Cyber Security

Cyber security is basically protecting digital property and information from theft, loss or destruction.  There have been stories of major breaches every month.
While breaches of larger companies make the news private homes and smaller companies are also at risk.  So what is your exposure?  Actually you could figure that better than I can.  Answer these questions?
Why is cyber Security important to your business?
If you come into your office and saw that all your computers were stolen.  What is your exposure when that data is leaked?
What would be the cost to your reputation if that was leaked?
What data do you have that is valuable to somebody else?  What is that worth?
What data do you have that is private to your clients or others?  If that data got out then what would might that cost you in legal fees and law suits?
Wow! is that a larger risk of lass than you planned for?
What is the limits of your Cyber security insurance policy?  Is it a catch all policy or are there loop holes and limits?
Have you discussed these answers with your IT team and asked of specific solutions?
Does you company have a Cyber Security policy and Plan?

What can you do to limit your exposure to a breach?

  1. Outsource storage of personal identifiable data (PID) to a vendor who has expertise in protecting PID.
  2. Can you keep your data secured with complex passwords of at least 11 characters?
  3. Can you destroy unnecessary copies of client data now?  If so then get rid of unnecessary databases and excel spreadsheet file exports ASAP.
  4. If you must store PID locally can you encrypt the data on your hard drives?
  5. Can you avoid entering your personal data into unsecured websites?
  6. Do you have employees?  Do they turnover?  What data do they have access to and what keeps them from making a copy and selling or leaking it?
Do you know how to browse safely?  Which search results are real and which are unsafe?
Sample browser page:

Basic and reasonable cybersecurity steps every family, company, and employee should all take.

   1. learn to recognize and avoid phishing and spear fishing scams
    2. Firewalls on?
Windows software firewall and /or a hardware Router or gateway (with NAT).  Router security should be set configured wisely or set to Defaults (with as many of the ports closed as possible).  Firewalls protect you from network attacks you did not invite. The good news is that in this day and age most of us have firewalls.  The bad news is firewalls can’t protect you from yourself.  Your firewall will let you and your staff go where you want and exchange information.  So your firewall and your anti-malware protection will usually let you go to a dangerous link.  Once you are connected your firewall will normally trusts the evil site long enough for you to get infected.
    3. Browse wisely, know how to dissect URLs
Learn to identify if the 1st & 2nd level domain is real.  Above you will see screenshot of a browser page in Chrome.  So what do we know. for sure?  We have 5 tabs open.  We have recently downloaded a file named touchscreen.png   Our current second level domain is returnpath  Our sub domain is blog.returnpath    Our 1st level domain is .com  our mouse is on a link to juniperresearch.com/…
  • Here are some examples of safe vs unsafe links:
  • https://support.hp.com/us-en/product/HP-Photosmart-7520-e-All-in-One-Printer-series/5199461/model/5199462/drivers   is a real link.
  • HP.driverppdate.com/1315.html is not safe.
  • http://www.hpdriver.net/hp-photosmart-7520-driver/ is not a safe link. Why?
  • The first level domain is in the US is commonly .com .net .org or .gov   Just to the left of that is the second level domain which should also be 100% familiar or avoid the link.   If you see “https://microsoft.com”, then you’re on the official Microsoft website. Any Scammer can put a familiar name like”microsoft” in a page URL as a file name, a directory or as a sub-domain name. So you may find that the URL is  “http://microsoft.werscamrs.com/canon/pepsi.asp  then that page is controlled by werscamrs.com while Pepsi and Microsoft have no idea that webpage even exists.” Even if it is the scammer makes an identical copy of a Pepsi web page don’t be fooled.  Instead you would be within werscamrs.com website3. Be wise with email attachment and links in your email messages.  Study the dangers of phishing scams, unsafe links, and attachments.
  • Look for a green padlock in the URL line followed by https://
  • Be wise about your passwords   Longer passwords.  Complex passwords.  Don’t use items easily guessed or found in your public records.  Examples of poor passwords:  kids birth date,  Default password, same password for all your sites. the password you forgot to write down.  The complex really important password your wrote down and lost.  The password you changed but did not log.  A note under the keyboard or on the monitor at work.   Good Passwords:  Can be tested at https://password.kaspersky.com/ This page will estimate time it takes for the password could be cracked with an average home computer.  Here are sample results:
    1. 1-04-1965  (9 min to hack)
    2. heather (1 second)
    3. heather1-04-1965  (16 hours)
    4. Heath3r1-04-1965  (3 days)
    5. WeA11L0v3Fid0  (1100 years)
    6. p@s5w0Rd  (1 sec)
    7. p@s5w0Rd17Jan  14 days
    8. t3l13ph0n3  14 days
    9. t3l13Ph0n3  16 days
    10. shopperhealth6303551216 (1 mill yrs)
    11. Cubs_are_Great_in_1908  (1 million years).
    12. Many devices or websites lock you out after a certain number of failed attempts. For these sites it is actually safe to use a password with medium level security because the hacker gets locked out after a couple failed attempts — and so do you
   4. Keep your passwords secure.  There is no fool proof way to do this.  But we suggest that you use either an offline paper or an encrypted software program like KeePass2 to store them.
   5. Opt into 2-step verification.  Sites like gmail.com use 2 step verification.  So if somebody gets your login and password but logs in from a new device they are locked out until you confirm it is you from your cell phone and you are notified of the attempt next time you login to Gmail.
   6. Keep your devices and software up-to-date.   Only download updates from safe sources.  Windows or Apple OS updates.  Manufacturer’s Driver Updates, Software updates from Ninite.com   See also TrustedCTO.com/rpm
   7. Scan for malware regularly  Anti-virus like Microsoft Security Essentials or Windows defender opened regularly to check last scan and last update.  Also run Spybot Search & Destroy, Malwarebytes and SuperAntiSpyware.  See www.TrustedCTO.com/rpm
   8. 
  

Leave a Reply