I partner with online-learning and training site HR Jetpack to deliver courses and webinars on Cybersecurity and Artificial Intelligence topics specifically for HR professionals. In my latest webinar I had a really engaged audience who asked some fantastic questions which are worth sharing. Read More
When it comes to our personal and professional cyber-hygiene, most of us like to think that we are safe, clean, and don’t take too many risks… and we probably know deep down that there are some things that we could be doing better.
For ourselves, we want to be vigilant to protect our credentials and private information that could be used to harm our reputation or be leveraged by identity thieves. From an organization’s perspective, those same concerns come into play with the addition of larger data-loss issues and responsibilities to meet many state and federal guidelines.
Let’s take a look at 3 major areas that you can review to be more secure online.
Whether it is your personal smartphone, your company’s website, or a computer… an outdated system is one that is at risk. Attackers are looking for any way into your data that they can find, and most often that is in the form of an exploit or bug that has been patched in the latest version of an app or operating system. If you haven’t updated yet, then your outdated device or system represents an opportunity for the attacker.
So staying current is challenging, sometimes expensive for an organization, and critical to maintaining a secure environment. Here are some best practices for staying updated:
- Be Organized: Keep track, in the form of a spreadsheet or database, of all of the pieces of technology that you and your organization use. Determine which of those can be automatically updated safely vs. those which need to be done manually. Assign those manual updates to people who can be responsible for keeping them current in a timely fashion.
- Minimalism is Good: If the point above is intimidating, then that’s probably a good thing. Most of us have too much technology in our lives. The existence of free apps and services has given rise to a ton of “bloatware”. Our phones, PC’s, and websites are running a lot of junk that we don’t need. Trim out everything that you don’t rely on because those unnecessary services could represent a security risk.
- Be Realistic: We all run into technology issues that we don’t understand. When you hit that point, seek help. There are terrific resources online if you want to learn. Otherwise, consult a professional to help.
Accounts and Passwords
Have you ever bought a new house, asked for the key and been told to “just use the same one as your last house”? Every door is meant to have a unique key, and that’s the way that you should think about passwords.
Just about every few weeks on the news there is an announcement of a major service ‘s data leak. When that happens, the attacker’s steal the database of usernames and passwords. Then those people, and anyone with access to the list, will try those same username and password combinations all over the web. So if you repeat passwords then it is only a matter of time until you get caught up in this kind of situation. Since most of us only have a few different email addresses or user-names that we can use, make sure that every single website that you use has a unique password.
That raises the absolutely valid point: “But I won’t be able to remember them all!” No, you won’t. And you shouldn’t have to. There are several apps and services that act as password vaults to store all of these passwords. LastPass, 1Password, and KeePass are just a few of the popular options. Using this sort of system, you can have a unique password for every site you use, while carrying those with you on your smartphone and having them auto-fill in your web-browser. It is fast, efficient, and far more secure than any password simple enough to be remembered easily.
The final, and critical step, to securing your accounts is to make sure to turn on 2-Factor Authentication (2FA) on any account that offers it. It is a security layer that will require an extra password, usually in the form of a code sent to or generated by your phone in order to login whenever the website or app doesn’t recognize your device. That means that if someone is trying to hack into your account from Russia or China, even if they successfully get past your password they won’t be able to get into your account unless they are also holding your phone.
Email Habits & Avoiding Phishing
Phishing attacks are emails which come from someone other than they appear, hoping to get you to click on a link or attachment that will lead to an infected site or file. These attacks are incredibly successful because people are generally not very critical of the email that they receive and are often quick to click without considering what they are clicking on first.
A common trait of phishing emails is a sense of immediacy or the sense that you as the recipient are being rushed to respond. The senders of phishing emails often try to capitalize on the recipient’s emotional state to get them to hurry, not look carefully at a misspelled URL or suspiciously named file extension before they click on it.
Here are some tips to improve your email habits to be safer and less likely to be the victim of a phishing attack:
- Look Before You Click: When you hover your mouse over a button or text link, the URL’s destination will appear in the bottom left of most browsers. If you can’t make sense of where that link is about to take you, then just don’t click on it. The most important factor is to check is the domain to make sure it is properly spelled (attackers often use domains which are close to, but not quite, the real deal.)
- Don’t Take the Bait: If a service emails you with concerns about your account, go through their website directly. You don’t need to become an expert in reading URLs if you just avoid taking them in the first place. You should always be able to go to the website, sign-in normally, and navigate through your account settings and their help menus without having to start the process in the email that was sent.
- Disable Macros in Microsoft Office: Many phishing attacks involving attachments work by leveraging an exploit of Microsoft Office’s macro function. If Office Macros are not part of your workflow, then you will be more secure if you disable that feature. Visit Microsoft’s Office Support documentation for the full instructions.
Every few months, it is a good idea to revisit these three core areas:
- App & System Updates
- Accounts & Passwords
- Email Habits
Consult with a professional to develop a process to make sure that you and your organization are always protected.
Reputation is a measure of your identity and the way that you are perceived by others. Social currency is the idea that reputation has tangible benefits… that relationships within your network or the community will lead to knowledge, access, or recognition that also has measurable value. In the 21st century economy, knowing how to leverage your social currency is critical to controlling the direction of your career or organization.
We now have the tools to put numbers to your reputation and compare you in real-time against your competitors. By running analytics on your website and social media services, you can monitor just about everything that you do online and gauge the success of any campaign.
The goal isn’t just to create a lot of numbers. You want to establish a baseline and then be able to demonstrate trends over time. If you don’t have these reference points, then you are flying blind.
The other really important factor to understand is that many of these metrics are publicly available and are not proprietary. So even if you aren’t looking at them, or paying to access them, your competitors may be able to pull up a lot of information about you or your organization. It is vital that you understand which pieces of data are publicly accessible vs. those which are private to your accounts.
Managing your brand’s reputation is more important than ever. This task requires vigilance and coordination because it has never been more challenging. The rise of technology in the workplace has been a tremendous opportunity for marketing, productivity, and other business functions; however it is a tremendous challenge to monitor and protect so many internal and external channels of communication. One misstep on social media or negative review and you can find yourself spending a lot of time and money to fix the avalanche that follows.
The biggest mistake that I see from small and medium organizations is that they often don’t have formal processes in place to monitor and review their branded pages, accounts, and other aspect’s of their online and offline presence. This results in:
- Questions unanswered on the company Twitter account
- Automated pages created for your company by Facebook or Google without your knowledge that end up in search results for customers
- Other strategic partners attempting to @mention your accounts without getting a response
Overall, at any given moment the organization can’t say with certainty what their social currency really is. That’s something that can be addressed and improved upon if the institution places value on protecting their reputation and implements that mentality across the board. Fixing this issue has to involve broad support from employees and all of your teams. There isn’t any one person or leader who can just manage the reputation. It is a cultural issue that has to be important across the organization and everyone needs to care about.
The term “influencer” gets thrown around a lot these days in reference especially to young people who become famous on Instagram or YouTube, however it is useful to think of everyone as having the ability to influence other people. Your social currency is really a measure of how able you are to do that…
- How big is your network? (How many unique people could you reach with a message across all of your accounts?)
- How big is your friends-of-friends network? (If every unique person connected to you shared your message, then how many unique people could they reach?)
In the workplace, prioritize professional networking opportunities and any chance to develop your LinkedIn profile. When working with your employer or strategic partners, look for win-win situations that enhance your profile while helping the organization.
- Write a guest-blog on a topic related to your discipline
- Contribute to a webinar
- Host a Facebook-live Q&A for the organization to answer questions from customers or clients on your area of expertise
- Make a YouTube “How-To” tutorial video for one of the company’s products
Just ask yourself: “What will make us both look good?” That’s where you start.
Artificial intelligence bias is a danger to many systems we are growing dependent upon. A tool is only as useful as the craftsman wielding it. In a more modern sense, our algorithms are only as good as the programmers who wrote the code, and the database they can pull from. Think about the data that you feed your HR Information System. If bad data goes in, then what comes out?
This is critical to consider when evaluating whether or not we can trust an Artificial Intelligence tool. Some systems are better built than others, and some aren’t worth your trust because they can’t be relied upon.
- Format: Self-paced
- Course Duration: 1 hr 3 mins
- SHRM Professional Development Credits: 1.0
- HRCI General Recertification Credits: 1.0
- Certificate of Completion (after passing quiz)
“Artificial Intelligence”. The phrase typically brings to mind popular characters from Hollywood films, however the reality is that we are already using AI in our everyday lives. Just about every smart device, app, and internet-connected service is using some form of AI to make your life or work a little bit easier or more efficient.