Now more than ever, employees need to protect their personal information from cyberattacks. From identity theft to financial fraud, hackers can use their online accounts to steal personal information and cause serious damage to reputations and careers.Read more: Protecting Yourself From Hackers at Work
There are many ways your personal information could be stolen. It could be a phishing attack, account hack, credit card fraud, or cyber stalking, and the list goes on. In the same way that leaving a loaded gun unattended could lead to an accidental shooting, failing to secure your personal information can lead to significant harm to yourself and others. That’s why it’s important to take steps to make sure your personal information is protected- even at work. You can use proper security measures to safeguard your information wherever you are.
Take as a warning: Sony Pictures. In 2014, hackers gained access to a senior executive’s email account. They used it to steal sensitive information, including confidential documents and emails. Sony Pictures’ reputation and financial losses were significant. Even their official website was down for multiple days.
Due to the hack, a major executive resigned. The company became a part of a national security investigation. The investigation revealed poor password management (one stolen Excel spreadsheet stored hundreds of logins) and embarrassingly simple passwords (think “12345”, and of course, “password”)
Interestingly, following the indictment of one of the hackers, government documents revealed that AMC theaters was attacked in a similar fashion. But unlike Sony, they escaped major damage due in part to better Phishing awareness training.
Beyond your job, identity theft from cyberattacks pose the biggest risk. If hackers steal your personal information, such as your name, address, and Social Security number – details that are often readily available on your work computer or servers – they can open new accounts, or apply for loans in your name. Your credit score could be severely damaged, which can damage your reputation and in turn make it difficult for you to find future employment. Fake or hacked social media accounts or spam email can spread false information about you. In extreme cases, you may face legal troubles, and suffer further financial losses as a result.
Basic Email Security Practices
Regardless of your company’s cybersecurity diligence, or lack thereof, be sure to take these basic security measures for all of your social media, email, and company logins:
- Never share your passwords with others. If someone is asking for your password, it’s a scam. Not even your IT department needs your login information. If you’re contacted by an outside call or text message asking for your password to view your account, hang up and call that institution through their official number or website.
- Use different passwords for different accounts. Don’t make it that easy.
- Use multi-factor authentication (MFA). Multi-Factor Authentication adds another layer of protection in addition to your username and password. This can be a mobile phone app or text message that you would use to confirm that you really are trying to log in. Most social media and email providers now offer MFA in your profile settings. MFA will send you a text message asking you to confirm your login. This prevents outsiders from logging in somewhere without your phone. Never share your MFA token or number with anyone.
- The longer a password is, the better. Length is better than complexity. Use at least 16 characters whenever possible.
- Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers often use dictionaries and common passwords when deploying automated brute-force attacks.
- Don’t use information in your password that might be discovered in your social media (kid’s or pet’s names, car model, nicknames, etc.).
It’s important to remember that the company you work for is often a larger target than you are. But that doesn’t mean that a hacker won’t exploit any information he can get his hands on. Although you may not be able to dictate your company’s cybersecurity practices, do what you can to protect yourself from attacks.