A friend asked me to present to a client (and his staff) the wonderful world of cybersecurity and ransomware. So, what do you tell someone that they haven’t heard already from the news, mags and blogs that would get him or her to protect their business, their customers and themselves from attacks? How do you guard against something that seems so random, or do you just sit by and hope that it doesn’t happen to you?
As 2018 ends its first quarter, we must realize that information is now a commodity, a commodity to be traded like pork bellies on the stock market. It is sold to people and businesses who use this to influence your decisions on a wide range of things, from people and places to politics and products. And that’s only the half of it, for we happily give up some of that information for a rich full life.
What about those who mean to use the information for evil? What about the dark underbelly of the world that means to scrape this information from us and turn it into a revenue generating source. Credit card numbers, bank accounts, private thoughts and info for blackmail, insider trading, business secrets. All can bring a hefty price to the right buyer.
So, I guess it boils down to a couple of thoughts. Do we want to protect ourselves from theft? Do we care enough about this to do something? I mean after all it’s not like someone is breaking into our homes and stealing the TV or the few hundred-dollar bills stuffed inside our bible in the nightstand. They are not coming into our business with a gun and “sticking up the joint”.
I remember when my car was stolen back in the 90s. Man was I pissed, not that any vital information was in there. I didn’t have my wallet in it. No envelope of 100s in the glove box. But it was MINE. And it wasn’t like I left it running in a shopping mall parking lot with the windows down.
So why was I upset? I didn’t do anything to provoke this. It wasn’t anything special (seriously it was an 86 2 door grand am with like 11ty billion miles) My point is, it was mine. And someone took it.
There will always be someone bad doing something bad. And while sometimes you can look the other way and get over it. Sometimes you can’t “get over it “. I had insurance on my car. I got over it.
But can you get over someone stealing your life, your Identity, your life’s work on cold fusion, your retirement savings? I really can’t find many stories out there of people or business being made whole again after these cyber-attacks.
So, are we leaving our proverbial cars unlocked with the keys in it? Unfortunately, I think the answer is yes to some extent. I equate it to leaving our valuables on the car seat in the darkest corner of the lot and mall security is on lunch.
Look, we all learn from our mistakes. And the first time we get burned we take measures to avoid a repeat performance. But the stakes are much higher and more serious now. You and your business cannot afford to have this happen. If you are attacked by cyber criminals you may not have a second chance to change things, you may not be able to recover.
So, what do you do?
Protecting one’s information has some easy starting points everyone should be employing. Let’s start with the easiest of them all
Passwords. Passwords should be case sensitive, long, and changed frequently. And this includes passwords on your desktop and laptop, server and router, access points, modem, bank accounts and phone at the very least.
Firewalls, antivirus, malware and ransomware. These are important watchdogs. Updates need to be done to the software on a constant basis to ensure that the newest threats can be guarded against
Lock the doors! Open network ports can be so easily access, mostly because most don’t know they are even open. Sad but true. And these ports almost always give thieves an opportunity to breach your network. This includes router ports and usb ports. Thumb drives ports can and should be closed by admins so employees cannot use them to up or download. Emails are also an open door which can be used to enter your network. Have your network admin set up rules through your email account as to what emails are safe and which attachments are allowed.
And lastly Backups. I don’t think you can have too many backups. One on a hard drive, one in the cloud, one in your home and one in a safe, one in shed buried in an old cigar box. It really is that important. It may be your only chance if your information is stolen or held for ransom. It also means you can be made whole again if some other catastrophe happens. It means you have options.
Doing all these things doesn’t mean you won’t be a victim of a cybercrime. It means you’re putting protections in place in case it does happen. It is like buying insurance and a sump pump if you live in a flood prone area, that doesn’t mean you’re going to have a flood. It means you plan and can be made whole again if you do.