By Scott Matteson
Regardless of your career, when you work with technology you’re usually inundated with security risks and threats, many of which are tough to keep up with. Whether you face application or operating system vulnerabilities, insecure passwords, phishing attempts, scams, social engineering gimmicks, or more, it’s important to stay nimble and aware. This can be challenging when there is another data breach or must-patch vulnerability on a weekly basis.
Technology professionals and executives are no strangers to such challenges, but being industry insiders often gives them a leg up on the security realm.
Here is a compilation of the best security tips recommended by both hands-on tech pros and the executives who lead them. Hopefully, this advice will make your job (or consumer endeavors) easier.
Joe Diamond, Director of Security Product Marketing Management, Okta
The best security tool you can possibly have is common sense. Even the best, bleeding-edge security tech can’t save you from a sophisticated targeted attack. However, here are a few additional digital security tips to keep in mind according to Joe Diamond, Director of Security Product Marketing Management, Okta.
- Separate browsers are a great idea, but virtual machines (VMs) are even more secure because they are an isolated environment from a physical operating system.
- Do not connect with anyone you don’t know on social media. Random connection requests are often used for scraping and data mining for social engineering attacks.
- Before submitting any information to a website or service, ask yourself two questions: Have I heard of this organization? Do I trust them?
- Enable two-factor authentication on every service and consider not signing up for those that hold sensitive data, but do not support two-factor authentication.
Mathew Rose, Global Director Application Security Strategy, Checkmarx
Hacks and breaches these days are rarely black and white. Hackers take time to collect specific personally identifiable information (PII) on people and use that data to either execute phishing attacks on your friends, co-workers, or family members—or possibly even gather enough PII data to open accounts in your name. Below are Mathew Rose, Global Director Application Security Strategy, Checkmarx, tips for how to avoid such attacks.
- Don’t enable hackers to phish your network or steal your identity.
- Do not share any of your PII data on publicly available social media platforms or in interactions with companies unless it’s truly necessary. Simple PII data points such as full name, address, cell number, date of birth, and the last four digits of your social security number spread across multiple places on the web and can be collected to create an accurate profile of you. This profile may then be used in targeted phishing attacks because the information looks like it actually comes from you.
- Do not share any form of PII data—no matter how mundane it seems—as it could be leveraged in ways you never thought of by malicious actors.
Julian Waits, GM of Cyber Security at Devo Technology
If you have the fundamentals of cyber hygiene covered, it’s time to think like a CISO who understands how your business works. Julian Waits, GM of Cyber Security at Devo Technology offers his advice below.
- Don’t be lulled into believing you have good SecOps if you just buy available security technologies—a security program constrained by the limitations of technology has already been compromised.
- Technology must be deployed in the service of the business. The point of cybersecurity is to ensure business continuity.