5 simple but important online security habits

Many people take security for granted – until we no longer have it. Often it takes us or someone we know suffering a breach, such as a home or auto break-in, to make us pay attention to our own security situation.

The same goes for online security. Chances are, you need to pay more attention to it.

Online break-ins are on the rise

As our use of online systems for storing personal data has grown, so has the problem of fraudulent access to that information.

Identity theft and fraud has been growing steadily in the past decades, according to reports in the U.S. and Canada. And, a 2014 cybersecurity examination program by the SEC found that 3 out of 4 advisors and firms surveyed were targets of online attacks. Most attacks were fraudulent emails, with 25% of respondents reporting losses of between $5,000 and $75,000.

Read: Not online? Computer can still get hacked

Despite relatively small financial losses, these types of attacks can have broader impacts that cannot be ignored, including loss of data, breaches of privacy and compliance infractions. Perhaps most concerning, these attacks can negatively affect your reputation.

You are the weakest link in security

Maybe you don’t feel like you understand technology well enough to implement proper security. Or maybe you get the technology, but don’t want to be inconvenienced by added security – or you feel you’re just too busy to deal with it. Perhaps, you think nobody is going to bother hacking you because you’re a small operation.

These excuses make you more vulnerable to an online security breach. It’s not complicated to develop good security habits. Would you be too busy to lock your door and activate your alarm system every time you leave your house?

And, you don’t want to tell clients your strategy is to hope the hackers don’t target you.

Read: 5 tips for safe cyber-shopping

5 simple, yet powerful security habits

1. Never send private information via public email. Public email was never designed to be secure. Messages can be intercepted and the contents viewed. You should never email files with personal information, such as health history, account numbers or SINs. Instead, use a secure messaging solution that encrypts and protects data in storage and in transit – similar to what an online banking site does. Vendors such as Echoworx and Ticoon Technology (disclosure: I consult for Ticoon) offer secure messaging solutions in Canada.

2. Always use long and strong passwords. Long passwords are virtually impossible to guess, even for supercomputers capable of high-speed processing. Problem is, humans choose short passwords that are easy to remember. One trick is to choose a password consisting of four random words strung together, like “correcthorsebatterystaple”. This is both easier for you to remember and much harder for a hacker to guess.

3. Do not store private client data on mobile devices. Mobile devices, such as notebook computers, tablets, smartphones, and USB thumb drives, are easily lost or stolen. Do not store private information about clients on these devices; instead, use a secure online site, and then put the data behind a strong password. Then, if your device goes missing, access to the server can be blocked so no personal data is exposed.

4. Avoid phishing scams through awareness and education. “Phishing” refers to the spoofing of legitimate email or server identities in order to trick people into providing private data. For instance, your clients or staff could be tricked into clicking an email link and exposing private information. Education and heightened awareness among your staff and clients is the most effective way to prevent this increasingly common hacker exploit.

Read: CRA staff duped by phony phishing emails

5. Keep all software up to date. All software has security flaws, and sometimes those flaws are fixed after initial release. So, set up auto-updates or implement a procedure to ensure that you’re always using the most current software. Anti-virus programs should also be updated regularly, as new threats are appearing all the time.

Better security practices are easy to implement and will serve your clients and your business well. So, stop making excuses – for the sake of your clients’ security and your own professionalism.