We have a conference room here at RV Headquarters called “Speed Trumps Perfection.” In the world of security we call that, “Convenience Trumps Common Sense.”
TL;DR: If there’s a more convenient path that makes life easier (or gets you to what you want faster), you might think twice before taking it.
Here are 7 “harmless” behaviors you should think twice about before doing:
1. Taking online quizzes
Sure, it’s fun to know which 90s fashion trend you should bring back based on your ranking of the Fast & Furious sequels, or what kind of milkshake your personality most resembles. (We’re strawberry, obviously). But look again at the data you’re actually sharing:
What’s your favorite color? Do you have a pet? What was your university’s mascot? When did you graduate high school?
These seemingly trivial questions sound pretty similar to common account security questions, don’t they?
There’s no guarantee that a website is collecting and storing the data you give away… but there’s no guarantee that it’s not.
Be suspicious any time any website asks for information, no matter how innocent/fun it may seem.
2. Picking up free computer software
Want to add some cool effects to your Zoom meetings? Rethink that move.
While it’s fun to explore new tech (and we all love free stuff), hackers can capitalize on your curiosity by hiding viruses and malware in the files you download.
To keep your work devices safe, don’t download any software from an unfamiliar site without the approval of your company’s tech team. If you’re downloading something for personal use, be sure to vet the sites you’re using and ensure they’re trustworthy before downloading information, or sharing any of your own.
Just as you should never take candy from strangers, don’t take software from sketchy sites.
3. Using your work info for personal deliveries and online accounts.
Pro-tip: If you never use your work address for personal mail, you’ll never get personal mail to your work address. (This applies to physical AND electronic mail.)
If you live by this rule, any time you receive something unexpected at work, you’ll immediately know that there’s trickery afoot.
4. Using your work password (or a similar naming convention) for other online accounts.
Do you want to live in a world where someone who has your Instagram password… can also access your work documents and systems? No. No, you don’t.
Create a completely new password for every account you create. Tip: Tools like LastPass will do this for you.
5. Using “shared” logins to avoid typing your password.
Though it might spare you approximately 10 seconds of brain power, this action authorizes the sharing of personal data between two different platforms. Like this:
It’s like using a copy of your neighbor’s key to get into YOUR house. Sure, it’s convenient if you ever get locked out. But it’s decidedly less convenient when someone with bad intentions gets a hold of one key… and robs you both.
6. Placing ‘smart speakers’ in heavily-trafficked common spaces.
Ever wondered how Alexa can understand exactly what you’re saying, regardless of your accent or tone of voice?
Spoiler: it’s because companies that specialize in intelligent voice recognition are constantly listening, recording, and analyzing “ambient sounds” in people’s personal lives – from their homes to their cars – in order to build their natural language databases.
If a computer software company can “listen in” on your conversations, a tech-savvy hacker probably can too.
7. Leaving technology on when you’re not using it.
Taking a minute to power down your laptops, TVs, speakers, and smart devices saves energy AND reduces the field of bad actors who can attack you. Though it’s not impossible, it’s much more difficult to hack into a device that’s turned off than one that’s already on.
Plus, 3 “smart” things you should start doing right away:
1. Use a Password Manager.
Using a reputable password manager will help you create strong passwords AND store them all in one safe place, so you don’t forget them. If your company gives you access to a password manager, you can use that same tool to manage personal passwords outside of work.
2. Opt for MFA (Multi-Factor Authentication) whenever possible.
Using the combination of, “something you have” (e.g., a token or key) + “something you are” (e.g., biometrics), is a HUGE improvement over relying on just “something you know.” (Once know what you know, it’s game over.)
3. Take a moment to ask ‘why.’
When someone asks you for information, ask yourself why they need it – and what they could potentially do with it. Trust but Verify. Taking just a moment to put common sense over convenience could save you a ton of time, energy, and regret in the long run.
Wait, does something smell phishy? Check out this op-ed from an RV Security Analyst on why every company should phish its employees.