Seventy-nine percent of Internet users surveyed worry about a lack of online privacy as a result of having so much of their information on the Internet, according to TRUSTe/National Cyber Security Alliance U.S. Consumer Privacy Index research.
Nintex is committed to cyber security strategies that protect all data provided to us by customers, partners and people interested in our platform. One of the Ninsters responsible for that important task is Monica Bush, Nintex Senior Manager, Security and Compliance.
October is National Cyber Security Awareness Month. Led by the Department of Homeland Security and the National Cyber Security Alliance, NCSAM is an annual campaign to raise awareness about cyber security.
This month is the perfect time to take a behind-the-scenes look at Nintex’s security measures to protect customer and partner data, and to offer expert cyber security tips.
How Does Nintex Promote Cyber Security?
Risk assessments. Application security. Product security. Compliance initiatives. Privacy concerns. These are a few of the responsibilities Monica manages to ensure that Nintex is a secure and compliant company.
Data security has long been an important responsibility for the companies that collect it, Monica says. However, recent cyber security breaches covered in the mainstream media – such as the Target breach involving the personal and financial information of approximately 110 million people – have brought renewed attention to the issue.
“The protection of our customers’ information and privacy is #1,” she says. “The executives very much care that our customers have a level of assurance that we’re taking strong measures to ensure their privacy and that they’re protected.”
As companies tighten their security policies, Nintex increasingly gets more involved security protocols from companies wishing to do business with us. Whether 50 questions or 300, Monica completes the paperwork, reassuring these companies that we meet – and often exceed – their security standards for vendors.
Nintex follows stringent standards to protect data. Access to data center facilities and other physical security controls for Nintex’s cloud-based offerings are tightly regulated according to standards outlined for Microsoft Azure.
The Nintex, Nintex Connect and Drawloop® websites comply with the U.S.- E.U. Safe Harbor Framework and the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from European Union member countries and Switzerland.
Ensuring that Nintex offers tight security offers several benefits:
- Safeguards the personal data of customers and partners
- Provides competitive advantage with enterprise customers
- Enables companies to use our products in multiple departments rather than in a limited capacity
- Protects our company’s intellectual property
- Secures Nintex employees’ data
What Can You Do to Increase Your Cyber Security?
Monica makes a distinction between financial data and health information or identifying information. Credit card companies are “really good” at fraud detection and typically will shut down your credit card within two or three transactions if they appear suspicious, Monica says.
On the other hand, if someone steals a person’s health information or personal identifiable information (PII), it can take years to undo the damage. PII is any data – such as full name, date of birth, driver’s license number or telephone number – that could potentially identify a specific person.
“A person exposed in that way – unless your identity is stolen, you just don’t know,” Monica says. “When someone starts using your identity in a way that’s damaging, it can be time-consuming, it can be scary, it can be very difficult to get that back. People can take mortgages out in your name, tax returns in your name.”
But there are cyber security measures you can take to help protect yourself online, Monica says. Below are five tips for a safer and more secure online experience:
1. Don’t Share Your Name and Email Address Online
Many people don’t worry if others have their name and email address, and share this information widely online. After all, it’s not like they’re sharing their credit card number or social security number. But access to your name and email address isn’t as innocuous as it might appear.
“It’s not like the information is the end game,” Monica says. “The end game is much deeper.”
Gaining your name and email address is “so valuable,” especially when people gain your company address because of the trust you may place on email received at work. With your name and email address, scammers can research your social media accounts and learn your interests. If they learn you like dogs, for instance, they may send you an email that appears to be from animal control.
“It’s a true psychological manipulation,” she says. “They manipulate you into giving them more information until finally they get what they want. And they’ll break into your bank account and get money or sell your information. It gets really ugly. ‘Oh, they stole my name and email. I don’t care.’ Care. A lot.”
2. Use VPN Whenever Possible
A VPN – or virtual private network – enables you to send and receive data across a shared or public network as if you were directly connected to the private network. Many companies will have VPNs available to remote employees to ensure the security of company data. It essentially creates a tunnel to encrypt information going back and forth.
Free VPN services are also available if you don’t have the option of VPN via your company. If the download restrictions and slow speed of the free versions frustrate you, many will offer paid, pro versions, according to “Ten simple, common-sense security tips.”
If you must use pubic Wi-Fi, don’t do anything on your computer or device that involves transacting sensitive information, Monica says.
3. Pick a Strong Password
Make sure your passwords are at least 10 characters long, aren’t guessable and aren’t in the dictionary. Password phrases – even better memorizing one letter of each word of a phase – are safer choices than something like p@ssw0rd, Monica says.
For example, “The first house I ever lived in was 613 Fake Street. Rent was $400 per month” becomes TfhIeliw61FS.Rw$4pm, according to How to Create a Strong Password (and Remember It).
Another option is to string together six words that wouldn’t normally be combined and insert one random character – such as molassessunshinewalrusstapler!purplecake. Because these types of passwords – which can be randomly generated with Diceware – consist of words, they should be easier to memorize than a random combination of letters, numbers and symbols but tough to crack.
“Six words may be breakable by an organization with a very large budget, such as a large country’s security agency,” says Arnold Reinhold, the creator. “Seven words and longer are unbreakable with any known technology, but may be within the reach of large organizations by around 2030. Eight words should be completely secure through 2050.”
Memorizing your passwords is the most secure option but this can be challenging when security experts recommend using different passwords for different sites. In How to Master the Art of Passwords, Dennis O’Reilly discusses the pros and cons of using a password manager to track your password vs. writing them down on paper.
4. Lock it Down
At least one in three employees said they leave their computers logged on and unlocked when away from their desk, such as when they go to lunch, according to “Why You Should Always Lock Your Computer.”
Lock your phone and lock your computer, Monica says, so you’re protected in the event your device is lost, stolen or used by someone other than you. Most people aren’t data thieves but if you live or work with a would-be one, leaving your computer unlocked provides them with easy access to financials, security information and intellectual property.
“Most operating systems allow you to establish a setting that will automatically lock your desktop after the computer is inactive for a certain amount of time,” according to the article. “Take advantage of this setting to ensure your computer will lock even if you forget.”
5. Always Update
Security software is only good as the information available at the time the software was developed, according to Norton’s “Why Security Updates Are Vital.” And cyber criminals are always working on inventive new ways to access private data.
“Always, always update your software,” Monica says. “It’s very important. As soon as you see it, update. It most likely has security fixes.”
Read more about cybersecurity in our post Protecting Your Data from Cyberattacks.