This year, March 19 ushered in spring in the Northern Hemisphere — the first time since 1896 that the season has started so early. So why not take advantage of the season’s early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically improve data security as well.
Here are seven ideas for what you can and should do to make the most of digital spring cleaning.
1. Move Old Data Offline — or Get Rid of It
Data stored on internet-connected systems is obviously far more likely to be pilfered as the result of an attack than data stored on DVDs locked in a safe. Yet many people and organizations leave data on internet-connected systems for far longer than it needs to be there. By doing so, organizations unnecessarily present hackers with all sorts of opportunities and receive few benefits in exchange.
Begin this year’s spring by reviewing your data assets. Move any sensitive information offline if it doesn’t need to be network-accessible. Keep in mind that any data not in your possession cannot be stolen from you. If you are storing information about other people or organizations and you can’t foresee any possible future use for that data, get rid of it. If you need it, move it to a secure offline facility. For instance, if you are storing credit card CVC codes — which you should not need to — get rid of them. There is no better method of ensuring data security than not having irrelevant data in the first place.
2. Back Up Your Systems
Make sure you’re backing up properly and frequently. You should back up often enough that if something were to go severely wrong, you wouldn’t be panicking about lost personal or enterprise data. If you are responsible for ensuring that others back up, make sure that they understand the importance of doing so, and deploy technology that simplifies and automates the backup process.
If you aren’t sure whether you’re backing up often enough, you probably are not. Spring cleaning is a good time to make sure you have a proper schedule in place to do so going forward.
Also, beware not to make some common dangerous mistakes as you establish your backup model. For example, be sure not to leave backup drives connected to computers after cloud backups are performed. If you do, and you haven’t fully secured the cloud, then malware that infects the main computer can infect the backups, too. Also, be careful not to back up to a media format that is likely to be incompatible with devices to which you may need to restore.
3. Clean Out Your Inboxes
You have probably promised yourself many times that you would reduce your various inboxes to zero messages each, but if you are like most of the population, you have never actually done so.
Spring cleaning is a good time to face reality — many of the emails and messages in your inboxes contain de facto “to-do” items that you will never actually do. Add the most important items to your to-do list and clean out the inboxes. You also don’t want to leave personal data hanging around in unencrypted mailboxes.
Enterprises should also encourage their employees not to utilize inboxes as to-do lists going forward. This can lead to inefficiencies and mistakes. Instead, offer employees training on how to use tools that are designed and optimized for that purpose. Also, note that cluttered inboxes can lead to employees not noticing important messages when they come in — a situation that can easily lead to security vulnerabilities.
4. Clean Up Your Social Media Profiles
Many people spend considerable time creating detailed social media profiles but fail to keep them current as time passes.
Spring cleaning is a great time to bring all of the information, images, videos and animations in your social profiles up to date. While you do so, take the time to ensure that you are not oversharing personal data. Oversharing on social media by employees can help criminals orchestrate damaging social engineering campaigns against businesses.
5. Update Your Software
While you should always be keeping current with security patches and similar updates, the reality is that many people fall behind when it comes to such tasks. Of course, outdated software often includes exploitable vulnerabilities and therefore threatens data security.
Spring cleaning is a good time to get back on track and establish a plan and schedule to prevent update lapses in the future.
6. Delete Unused Apps
Abandoned apps can introduce severe security vulnerabilities. Your social media accounts can be compromised even if you’ve enabled multifactor authentication (MFA). For example, a hacker might breach the systems of an app provider with access to one or more of your social profiles.
If you aren’t using an app, delete it from your phone or revoke its permissions on your devices and social media profiles. This is especially important on an enterprise level. Just this February, Facebook’s own accounts on Twitter and Instagram were taken over by white hat hackers through the exploitation of inadequately secured third-party apps, according to Infosecurity Magazine. Complex authentication schemes and powerful content management tools become meaningless from a security perspective if criminals can access a social media feed through a back door.
7. Do a Cybersecurity Self-Exam
When it comes to protecting your data and systems, there is simply no substitute for the practice of proper cyber hygiene. No amount of technology can protect you if you misuse it. Individuals and businesses should make sure they are doing the right things to keep themselves safe.
Have you checked that your policies and procedures are up to date? Are you encrypting all of your sensitive data? Do your employees know not to overshare on social media? Do they understand how to identify phishing emails? You can check on these issues and plenty more with a cybersecurity self-exam.
And of course, you can do much to keep your cyber systems safe in the meantime. Conducting frequent penetration tests and security audits can help you ensure that your security policies are keeping up with potential threats.
Naturally, all of these cyber hygiene exercises should be practiced year-round, but spring cleaning offers an opportunity to regroup with your organization for a pulse check on data security. This is a good time to reinstitute best practices that may have fallen by the wayside, or to modernize those that are now out of date. With spring’s early arrival, you can get a head start on a year without breaches.