Basics of Cybersecurity For You and Your Business

In 2016, I received this e-mail from my oldest son.

Date: Saturday, October 22, 2016 at 7:09 PM
Subject: FYI: Security Stuff

FYI – I just got an alert that my email address and my Gmail password were available to be purchased online.

I only use that password for my email, and I have 2-factor enabled, so I’m fine. Though this is further proof that just about everything is hacked and available online.

If you don’t have two-factor enabled on your accounts, you really need to do it.

Since then, security has only become a bigger issue. I wrote about the Equifax event, but there are countless examples of similar events (and yes, I mean countless). 

When people think of hacking, they often think of a Distributed Denial of Service (DDOS) attack or the media representation of people breaking into your system in a heist.

In reality, the greatest weakness is people; it’s you … the user. It’s the user who turns off automatic patch updating. It’s the user who uses thumb drives. It’s the user who reuses the same passwords. It’s the user who falls for social engineering. Each of those choices may seem like a mistake, but they also represent some hacker’s favorite pattern to exploit.

via xkcd

Whether it’s malicious or unintentional, humans are often the biggest security weakness. 

It’s impossible to protect yourself completely, but there are many simple things you can likely do better. 

  • Use better passwords … Even better, don’t know them. You can’t disclose what you don’t know. Instead, use a password manager like LastPass or 1Password, which can also suggest complex passwords for you. 
  • Check if any of your information has been stolen via a website like HaveIBeenPwned or F-Secure.
  • Keep all of your software up to date (to avoid extra vulnerabilities).
  • Don’t use public Wi-Fi if you can help it (and use a trustworthy VPN if you can’t).
  • Don’t put information into GPTs that you want to keep private.
  • Have a firewall on your computer and a backup of all your important data.
  • Never share your personal information on an e-mail or a call that you did not initiate – if they legitimately need your information, you can call them back.
  • Don’t trust strangers on the internet (no, a Nigerian Prince does not want to send you money).
  • Hire a third-party security company like eSentire or Pegasus Technology Solutions to help monitor and protect your corporate systems.

How many cybersecurity measures you take comes down to two simple questions … First, how much pain and hassle are you willing to deal with to protect your data?  And second, how much pain is a hacker willing to go through to get to your data?

It doesn’t make sense to put all your data in a lockbox computer that never connects to a network … Nevertheless, it might be worth going to that extreme for some of your data.

Think about what the data is worth to you, or someone else, and protect it accordingly.

My son reminds, “You’ve already been hacked … the important question is whether you’ve been targeted?” Something to think about! 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts