HAPPY NEW YEAR! (AND WHAT HAVE YOU DONE TO INCREASE YOUR SECURITY LATELY?)
Cybercrime is getting worse, not better. I would like to have better news, but I don’t. The rise in cybercrime continues to accelerate and cyber-criminals are better staffed, better armed and have more creative and effective tools this year than they did last year.
Something may happen to alter this trend, but at present there is no real change in site.
This all boils down to one simple statement: What you did last year to defend yourself is NOT good enough for this year.
If the bad guys continue to ramp up their game year after year, you will need to do the same thing to prevent from being a “soft target.” There is little that a typical small-to-midsize business can do to protect against a sustained, advance cyberattack, but you can make yourself less of a soft target. As the old saying goes, if you are trying to escape a bear, you will probably never run faster than the bear, but it helps to run faster than the other people the bear is also chasing.
In 2018, it is certain we will see creative, new and improved methods of attacks, many which will be from an angle that was not protected against, because it was not predicted. While it is difficult to protect yourself against attacks you cannot predict, the same concept security experts have preached for years is still your best bet.
Defense in Depth
Add layers to your defense. In the same way a solid bank vault door is not built with a single door facing a crime ridden alley, you must protect yourself with as many layers between you and the attackers as possible.
Layers of security
The list of layers changes constantly, but here are some of the security layers we have encouraged our clients to examine in 2018.
- Train your people: Formally and at least once per year, with reinforcement throughout the year. If you are in a seasonal industry, such as retail or accounting, coordinate the training to precede the most crucial times of year.
- Test your people: Training without testing is an empty gesture. All education relies on testing to add accountability, and cybersecurity education is no different.
- Separate your digital home and work life: Being able to do all your personal digital activity on the same computing devices which you use to carry out your career is no longer an option. Same with using your work email for all of your personal communication.
- Take advantage of new technology: There have been technology advances in firewalls, spam filters, content filters, anti-malware software and strategy and almost every other defense mechanism in the last few years. If you have not examined your defense strategies to see if there is something new and improved available, you are likely missing out on some valuable new options. It does not have to be the most expensive option either, as one that is five years old may have been state-of-the-art when purchased, and still function, but may not be prepared to offer a real defense against the most recent, developing threats.
- Use Two Factor Authentication on everything: If you do not know what Two Factor Authorization is, start googling it now. If an interface can be reached from the open Internet, it needs to have a second form of authentication beyond a password. Typically, this is an app on a mobile device. Text messages also work, but are not as secure as the apps.
- NEVER use the same password in two places: At least not in places that matter. New password breaches happen all the time and most companies do NOT immediately announce publicly that there has been a breach and your password is now in the hands of the cyber-criminal world. Often it is months or even years after the breach before it is made public. Get a password manager software program and use it. Having variations of the same password over and over is no better than having the exact same password. They must be different, and they should NOT include personal info like pet’s names, child’s name, address, etc.
- Public WIFI is DANGEROUS: If you do not control the network, don’t connect your computer to it. Now, this may be a shock to those of you who have been using public WIFI constantly for years, but we are seeing attacks and major losses from this. This is especially true at large hotels or resorts. Take that times 10 if you are at a conference of high value targets, such as managers, owners, executives, accountants etc.
This is NOT a complete list and not these apply to all organizations. If you would like an analysis of how to lower the risk of your organization, contact us and we will be glad to discuss this with you.
Frankel Zacharia Technical Services provides security reviews, security awareness training customized to your organization on-site or remote, security consulting and incident response. Contact us to discuss how we can assist in adding layers to your cyber defense in 2018.
Thanks, and remember, you can and should understand and be comfortable with your own technology.
Tim Weidman is the Director of Information Technology at Frankel Zacharia Tech Services, a department of Frankel Zacharia, LLC. Tim has a technology career spanning over 25 years and holds professional certifications in Certified Ethical Hacking and Penetration Testing, Security+, A+, Network+ as well as Microsoft, Apple, Linux and Novell technologies.