Thursday, October 29, 2015

Separation is a useful strategy (in today’s always-on, ever-connected world)

Today’s guest blog comes from John Everson, Director of Information Security at DISH Network.

Separation, containerization and segmentation are all tried and true security tactics in fields such as IT and accounting, but the principles are just as critical for consumers in their everyday lives. As technology continues to blend, and more and more of our information is stored online, this separation can seem difficult to accomplish. Here are a few ways you can protect your privacy and increase your security posture.

Browsers 
Use a separate Internet browser or “private browsing” for online finances. 
  • You wouldn't believe how much information about you is made available via a web browser, especially a browser that has been customized with an add-on tool bar or plug-in. In addition, many of the sites that you visit on a regular basis are interconnected with tens, if not hundreds, of other sites that are able to track and correlate your activity using online identifiers. For a better understanding of this, check out the “disconnect.me” web site (please note that this is not an endorsement of the company or their services, but they do some cool stuff). 
  • Consider using a different Internet browser for working on online finances (banking, bill pay, credit card sites, etc.) versus the browser you use for everything else (email, social, shopping, browsing, etc.). Alternatively, you could use “private browsing” or “incognito mode” for working on finances. Either way, if you do use a separate/dedicated browser for financial activities, make sure you don’t have any add-ons or tool bars enabled for that browser since these services have direct access to your browsing information.
Credit Cards 
Use different credit cards for different types of purchases.
  • Credit cards help isolate the funds in your bank account from the merchants that are selling you goods and services. Credit cards also offer fraud protection, a grace period, and in many cases, rewards (free money if you pay off the balance every cycle). On a side note, debit cards generally don’t offer the same benefits, and I usually advise people to use credit cards versus debit cards when making any purchase.
  • Credit cards make shopping online easy and convenient. But that ease-of-use extends to anyone who has your card information (including those who steal it). Consequently, consider using a different card for different types of purchases. For example, I generally do all of my online shopping on a specific credit card. I do not use this credit card for in-person purchases, and I have another (separate) card that I use to pay utilities and regular monthly services (e.g. electricity, water, DISH, etc.). 
  • Using different credit cards for different types of purchases allows me to better track and manage my expenses. For example, an online purchase made on my in-person card would be an immediate red flag.
Online Accounts
Use personal accounts for personal use, business accounts for work.
  • As more and more applications are moving to “the cloud,” we are starting to see personal and business lines blur. Many of the web applications (e.g. Facebook and Dropbox) that were created for casual or personal use are now being used in businesses.
  • This is a reality, but businesses and employees should take caution. Using a personal account to conduct business can put the business at risk as personal accounts are controlled by individuals and not by the company. In other words, the company may not have visibility or control of these accounts, so they may not know that an account even exists, much less how the account/service is being used. Under certain situations, this could result in data loss for the company and potential legal exposure for both the company and the individual. 
  • And a word of caution: Did you know that you may be assigning ownership of information to the service provider when you upload information into their application? You would be surprised by what is in the terms of service of many web applications (e.g. Prezi).
  • At the end of the day, people should use business accounts (and services) for business and personal accounts/services for personal use. Don’t mix business with personal use and don’t register for a new web application or service without the appropriate approvals from your employer.
Credentials
Don’t use your work information (e.g. username, password, email address) when signing up for personal services.
  • This one might be the most obvious, but let’s look at a good example of “why not?” When website hackers leaked data from the Ashley Madison breach, data-crunching firm Dadaviz revealed the top ten companies who had email accounts registered with the dating site designed for married individuals. It’s perhaps a top ten list companies don’t want to be on. While data analysts suggested taking the figures with a grain of salt, as a third of all Ashley Madison accounts are fake, it’s still an example of risk to a business simply by people signing up for a personal site with a business email account.
  • It’s a good practice to only use work usernames, passwords and email addresses with employer-approved web applications, sites and services.
The items above are just a few areas that you should be aware of. There are many more out there so keep checking this blog for more tricks and treats in the future. In the meantime, be safe and think before you act.

John Everson is the Director of Information Security at DISH Network. DISH is headquartered in Englewood, Colo., and provides television, phone and broadband services in the United States. Sling TV is part of the DISH family of services.

2 comments:

  1. Greetings! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one? Thanks a lot!
    ---------------------------------------------
    Forex broker comparison

    ReplyDelete
  2. Hi! Here are instructions online for adding word verification to Blogspot (where this blog is hosted): http://smallbusiness.chron.com/adding-captcha-blogspot-29510.html

    ReplyDelete

OIT encourages open discussion, and we invite you to share your opinion on our issues. By commenting on this blog, you are agreeing to our commenting policy, outlined below.

We reserve the right not to publish comments on our blog containing any of the following elements: profanity, misinformation, spam, off-topic/irrelevant (including self promotional posts not having to do with IT or the organization), personal attacks, promotion of violence, or the promotion illegal or questionable activities.

If you repeatedly violate this policy, you will be blocked from commenting.

If you have a question regarding this blog or anything on it, please email us at oit@state.co.us.

We appreciate your cooperation and support, and look forward to connecting with you!