Practical Tips for Protecting Yourself from Data Breaches

Data breaches and ransomware attacks in recent years have forced enterprises to reevaluate the security programs and countermeasures they have implemented.

As important as it is to protect customer/sensitive information from being compromised, it is also critical to protect one’s own data. Information Security is not only the responsibility of the compliance team; every individual is a custodian of information security policy and responsible for protecting sensitive information.

Throughout history, “humans” have been considered the weakest link in the Information Security chain, and “Insider Threat” is considered to be one of the topmost challenges for CISOs across organizations. However, as individuals, there are a few small measures we can take to stay protected from data breaches:

Protect all Endpoints
Be it laptop, desktop or smartphones: all need to be protected. Ensure that you have all the latest versions of software installed and anti-virus is also installed. We often ignore this rule for smartphones, thinking it is unnecessary, but that is the most critical device to protect. A lot of financial losses at individual levels have happened because bank credentials were compromised through smartphones. Hackers can even access corporate networks using your smartphones, since most of us today check official emails on our mobile devices. Therefore, it becomes very important to patch your systems with critical updates that are released by OEMs like Microsoft, Adobe, etc. from time to time.

Protection from Phishing Attacks
When we were children, our parents used to tell us not to talk to strangers or take any gifts from them. Similarly, if you see any messages in your inbox where the sender or email address is unknown or seems fake, do not click on it, as it may result in a potential system attack. This is true for both emails and browser links or ads that promise some freeware.

Password Protection
Have you ever kept a single password for all your accounts or used your date of birth, child’s name or spouse’s name in passwords? I am sure many of us would say, “Yes.” One rule of thumb in protecting data is to ensure that your passwords are complex, non-repeatable and non-identifiable to an individual. For example, “abc123” and “password12345” are not as strong as “i5!sMyP@s4” or “t@136Jb45k.” In addition, ensure that you change the passwords of your bank accounts and email accounts from time to time. Just as you would keep money safely in a bank or jewelry in a locker, always keep your mobile password protected to prevent people from stealing and misusing sensitive information.

Use Multi-Factor Authentication
Many sites and banks these days offer an extra layer of defense through multi-factor authentication. For example, in Gmail you can now have a password and a one-time pin (OTP) for logging into the account. Similarly, when transferring funds from one bank account to another, a bank may ask for your transaction password and require an OTP that is sent to your phone or authentication using some digits of your card. Even in smartphones, you can enable a combination of PIN and fingerprint for authentication. This is called “multi-factor authentication,” or the use of more than one method for authentication. You should turn this on for your bank accounts, email accounts and smartphones to ensure that extra layer of defense.

Lock, Lock & Lock
As the name states—whether it is your phone, laptop, desktop or drawer—ensure that nothing is left unattended, and when it is, it should always be locked.

There is a proverb that says, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” In reality, we cannot cage our systems or power them off, so it is better to be more disciplined, implement some of the security measures at an individual level and prepare our defenses well to stay protected and cyber resilient.

Meetali Sharma

Meetali Sharma

Meetali is an award-winning and industry-recognized subject-matter expert in Risk Management, measuring the effectiveness of controls and maintaining and improving strategic management systems and internal control structures around information security. She also has extensive experience in managing Audit Programs & establishing Incident Management Systems. Meetali's expertise has been featured by several industry-leading influencers, including IT Next and dynamicCISO.