10/17/2019
Do you want to know why you keep hearing about companies getting "breached" and your data being stolen?
Short Answer: We keep handing them the keys to the systems.
Story Time: Have you ever had someone ask permission to do something when you are kinda busy working on an email or reading an article/post on your phone and you say "sure" without TOTALLY hearing all the details of what you were saying yes too? Do you know how a particularly savvy kid waits until that exact perfect moment to ask dad (or mom because dad always says no) if he can go to his friends house, but mumbles or leaves out the details about the other thing they plan to do? Social engineering attacks work in much the same way. They catch you with your guard down and when you are NOT paying close attention.
These breaches happen because we unknowingly give the keys that we call passwords right to the bad guys and often on a silver platter. They disguise themselves in increasingly clever ways, sit back and wait for the perfect moment, and unlike the Wet Bandits in Home Alone, you may never even know they were there.
So what can you do to make sure your company doesn't become the next headline?
https://www.usatoday.com/story/money/2019/10/14/yahoo-data-breach-117-5-million-settlement-get-cash-monitoring/3976582002/
https://www.forbes.com/sites/kateoflahertyuk/2019/03/21/facebook-has-exposed-up-to-600-million-passwords-heres-what-to-do/
1. Train - just like you train your body at the gym, you need to train your brain for security. What do the two have in common? Exercises. If you are not performing security exercises in your organization, then you are not prepared to prevent your employees from handing over the keys to your business kingdom. You might as well leave the front door unlocked during a riot. Its just a matter of time before they come in and wreck the place.
https://www.dhs.gov/cisa/cybersecurity-training-exercises
2. More locks - Security controls and tools like MFA are much harder for the bad guy to get through. Much like the paranoid apartment dweller with multiple locks on the apartment door, Multi-Factor Authentication will stop the bad guy who was given a key, because the door now requires a thumbprint, and maybe an iris scanner, and a secret knock (insert favorite knock-knock joke here). Here's a quick reference for a common MFA tool that is easy to implement.
https://duo.com/product/multi-factor-authentication-mfa
3. Gated areas - limiting access to areas that are not needed through special policies and permissions, will limit what damage an attacker can do. The concept is known as least privilege, but in simple terms it just means that don't give access to the showroom floor to Bob from accounting...
https://www.beyondtrust.com/blog/entry/what-is-least-privilege
There are several more easy things you can do to protect your company and the people that trust your company to protect their information and they don't have to hinder the way you do business.
Let us know if you are hungry for more tips and tricks or if you just want some advice. We are here to help.
October is CyberSecurity month and is the perfect time to get the security engines going.
