Cybersecurity is not ONLY about responding to a ransomware or hacker but being prepared to prevent it from happening. When you are prepared to prevent an attacker for entering your computers or network, you make it difficult for them to be successful. For an attacker that means they will have to spend more time trying to get what they want. If it is simply to hold your computer and information for ransom, then they will likely move on. If it is your information that they want, they will expend the extra time to get it. But who said you had to make it easy?
So, what can you do? Well, a lot. But don’t despair. It may not cost you a lot to implement. Let’s follow the National Institute for Standards & Technology (NIST) Cyber Security Framework. In the framework there are two areas that are easily addressed. Identify and Protect.
Asset Management – Get a list of EVERYTHING that processes information electronically. It could be a security camera connected to your network, your computers & servers, a printer, all you network devices, etc. Record what it is, what operating system (Windows, Linux, macOS, etc) and what software is installed on it (Office 2016, Adobe Reader, Adobe Flash, and the other programs you use). If it is a device like a printer or a security camera, record the brand and determine the firmware version.
Maintenance – Update your software and firmware when new version are available as they may address security flaws in the software. For Windows and other applications, updates are provided monthly. Others, not so often. Check with the developer and see if they have an email list you can join to be notified when there are updates.
The longer a security flaw remains in your software or firmware the easier you make it for an attacker to be successful in taking or ransoming your information. But by doing these two things, you have done a lot to protect your information and taken a proactive stance in preventing an attack from being successful.
If you need assistance, let us know. We’ll be glad to help you become proactive!
The month of October has been designated as National Cyber Security Awareness Month (#NCSAM). For the next month, we will cover varying #Cyber360 topics to business and personal cyber security as part of ItsEmc² dedication to fighting cyber crime and keeping you and your business safe.
Start today and think about all the items that are in your business or personal life that are connected to the world wide Internet. These items range from your everyday cell phone, desktop computer, server, etc. to your point-of-sale, thermostat, even refrigerators.
How secure are they? Think about it, most people get a device get home and plug it in, maybe make a few changes to make it work and don’t even give a thought about security. This where you are likely to be hurt. Not changing the default password and if possible the default user can provide a gateway into you network, computers, and information!
Make a list of everything connected in your business/home that is connected to the Internet. Even if you hired IT experts to manage your IT, you should have a copy of what everything is in your network.
Start from the point where it comes into your house and document each item and the other items it is connected to. Check to make sure that the default usernames and password have been set to something else on each piece of equipment. As you make the changes to the usernames and passwords annotate the list.
When you have compiled everything, building a network diagram is a logical next step. They can be as simple as this hand drawn (amusing diagram) found on Tech Republic.
|Hand drawn network diagram.|
However there are several tools available to help build these professional looking diagrams. Check out this TechRepublic article for a list of popular ones (5 of which are free.)
Once the list is made, save it and update it when you add or remove items that connect to your business/home wired and wireless network.
Finally, secure the list. Place it in an envelope then seal it. Store it in a safe or in an area only accessible to those people that need to know that information.
Speaking of need to know. What is it? We’ll cover that another time.
Be safe and perform your Cyber360.