Security: You're Already An Expert
Security is important for everyone. Part of life is learning how to secure what you value. This intuition can often be challenging to translate to the digital space. Thankfully, it doesn’t have to be a paradigm shift; much of the same common-sense rules you use to protect what you love is transferable to how to protect your technology. In this article, we want to share five tools of the trade we’ve learned in the hopes of making security easier for all.
One: The Right Software For The Right Job
Software is like any other kind of tool: they’re great for what they were designed to do, but when stretched outside their intended use, liabilities spring up. We don’t assume that a car would serve equally well as a bank for our hard-earned money. There are better places and methods to secure our wealth, and we utilize them wisely. The same is true for how we use software. Online design programs such as Canva are wonderful for creating presentations, snazzy PDFs, and customer-facing marketing material. These have the appropriate level of security for the kind of information they anticipate their customers using within their software. For confidential or internal information, consider using a design software that is not connected to the internet (such as Photoshop), or utilize an online service that markets itself as a solution for use-cases such as these.
Two: Minimize Technical Debt
When deciding on a purchase, one of the considerations we often make is the cost/benefit of the additional burden this item will create. These same considerations apply to new software or technology we take on, and the insider term for this is technical debt. For example, social media hub services are great for reducing time spent posting the same content to multiple platforms, but adopting one adds one more point of entry for bad actors. Learning to ask, "is this new software worth the technical debt?" is a great first step towards cyber security.
Three: It’s All A Process
Now that you’ve settled on a software solution, how is it going to be used in your firm, what is the actual process that will unfold? This question is similar to the ones we face when hiring a business to mow our lawn: who will have access to the property, what access method will they use, etc.? These concerns translate to software as well. Consider in a single document the purpose of the software (what’s allowed on it and what is not), how the firm is prepared to take on the technical debt required for this software, and the roles and access for this software.
Four: The Human Aspect
Doors are amazing security tools. They define safe spaces, have built in locks, and are constructed from sturdy materials. Many, however, also have a thin pane of glass. Why is that? Why have a weak link in an otherwise strong construction? To see who’s outside your door.
Humans are inherently relational, but bad actors often take advantage of this in the business world by emailing or calling individuals at a firm, acting as if they’re so-and-so in IT (whom they just looked up), and requesting credentials or access to a part of the technical infrastructure. Our tendency to trust makes us vulnerable to these ploys but the fantastic news is that this same instinct can also be the solution.
Encourage your team to know each other as an antidote to this method of breach. If direct relationship is not possible, consider creating a process where email or phone conversations are confirmed in a secondary communication channel, something like: “Hi, John! Would you mind sending me a message in Slack here, just so I can confirm I’m actually talking to the real John?”
Five: Social Proof And Testimonials
This last point was originally written by Eric Rockwell and James Waryck for the American Bar Association. Their full article can be found here.
Sharing social proof, such as posting client testimonials, case studies and press releases, is one of the best ways to build trust and credibility. However, such publicly accessible information can also give hackers what they need to target your clients.
Threat actors can use the content to learn about your clients, the businesses they are in and the types of services they’re interested in. They can then sell this information to other crime syndicates or use the information as bait for phishing campaigns.
Cyber security is something you are already good at. It is a social practice as much as it is a technical skill, perhaps even more so. Common sense and trusting your gut are two of the best tools at your disposal. And, when in doubt, trust your technical professionals on staff to fill in the digital side of the equation.