How can we stop cybercrime?
Top 10 things you need to know about Information Security

1) CIA

CIA here doesn’t refer to the Central Intelligence Agency of the United States. It refers to the essential principles of InfoSec:
Confidentiality is the ability of the system to safeguard information from unauthorised view and access.
Integrity is the ability to ensure that the information is a genuine and accurate representation.
Availability is important to guarantee that accurate information is readily accessible to authorised viewers.

2) GDPR

The EU General Data Protection Regulation came into effect since 25th May 2018. Though applicable only to EU citizens, it implicates any individual or organisation holding data about an EU national.
The main ideology is to ensure that data is not misused by large corporates for commercialisation. The consent of the user is of high importance. Individuals must be aware of how their data is being used. GDPR tries to ensure that only the required amount of information is collected and persisted.
Any deviation or breach of the user’s privacy can result in legal action against the offender and large fines to the tune of millions and sometimes even billions.

 

3) There’s always someone looking

The feeling of complacency is the first mistake made by most. There are always bad actors around trying to take advantage of this complacency. Some examples include:

  • Same password for multiple accounts
  • Carelessness while reading mail’s (Phishing)
  • Lack of awareness about privacy policies
  • Blurting out sensitive information in public or over the phone (Vishing)

With so many bad actors around, alertness is required to counter and avoid the aforementioned cases.

 

4) Don’t put all eggs in one basket

A good practice to make information secure is to store it in a distributed manner. Even if one system is compromised, all is not lost. If you have to share credentials with someone (ideally, you shouldn’t!!) it may be worthwhile to send the username through one service and password through another.

 

5) Browser hygiene

Most of us use the browser with the default settings. The websites we visit, mostly load a privacy policy at first. Do you read what it has to say or just click “Accept/Ok”? The basic consent given is “You can install a cookie, track my activities and monetise that information. There are many options on browsers to make our browsing and information more secure. One must be willing sometime to explore them and improve their browser hygiene.

 

6) Stay Updated

Not-updatable devices are a recipe for disaster. A piece of software may have a vulnerability or bug that can be exploited by attackers. It is imperative to update a device or application whenever a new version is available. Developers constantly strive to improve the security of the system while attempting to provide better features to the user. Ensure you update your device next time you see a prompt to do so!

 

7) Repetitive mistakes

The same known mistakes are committed by developers and users alike. There are known exploits to these mistakes which makes the task of an attacker easy. At times, they don’t even need to work hard to breach the information held by a user or organisation.

8) Reduce the attack surface

A good information security mechanism is to reduce the attack surface. If you were playing darts and your target was reduced to only the tiny centre circle, won’t your difficulty increase? The same ideology can be applied to information security. Revealing and showcasing only what’s necessary can go a long way in guaranteeing information security.

 

9) Backup

How often do you backup the information that you hold? If you don’t, then start now! If you do, then an important question is: is the backup you took restore-able? It is critical to hold a backup of critical information, if not all the information. In case of a wipe-out, accidental or intentional, the backup can rescue you. It is also essential to occasionally verify that the restoration work’s, because if it doesn’t, you may as well not have a backup.

 

10) Look at the roots

Information security aspects or methodologies are often looked at towards the later stages of application development. This can often lead to vulnerability in the centre of the system. Security is often looked at from the perspective of perimeter protection. What if an intruder gets inside the perimeter? Are there any mechanisms to prevent misuse apart from the perimeter? To truly ensure information security, every step or phase of a system must have a protection mechanism in place.

Share this content:
Related posts: