Penalties for data loss can be huge … fines, law suits, lost customers and negative PR. So it’s vital your users understand how to secure your data.
Get your free data security toolkit
It’s packed with great tools to help you explain how data loss occurs and give practical advice on how to keep your data secure:
- Videos on data protection and safe passwords
- Presentations on how data is lost
- Top tips for securing your data
- Example data security policy
Top tips to protect your data
Practical advice for everyone on how to keep data safe.
View online: Flash
Protecting your sensitive data video
Straight-forward guidance on how to prevent data loss.
View online: Flash
Top tips to avoid ID theft
Easy-to-follow advice on how to avoid being a victim of ID theft .
Safe passwords video
Information on the importance of safe passwords and how to make yours hard to crack.
View online: Flash
Data security threats
A presentation that explains how data is lost and stolen and the risks data leakage poses to individuals and organisations.
The business implications of data leakage
A presentation on the impact of data loss for organisations and the four pillars of effective data security.
Data security policy
An example policy to act as a guideline for organisations looking to implement or update their data security policy.
Protecting personally identifiable information white paper
A paper for IT managers on what personally identifiable information is at risk and what you can do about it.
Threatsaurus: A-Z of computer and data security threats
A practical guide to the threats to your computers and your data in simple, easy-to-understand language.
Get all the resources in the data security toolkit in one zip file.
A recent phishing scam resulting in usernames and passwords of Microsoft’s Hotmail, Google’s Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.
Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.
When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay’s PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.
In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.
BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which “appear to be old, unused or fake,” but “many–including Gmail and Hotmail addresses–are genuine.” To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.
Here’s some advice that can help you avoid becoming a phishing victim.
Change passwords regularly
Even if this particular breach hadn’t occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It’s also a good idea to avoid using the same password on multiple sites, but if you’re one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.
As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It’s safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you’re absolutely sure that you’re dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.
Look for secure sites
If you’re asked to provide sensitive information such as a credit card number, be sure that the URL begins with “https” (the “s” stands for “security”) and that there is a padlock icon, typically in the lower-right corner of the browser.
Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft’s Internet Explorer and Mozilla’s Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.
If something seems too good to be true, it’s almost invariably too good to be true. Think about what you’re about to do on any site you visit, especially if it’s a site you don’t already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.
The U.S. Department of Homeland Security’s National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.
by Larry Magid from CNET