The Complete Guide to Not Being The Weak Link Who Got the Organization Hacked

Nine steps everyone should take.

Every week there are headlines about a company getting its email, website, Twitter accounts or something else hacked. The reason? In a word: Employees.

Each of your accounts and devices is a potential way in for a hacker. “You’re only as protected as your weakest link,” says Tom Cochran, chief technology officer at Atlantic Media (which owns Quartz and Nextgov), and former head of digital technology at the White House. ”All it takes is one person to fall for a phishing scam for your organization to fall for hackers.”

So how you do avoid being that weakest link? Cochran, along with two of Quartz’s developers, Michael Donohoe and Sam Williams, offered a list of ways for people and businesses to secure their online property. Here are  their tips, in roughly increasing order of difficulty.

1. Install “HTTPS Everywhere” on your browser

What: A simple browser extension, HTTPS Everywhere ensures that whenever you go to a website that allows encrypted browsing (such as many email, banking and other sites that store personal information), your browser will default to using the encrypted version, where the address starts with https instead of http.

Why: Encrypted websites “hash” (i.e., scramble) passwords rather than allowing them to travel through the network as clear text. This also means they don’t store your password on their servers, but only the scrambled version of it. So anyone who spies on your internet connection, or manages to hack the server you’ve logged in to, can’t get your password.

This also means you should be wary about sites that don’t use https, or that email you a password in plain text when you lose it. There’s a good list of offending sites at

2. Put a password on your home Wi-Fi

What: Many people leave their Wi-Fi network open, so anyone can use it. Go to the wireless router’s settings—you may have to look at the instructions for how to do this—and put a password on it.

Why: People accessing your network don’t just slow it down. They can “sniff” traffic and data being passed through the network including chat conversations and clear-text passwords (passwords that you type in on insecure networks). By putting a password on your Wi-Fi network, you are at least making it a little bit harder.

3. Put passwords on all your devices

What:  As Cochran writes, “Password protect as much as possible.” Put passwords or lock codes on every device you use that has internet access.

Why: While you may not store the most sensitive company documents on your phone or tablet, someone who gets hold of them can find plenty of useful information in your email. Someone who’s in your email can also pose as you to get passwords or documents out of colleagues. And if you use services like Dropbox or Google Drive to share office documents, your mobile device may give an attacker access to those too.

Read the rest of the security tips in the full story at Quartz.