Skip to main content

Why does security really matter for me and our organization

For many of us, we know that security is important but it is a lot of steps, a lot of things to remember, and two-factor authentication can feel like such a pain.  Michael Levan, the Center’s System Administrator, answers some frequently asked questions about security, and why it matters for you and for the whole organization and the clients we serve.

Security doesn’t seem that important for me personally. I don’t really have anything important in my email or computer anyway.

Once your computer is hacked, anything you do on your computer could be seen or collected by a malicious attacker. How many times have you used your computer to go on Amazon? Or Ebay? All of these logins you do daily have information about you: your last name, address, credit card number, bank card number, security questions, or even your social security number.

Also, you are putting everyone in the organization potentially at risk – and their private information.
The attacker receives credentials for an employee’s account. Once this attacker is on the employee’s profile within our network, they have access to everything including emails, network drives, and search history. At this point, an attacker could inject a piece of malware into one of the many documents on our network, for example. When someone opens that document, then another, then another, that malware spreads across the network – allowing the hacker access to data from anyone in the whole organization.

Another perfect scenario is email. Let’s say an attacker gets into an employee’s account that has a lot of important email addresses in it: clients, partners, funders, etc.  An attacker can easily email blast all of these people and have that email contain a piece of malware or a phishing attempt. Chances are, the email will be opened if it comes from a credible source (you!) and now all of those people’s data is at risk.

I know client data should be secure but who would seriously want to hack in and learn about the people I work with?
Malicious black-hat hackers, as they are called, don’t care about who you work with or what they do. They care about things like names, where they could be at certain times, where they could be shopping, where they could be having lunch. It’s not so much the “who” factor, it’s “what can I get out of this person”.

These days my data is all over the internet anyway!  I’ve probably been hacked a bunch of times already so what’s one more time?
One more time is the difference between your bank account being wiped. The difference between waking up with a 750 credit score one morning and a 400 the next because someone somehow got your social security number. The “it’s only one time” factor plays a big part from a human-nature perspective. There are a ton of things that could happen in that “one more time” that can turn your life upside down, or that of your colleagues or clients, in more ways than 1.


Labels:

Comments

Post a Comment

Popular posts from this blog

Listing a meeting attendee as optional vs. required

When sending an Outlook calendar invite out, you can select who is required to attend vs. who is optional to attend.   When you open a new meeting invite, first add attendees in the "To" field.  Then click on "Scheduling Assistant" in the top navigation bar. When in Scheduling Assistant, to the left of each person's name, you'll see a small icon.  This shows that the attendee is currently listed as "Required" for this meeting. When you click on this icon a drop down menu will appear.  Here you can change the status for this person to "Optional". You'll see the icon by the attendees name has now been changed. For any invite you can have a mixture of Required and Optional attendees, just change the icon for each person to the appropriate status.
Post a Comment
Read more

Creating your new branded e-mail signature!

As part of our  branding efforts, the Center wants all staff to use the same format for signing e-mails – also called an “e-mail signature.” To make sure these e-mail signatures are consistent, we have created a Signature template webpage . Use this page to create your own e-mail signature, complete with your operating program logo. which you can then easily copy and paste into any e-mail program so it automatically appears at the end of your emails.   Do not use these logos for any other purposes.  E-mail smeah@nycourts.gov to get high-quality logos. Here are detailed video instructions, as well as overview instructions, to use the template for Desktop Outlook, web Outlook, and Gmail (which includes the courtinnovation.org account). See the bottom of this post for mail app instructions on your phone.  You can also print out these instructions (Ctrl+P). Questions or issues?  E-mail CCI Tech Support for extra help! Desktop Outlook Clicking Fi...
Post a Comment
Read more

Creating online forms and spreadsheets

Two online services to collaboratively collect data, and manipulate it, are Google Forms and Airtable.  Unsecure forms such as Google and Airtable are helpful to: Collect food preferences for an upcoming event or large meeting Get additional information from people attending a training on what their goals or skill level is Collect feedback after an event Get clothing sizes for the swag you are going to order Note: These forms should never be used with clients because they are not a secure way to collect data  and  all research projects involving clients should be reviewed by the Center’s Institutional Review Board.  If you are interested in conducting research or data collection from clients, always contact  CCI_IRB@courtinnovation.org  first or the researcher assigned to your operating project.  Google Forms , which all CCI staff have access to, allow you to easily create forms to send to CCI staff, collect data, and have the dat...
Post a Comment
Read more