With the combination of November 29^th being National Computer Security Day and Thanksgiving Weekend encompassing Black Friday and Cyber Monday when many of you purchased new computers for the holidays, it’s probably a good time to go over a few security precautions you should make at work and at home to keep yourself and your data safe.

Given the usually destructive—and occasionally devastating—importance cyber-hacking has in our world today (Russian bots, anyone?), there is little doubt many people feel powerless to fight against it. Don’t give up yet, however. Cyber-security is challenging to be sure, but if you are careful at work and at home, you can reduce the risk of being hacked greatly.

Your company IT department can send out a million warnings to employees about not acting in risky fashion. However, it only takes clicking one email link about a funny cat video seemingly sent by your best friend to throw open the back door to hackers. And suddenly, your company data is in danger.

Company data security starts with you

Honestly, a well-trained, informed and careful workforce is far more valuable than the most advanced security software. According to experts, we can trace over 90 percent of security breaches back to employee negligence. That’s why upper management, HR and IT departments must ensure that your company not only have a clear and concise company data security policy, they should back it up with thorough employee training that begins on the day they are hired. It wouldn’t hurt to refresh the training every year, either.

Here are the essential points to cover with your staff on cyber-security and keeping company data safe from hackers:

1. Using USB Flash Drives

One of the most common ways thieves covertly install malware in your business network is through a common USB flash drive. The reason why it is so easy is because most of us recognize flash drives and are comfortable using them at home. Even your parents know how to use flash drives at this point.

But, do you know how thieves get their flash drives into your system? Let’s just say they have inside help.

You wouldn’t think people would pick up something in the parking lot and stick it in their virtual mouths, but that’s what they do with flash drives, apparently. One recent study showed 48-percent of respondents said they would plug a flash drive that they found in a parking lot into their work computer. That is the tech equivalent of putting something in your mouth without knowing where it came from, folks.

Furthermore, 68 percent of those surveyed said they open would open its contents without any precautionary measures, like scanning the drive with anti-virus tools.

And we wonder why IT people drink so much Mountain Dew.

OK, seriously … in addition to avoiding flash drives from unknown sources, you need to REQUIRE employees to use tools like USB Disk Security in their personal and work computers. These programs scan flash drives for viruses and malware. If it finds anything suspicious, it puts it into Quarantine immediately. Afterwards, you can decide if it is OK or not. For secure file sharing between employees, it is safer to use project management or cloud storage platforms.

2. Installing Unapproved Software

Much like the parking lot flash drive, if an employee receives an application from an unknown source, chances are good it contains bad stuff. Stuff like malicious Trojan horses, viruses, and ransomware. But even if the source appears to be credible, make sure your employee tests the download URL through a service like Norton Safe Web to ensure its legitimacy.

Remember that employees need to follow the same procedures and practices with their personal devices, especially if you have a BYOD policy. For additional security, provide a list of acceptable applications and make sure everything is updated to the latest versions.

3. Password Safety

According to experts, despite all the news stories of identity theft, hacking, and cyber-crime, far too many people still use weak passwords like “123456,” “password,” and “12345.”  (Seriously people, it’s 2018, not 1987 here!)  One study showed that more than 90 percent of organizations do not require passwords to be more than eight characters long. Even for today’s novice hacker, that is like leaving your car on a downtown street at night with the keys in the ignition, the windows open and $100 bills sticking out of the car doors. You’re practically begging someone to steal it.

Simple, off-the-shelf hacking software can crack passwords like the ones above, instantly. Passwords that are even more complex might take a day. The software uses what data security experts call “brute force”. That means it tries every conceivable combination of numbers, characters, letters and symbols until it finds your password. Using whole words that you would find in a dictionary is far less secure since the software starts looking for dictionary words first.

Creating a strong password isn’t hard

By increasing the complexity and length of your passwords, you increase their security, which exponentially increases the time it takes to hack it. No password should be less than 12 characters. Fourteen characters is better, but 16 is what you should shoot for.

A great trick to use—especially for your personal computer—is to use a phrase that has meaning to you. My mom made a killer pot roast that was my favorite as a kid, so my password for a while was, “M0mM@deaGre@tP0tRoa$t”, (Mom Made A Great Pot Roast) a 21-character alpha-numeric special character behemoth that experts say would take a hacker over 500 million years to crack. In case you’re wondering, no I never use that one these days.

Rowena Bonnette has a blog post on Avatier.com about password security that is as interesting and fun to read as it is terrifying. If you have a few minutes, do yourself a favor and check it out. If you’re like me, after reading it, you’ll be thinking your “strong” 8-digit password on your banking app might last three minutes against hacking software. OK, maybe 90 seconds. OK, OK … 10 seconds!

For corporations: Use a password management software that requires employees to change their passwords every month or two. Most of these tools work across multiple operating systems and on mobile devices to make it easier for you and your employees.

For individuals: Download your own password manager app or software that will store all your passwords. Afterwards, input every one of your passwords in it.  EVERY ONE of them. Most password manager apps will rank password strength, and some will automatically suggest better ones.

Phishing Safety

Phishing scams involve links that lead to fake websites that masquerade as legitimate sites and ask for login credentials. These links can come from an email, attachment, social media message, or ad. However, they don't just swindle Grandma anymore. They're used to get at your company data.

Tell employees to avoid clicking links, especially if they came from unverified sources. In addition, show them red flags to look for, such as misspelled domain names and poor grammar. And, if it comes from a Nigerian prince that needs help transferring $250 million to a bank account in the United States and needs your assistance—and your social security number to do it—he’ll pay you $25 million for your help, well ......

There are millions of very, very intelligent people in the world that behave in a way that makes your company data vulnerable. Which means, as a leader in your company, it is time to look objectively at your security policies, procedures and systems to ensure you are making it as difficult as possible for criminals to get hold of your data.