Cybersecurity: tips to avoid hacking
As useful as they can be, IT tools raise compliance challenges. Whether you meet your clients in person or online, you still have a professional obligation to protect their personal information. You need to take a variety of steps to ensure confidentiality and protect against an attack.
“Most cyberattacks are the result of human error”, the most recent webinar on compliance in the digital age produced by the CSF reminded us. For those who couldn’t attend, or to jog your memory, here are the key precautions to take.
First, you must secure your IT tools
- Use strong passwords for all your devices. The longer the password, the better. It should be at least eight characters long, with a mix of letters, numbers, and special characters (like ‘$&#@’). Avoid a simple sequence of numbers and letters (‘01234’ or ‘Abcde’), which is too vulnerable to password cracking tools. A mnemonic way to remember your password: take the first letters of a sentence that makes sense to you. Example: MyC@t1s10yo which translates to “My cat is 10 years old”. Also, remember to change your passwords regularly.
- Use a wireless network that is private and accessible with a password that is not the one offered by your Internet service provider. Many people forget to take this precaution. You should also change the name of the network to reduce the risk of intrusion. An important reminder: update your router regularly to ensure that it is well protected against new attacks from cyber hackers. Is your router leased? Check with your provider to make sure the updates have been installed.
- Prevent third parties from having access to your work tools. Do you check your email on your tablet? It’s inappropriate to let your child play with the device. When you’re telecommuting, also make sure your computer screen is out of sight.
- Disable the Bluetooth connection on devices you use for work. Hackers can easily get into computers with this technology. Simply go to the settings of your devices to disable this feature. Also, use an antivirus and firewall that are up to date.
- Connect to the remote office using a VPN (Virtual Private Network), which creates secure access through encryption with your corporate network.
- Always lock your session at the end of the day or if you are going to be away for even a few minutes. If you tend to forget, you can program the automatic lock in your computer settings.
When sending documents containing personal information, use file compression/decompression software. These files can only be opened with a password. It is also possible to send them in an encrypted email that can only be read if you provide the recipient with a password. Tip: use a different channel to communicate it to the recipient, for example by text message or telephone.
Remember that applications such as Facebook Messenger or WhatsApp are inadequate for transmitting personal information from your clients. Because messages can be read by others, you are not fulfilling your obligation to maintain confidentiality. You can use these applications to confirm an appointment or notify of a delay; never to provide financial advice.
Also, be careful if you use a cloud-based service. You remain responsible for protecting the privacy of your clients’ data – even if you don’t have full control of the technology. Before choosing a service provider, make sure they have the proper procedures in place to protect information. Ask about the services they offer in the event of an outage and the time frame to assist you in the event of a problem. Furthermore, you should check with your employing firm or broker to see if they have a recommended or mandated provider. Finally, keeping your clients’ confidential documents on a flash drive is not a good idea. This storage tool is not secure. If you lose the drive, there is a risk that the information will be read by others. It is better to keep them in a private and secure cloud.
Video conferencing: precautions to take
Virtual meetings have taken off since the beginning of the pandemic and they seem to be here to stay. Here again, vigilance is required. Be sure to use a secure video conferencing platform that is approved by the company that employs you. Alternatively, make sure you download your chosen app, be it Zoom, Teams, Google Meet and others, from the official website. If you’re unsure about the provider’s domain name, it could be a hacked address. Indeed, cyber hackers have managed to imitate these applications and ensnare unsuspecting users.
The waiting room function will allow you to control access to the virtual meeting and avoid unwanted intrusions (also called zoom-bombing), which are increasingly frequent. Transmit the link of the videoconference by a secure means.
By using all these measures, you maximize the security of your interactions with your clients. And you make life difficult for malicious minds, which is a good thing.
For more information
Continuing Education - Compliance in the Digital Age