Written By: Marcus Steele<\/p>\n
It might not be the most important subject on your mind when running your business, but online privacy is becoming increasingly important as we move closer to a fully internet-connected world.<\/p>\n
Simply speaking,\u00a0privacy<\/a>\u00a0is withdrawal from company or public view.\u00a0Since at least 1890<\/a>, there has been discussion about a person\u2019s right to keep their personal matters secret. Privacy is closely related to information security, which is about protecting the confidentiality, integrity and availability of information. Privacy is more concerned with how data is collected, stored, processed and used. Guarding your online privacy can involve protecting any form of personal information such as photos, videos, drawings or documents.<\/p>\n In most cases, you cannot maintain your online privacy without keeping your information secure. This is why it\u2019s important to consider both security and privacy to keep your business\u2019s information safe.\u00a0Getting Started with the NIST Privacy Framework\u00a0describes the relationship between security and privacy in more detail, but for simplicity, this blog will only focus on the overlapping part of the relationship.<\/p>\n As we become more connected, the chances of personal information being leaked onto the internet increases. Data breaches, theft and information leaks often result from a lack of security on the user\u2019s end. According to the\u00a02020 Verizon Data Breach Report<\/a>, 22% of breaches in 2019 were due to simple human error \u2014 things like an email being sent to the wrong person or an employee accidentally revealing their login credentials. These risks need to be assessed when dealing with personal and sensitive information.<\/p>\n In the business world, you have to balance the amount of information that you release to the public with advertising what your business does. Does something you\u2019re about to send out or publish on social media reveal anything that it shouldn\u2019t about the business?<\/p>\n For example, say an intern releases a photo of himself at the entrance of your business. That seems innocuous, but if the intern\u2019s badge or your company\u2019s security system is visible, an attacker could use that information to gain unauthorized access. It\u2019s important to be aware and to carefully screen the information you release about yourself and your business.<\/p>\n Another thing to consider is the data collected about you and your employees on the internet. Tracking cookies and digital fingerprinting track your online activity. Cookies are small files with identifiable information placed on a website to track site data, record configuration files and identify users. Digital fingerprinting is a process that tracks everything from the movement of your mouse cursor to the size of your screen.<\/p>\n Cookies and fingerprinting can track your online movements and information, allowing criminals to more easily plan an attack. For example, if your customers are tracked on your company\u2019s website, an attacker could use that information to send targeted emails, called spear phishing, that appear to be from your business. The links in these emails to fake websites can trick people into entering their login credentials, which can be used to break into your network.<\/p>\n Engaging with social media also presents a risk. Employees may share information about your company that you would rather keep private. For example, employees may share photos of their surroundings at work without realizing that the photo contains business-sensitive information in the background. Information leaked online can be used in a social engineering attack, where people are tricked into giving confidential information, or a physical attack like a break in. Your security protections may be excellent, but if an employee posts a picture with a password showing in the background, your security system will have little effect.<\/p>\n Businesses that operate a social media presence or website should also be aware whether their system is tracking people through cookies or fingerprinting. Many\u00a0states have laws<\/a>\u00a0about how such information may be collected or used, and laws about when that information must be destroyed.<\/p>\n Consider what information should be shared. Before sending out images or messages, consider whether they contain sensitive information including:<\/p>\n Here are some tips on maintaining online privacy:<\/p>\n Train Employees to Think Through What They Share Online<\/em><\/strong><\/p>\n Train your employees not to reveal information that can be used against them or the company. For example, an employee might mention on social media that they have worked in a high position at a company. Later, when they post photos while on vacation, an attacker could see this as an opportunity to break in through the employee\u2019s home or work account.<\/p>\n Employees should be trained not to share information about their job unless it\u2019s cleared and approved. Any information online can be readily collected and shared by attackers. Even seemingly innocuous information when collected and aggregated can pose a risk. Information like IDs, login credentials, worksite photos, telephone numbers, supplier lists and employee schedules can be used by criminals.<\/p>\n Update Your Browsers and Programs<\/em><\/strong><\/p>\n Keep all programs, operating systems and web browsers up to date and patched to make sure they are protecting your information. Running the latest version of any program ensures that you are not vulnerable to attacks designed for the older version. Using the latest version also protects you from any old bugs or vulnerabilities an earlier version may have had. If stability is a priority, security patches keep the program current without performing a full update.<\/p>\n Use a Network-Level Website Blocker<\/em><\/strong><\/p>\n Avoid websites that use adware or malware in their advertising. A network-level website blocker prevents users from connecting to these websites. In addition, turn off autofill and autocomplete functions which are often offered by browsers and search engines. They can collect private and sensitive information, so it\u2019s especially important to turn these off on shared machines.<\/p>\n Turn Off Browser History (or Reduce Its Scope)<\/em><\/strong><\/p>\n Browser history is often used to allow faster loading of frequently visited websites and to provide personalized advertisements. However, it can be used by criminals to blackmail employees into providing sensitive business information or money in return for not releasing this information to the public. If your company\u2019s security policy requires keeping some browser history, make sure it\u2019s only retained until a certain point in time and that old information is destroyed when not needed.<\/p>\n Turn Off Tracking<\/em><\/strong><\/p>\n When given the option, turn off tracking, which informs websites and browsers that you do not want to be tracked. Some websites may not work without tracking enabled. In those cases, try incognito or private mode for browsing. When you need to use a website that requires tracking, do not use a computer that has access to sensitive information.<\/p>\n Use Advertisement Blocking Extensions<\/em><\/strong><\/p>\n In addition to being annoying, online advertising can deliver malware to your network. Blocking advertisements greatly reduces this risk. Network level ad blockers are easier to manage, but usually more expensive than relying on individuals to add these extensions to their browsers<\/p>\n Block Cross-Site Cookies<\/em><\/strong><\/p>\n Cookies are tracking bits embedded into websites to save data such as site preferences. This data can identify a user across the internet. Disabling cookies completely would make some websites unusable, so blocking only cookies that save settings across multiple websites (cross-site) cookies is a good middle ground. Cookies that aren\u2019t necessary should be blocked, so another option is using a list of sites where cookies are allowed.<\/p>\n Block Flash Player<\/em><\/strong><\/p>\n As of January 2021, Flash Player is not supported, meaning the manufacturer no longer intends to develop patches for it, including security patches. Unless your company specifically requires Flash Player for its day-to-day operations, it should be blocked from being installed on local machines or your network.<\/p>\n Block Internet Access Where It\u2019s Not Necessary<\/em><\/strong><\/p>\n If a machine does not require internet access for your business operations, then do not allow it to connect. Physically isolate that machine if necessary to prevent physical attacks. Put devices that require network access, but no internet access on a separate VLAN\/LAN. For machines that only need internet access sporadically to run updates, just connect them to the internet as needed.<\/p>\n Knowing how to mitigate risks and maintain online privacy can be overwhelming, especially for small and medium-sized manufacturers with limited resources. Experts at DVIRC<\/a> are available to help you with these and other cybersecurity issues.<\/p>\n <\/p>\nWhat Are Common Online Risks?<\/h2>\n
Tracking Cookies and Digital Fingerprinting<\/h2>\n
Social Media Risks<\/h2>\n
Guard Your Privacy<\/h2>\n
\n
DVIRC is Ready to Help You<\/h2>\n