From messy desktops to old passwords, it’s time to make sure your digital life is up to date. Not just because it makes your job easier, either—it could help prevent organizational security risks.
You may think of digital spring cleaning as simply sorting your files—and that’s definitely part of it, including with membership data.
However, just as you might put junk mail with your personal information through a shredder, so too should you consider the security footprint left by your digital files.
Last year, the National Cyber Security Alliance teamed with the Better Business Bureau for a campaign offering tips for a digital spring cleaning. And that mindset continues into 2021. Kelvin Coleman, NCSA’s executive director, says that digital spring cleaning goes beyond making things easier to find. It’s also a way to declutter, organize, and establish best practices to help safeguard your business and protect member data.
“By ensuring all workers have a basic education on the vulnerabilities their organization faces, employees are better equipped to collectively do their part,” he says.
Some tips on digital cleanliness from Coleman and others:
Don’t ignore updates. Software is updated for a reason, and while you may not want to deal with a message from Windows or MacOS telling you to upgrade, you need to. “One of the first things users should be doing is updating their software,” he says. “Ensure that software update prompts don’t go ignored or postponed. Having the most current security software, web browsers, and operating systems are some of the easiest ways to protect data.”
Back up multiple copies of your data. Coleman recommends storing data in multiple places and in multiple formats, following what he calls the 3-2-1 rule: “Three backup copies, two different media types, one offline and in a separate location.” Beyond security concerns, you can also consider the longevity of the data. In an article for Inside Higher Ed, librarian Heather VanMouwerik recommends storing data based on its lifecycle—she uses one cloud service for older data and another for newer information.
Ditch software and hardware you aren’t using. With apps falling out of date if they aren’t being used, it’s imperative to not let unused apps sit on your computer for too long. “If you don’t use them, they don’t get updated, leaving an unsecured piece of software that a cyber criminal could potentially exploit,” he says. Old tablets, hard drives, and smartphones also pose a risk, as they’re not receiving updates to their operating systems, creating an unprotected attack surface.
Update passwords and shut down old accounts. If you aren’t reading a newsletter, unsubscribe; if you aren’t using an account, shut it down. Open, abandoned accounts are a security risk. And be sure to periodically update your passwords, making them unique and storing them with a password manager.
Think about how you mix business with pleasure. When you’re working remotely, it can be easy to slip into using the same computer for everything, rather than keeping work separate from home life. “This was a major problem at the height of the COVID crisis, especially because organizations prioritized accessibility over cybersecurity when making the transition between traditional offices and a home office/remote access environment,” Coleman says. He recommends keeping work machines on separate wireless networks for personal reasons, setting up a VPN, and not using a work laptop for personal tasks.
Remove additional clutter. Security is one aspect of a proper spring cleaning; ease of use is another. Make both easier by sorting your document folders and going through your desktop icons. How-To Geek says that if your desktop has more than 40 items on it, or your documents folder has more than 60 folders within it, you might need a cleanup. Additionally, after you tidy up, you may want to be more methodical about your file storage. The Medium blog The Startup offers an approach to maximizing efficiency.
Organizationally, set strong policies. With IT people unable to check individual machines or networks, it matters more than ever that employees are well-trained from a security standpoint. “Workers should understand how crucial the simplest of protection measures can be to deterring cyber incidents as well, e.g., multifactor authentication, file encryption, strong alphanumeric passwords, and password managers,” Coleman says. “And it’s important that businesses create a culture of education within the work environment that keeps cybersecurity top of mind as a means of reducing risk.”