recommended reading

The Complete Guide to Not Being The Weak Link Who Got the Organization Hacked

Every week there are headlines about a company getting its email, website, Twitter accounts or something else hacked. The reason? In a word: Employees.

Each of your accounts and devices is a potential way in for a hacker. “You’re only as protected as your weakest link,” says Tom Cochran, chief technology officer at Atlantic Media (which owns Quartz and Nextgov), and former head of digital technology at the White House. ”All it takes is one person to fall for a phishing scam for your organization to fall for hackers.”

So how you do avoid being that weakest link? Cochran, along with two of Quartz’s developers, Michael Donohoe and Sam Williams, offered a list of ways for people and businesses to secure their online property. Here are  their tips, in roughly increasing order of difficulty.

1. Install “HTTPS Everywhere” on your browser

What: A simple browser extension, HTTPS Everywhere ensures that whenever you go to a website that allows encrypted browsing (such as many email, banking and other sites that store personal information), your browser will default to using the encrypted version, where the address starts with https instead of http.

Why: Encrypted websites “hash” (i.e., scramble) passwords rather than allowing them to travel through the network as clear text. This also means they don’t store your password on their servers, but only the scrambled version of it. So anyone who spies on your internet connection, or manages to hack the server you’ve logged in to, can’t get your password.

This also means you should be wary about sites that don’t use https, or that email you a password in plain text when you lose it. There’s a good list of offending sites at

2. Put a password on your home Wi-Fi

What: Many people leave their Wi-Fi network open, so anyone can use it. Go to the wireless router’s settings—you may have to look at the instructions for how to do this—and put a password on it.

Why: People accessing your network don’t just slow it down. They can “sniff” traffic and data being passed through the network including chat conversations and clear-text passwords (passwords that you type in on insecure networks). By putting a password on your Wi-Fi network, you are at least making it a little bit harder.

3. Put passwords on all your devices

What:  As Cochran writes, “Password protect as much as possible.” Put passwords or lock codes on every device you use that has internet access.

Why: While you may not store the most sensitive company documents on your phone or tablet, someone who gets hold of them can find plenty of useful information in your email. Someone who’s in your email can also pose as you to get passwords or documents out of colleagues. And if you use services like Dropbox or Google Drive to share office documents, your mobile device may give an attacker access to those too.

Read the rest of the security tips in the full story at Quartz.

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.