Security is a frequent topic on the LSTech e-mail list, and although everyone agrees that security is important, the community has differing opinions on the level of risk faced by legal aid organizations. So, when catching up on reading over the weekend, a quote from the article "A San Francisco Technology Charity Gets a Lesson in Online Security" caught my eye:
"Especially in the last two years, the threat has gone up exponentially as hackers have gotten more sophisticated and have a greater understanding of the value of the kinds of data they can steal," says Richard Collins, who is in charge of cyber security at TechSoup. "The other main threat is that hackers are targeting smaller organizations and organizations with fewer resources now because many of the bigger ones have already made their systems more secure."
A simple analogy? Your house gets hit by thieves, not because you have the best stuff, but because you forgot to lock the door and it was easy to get in.
But fixing this problem doesn't have to be expensive. The article above even gives you the first step-train your staff. Three areas to cover:
Use secure passwords.
Not every password needs to be a long string of gibberish that only a savant could remember, but every password should contain a combination of at least 7 letters, numbers, or symbols.
Resources on creating secure passwords:
- How Strong Are Your Passwords? - Technola
- Passwords Are Broken. Now What? - Technola
- Simple tips for better web password security - Sophos Labs
Watch what you click.
You need to watch what you click every time that you click, and if you click a malicious link and know it, say something to your tech person immediately.
Resources on identifying what not to click:
- How to handle suspicious email - Microsoft
- The Phishing Flow Chart Highlights Red Flags in Dangerous Emails - Lifehacker
- The Web's Most Dangerous Search Terms - Lifehacker
If you take a laptop home, use USB keys to transfer information, or view files over public WiFi networks, you need to be very careful not to lose your data or give someone access to your network inadvertently.
Resources on protecting your data and network:
- How to stay safe on public WiFi - TechWorld
- Laptop Security, Part Two: Protecting Information on a Stolen Laptop - TechWorld
- USB Safeguard Encrypts Portable Flash Drives, Securely Deletes Files - Lifehacker
Are you reviewing basic computer security practices with your staff? If so, what else do you review and how often? If not, what's keeping you from getting started? Tell us in the comments below. - K