do you remember your many user names and passwords?
According to a recent report, some employees at Sony saved lists of their passwords on their work computers. That may sound convenient, but in today’s world, it’s kind of like leaving a whole set of keys under your doormat for potential thieves.
You also need to ask yourself how sensitive are the documents you have and how should they be stored to avoid falling into the wrong hands. Does the data you have contain personally identifiable information (PII) or protected health information (PHI)? If so, does it make sense to store all that data in one folder on your server? Or should the data be separated into different folders to mitigate the risk? How sensitive are the documents you attach to your e-mails? Are there more secure ways to send documents that might be just as effective?
There’s no 100 percent fool-proof way to be cyber safe. But as the year comes to a close, it’s worth taking a look at how safe your information is and how you might take steps to make it more secure.
If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or e-mail me at firstname.lastname@example.org. You can also follow me on Twitter @doughertyshawn.