Spy stealing important information from shredded documents

Offline Habits Equal Online Practices

Introduction

Are you cyber smart? This is a loaded question. Most people “think” they’re savvy when it comes to security—but they aren’t. They have dangerous offline habits that they unconsciously practice online. Let me explain.

A True Story

Recently, my wife and I were in a store buying a kitchen appliance. Our salesperson’s desk, was in the middle of the store, with potential buyers only a few feet away. Also, pinned to the wall was a BIG piece of paper with a list of logins and passwords.

Undaunted, the salesperson asked for our names, addresses, telephone numbers, and credit card information. We refused to answer and walked out.

More alarming was that the store’s management didn’t know any better.

Foolishness Is More Prevalent Than You Think

Put on the TV, radio, or open your favorite browser. News of hacks and breaches abound. You can hardly ignore it.

Want proof? Next time you walk into your doctor’s office, observe what is in plain sight on the receptionist’s desk. I’ve seen sticky notes with social security numbers, credit card information, telephone numbers, names and addresses, medical account numbers, and logins.

What do you think happens when they’re finished with these pieces of paper? They probably go into the trash. A boon to dumpster-divers everywhere!

Question: How confident are you that your information is safe once you hand it over to establishments like this?

It doesn’t surprise me that identity theft is on the rise. What surprises me is that more people haven’t been victimized!

Your Information Is Online—Even Data You’ve Completed Offline

Access to information is one of the main driving forces of business. Most businesses scan physical forms, and place them online where they can be correlated with other online databases by other companies. A skilled hacker can use one piece of information to create a complete profile on you. Cybercriminals do this for a living, and they’re good at it.

Plugging Physical data Leaks

  • Purchase and use a micro shredder. Do not buy the cheap strip shredders that cut paper into long strips that can be reconstructed. There’s even software to do this. A micro shredder cuts paper into tiny morsels that are impossible to piece together. Shred everything with information, such as name and address, financial records, unneeded company data, etc.
  • Businesses should institute and enforce a clean desk policy. Do not leave company and customer data in plain sight of others.
  • Keep all file cabinets locked.
  • Install locks in all restricted areas. Access should be by key or code that identifies who entered and when.
  • Businesses should follow an established security protocol. NIST is one—there are others. These protocols cover physical security, cybersecurity, and training.
  • Keep a keen eye on the news. If you hear of a data breach that affects you, act immediately to change passwords, place alerts on financial accounts, etc.
  • Watch what you post online. Don’t give away personal or company information on social media.
  • Be wary of giving social security numbers and other personal information to companies where it doesn’t make sense (online or offline).

Security Awareness Is The key

People are the weakest link in security—online and offline. That is why businesses should invest in a Security Awareness program for their staff. A good program will highlight bad offline and online behaviors and teach your employees how to protect themselves and, ultimately, your business. Do not discount or dismiss Security Awareness Training. It is just as crucial as any hardware and software you purchase.

Conclusion

Security is not only for the internet. I can see why many people think so because that’s all we hear today. Hackers are professionals, and they use information from all sources to harm you. Don’t let them.

Remember: others can compromise your security even if you do everything right. Act accordingly. Be safe.

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.