10 Cybersecurity Fundamentals

Protect Your Business

Security is a very complex, and often boring subject – making it difficult to understand.  The reality is we all need to invest the time to wrap our heads around this topic. The battle for data protection has moved beyond what IT can do alone. But not to fret… included in this article are some cybersecurity fundamentals we all can implement.

Why is Cybersecurity Such a Problem?
Like many things in life, you have to “follow the money.” Hacking has become incredibly lucrative and over the last 20 years the profile of who is doing the hacking has evolved from bored teens just “messing around” to individual criminals and organized crime syndicates acting with a focused purpose.  Considering that the national and global economy uses electronic transactions to conduct business, a significant amount of money in the world is available for hackers to steal.  The “seedy underbelly” portion of the internet, known as the “dark web” helps facilitate this lucrative business of stealing information and money.

Do Not Underestimate the Sophistication of the “Dark Web.”
Many have heard of the CryptoLocker, which locks up your files and holds them for ransom.  Hackers have realized that their ability to collect on the ransom is only as good as their ability to allow you to recover your files, after you pay of course. For this reason they have established call centers with technical “staff” to help ensure you have a positive experience, recovering your files and data after they have collected payment for their “services” (the recovery of your data), which can range from $500 to $5000 dollars.

The dark web, a hidden area of the internet, helps criminals run their operations like a business, connecting buyers and sellers of stolen information, credit cards, identities, etc. Information and secrets are shared on how to hack, what type of hardware or software is vulnerable to attack, and which companies might be exploited.  There are even education companies setting up on the dark web to train future hackers.
People and businesses have the ability to purchase software programs designed to mimic a cyber attack or there is also the option to hire a hacker, as a service. Recently, there was a legitimate business advertising a service to hack into gmail accounts for $100. Their value proposition being the best part:  you only have to pay if they are successful in breaking into your account and accessing your information (oh, the irony).  But then again, who wants to pay for a service that doesn’t deliver?  Yes, hackers now give a money back guarantee… insert snide remark here.

Technology isn’t Making You Vulnerable, You Are!
At the root of all this,  hackers have learned that the weakest and most susceptible point of entry to target is… YOU!  Hackers prey on the uninformed, convincing them to (unknowingly) aid them in their crime.  People are now the targets, not so much the firewalls and servers. Cybercriminals zero in on us (the user) at our PC, laptop, tablet, or smartphone.  They need our help to gain access and we are happy to oblige.

Cybersecurity Fundamentals to Combat Threats.
As scary as it all sounds, there are some cybersecurity fundamentals that we can all put into practice to greatly reduce the risk of falling victim. The first and foremost step is taking the time to get educated! Additionally, some of the most important actions to take in combating cybersecurity threats include:

  1. Question every communication – Just because an email is from a close friend or family member doesn’t mean it is safe to “click that link”.
  2. Utilize Multifactor – The reality is passwords are dead.  There are extra steps that need to be taken with many online systems (email, banking, social media accounts) to ensure additional security measures beyond passwords are used to protect your data.
  3. Implement proper patching – including plugins for your internet browsers, and Not just updating your current software that you use, but making sure you are removing old (vulnerable) software programs.
  4. Use ad and flash blockers within a modern web browser – Many cyberattacks rely on weaknesses within flash, java and other plugins to exploit your computer and the delivery mechanism can often be an advertisement buried within a legitimate website.
  5. Your day-to-day account that you use to login to your computer should Not have local administrator rights – it should just be a “normal” or standard user. The account you use on a daily basis does not require and should not possess high-level access rights, which allows the installation of programs intentionally or unintentionally.
  6. Control wireless access – Appropriate wireless setup is critical, including knowing when to use (and not use) public wireless internet (hint – don’t login to websites that have your sensitive information (work email, banking sites, etc., when you are at a Starbucks).
  7. Use Segmentation – with everything connected to the internet, the hackers will target the weakest link. For protection, put mobile devices (phones/tablets), PCs and company servers on separate networks.
  8. Continually assess and remediate vulnerabilities – The tactics cybercriminals use constantly change and evolve. Preventing attacks requires continued education and analysis.
  9. Train and education – Take the time to understand each threat and communicate to others!
  10. Backup your data – Nothing is fool proof and the most important precaution is to ensure you have a good backup.

Over the coming months we’ll be elaborating on each of these 10 cybersecurity topics. We highly recommend implementing these simple precautions both in your personal life as well as your business environment. We are all in this together, so if you need help or would like additional information please don’t hesitate to reach out.

Eric Gray