November 30th was Computer Security Day.
This year, Computer Security Day, which began in 1988 and has been observed on November 30th every year, happened on a Saturday. But everyday needs to be Computer Security Awareness Day!
Imagine tomorrow morning at seven-thirty. Early employees who want to get a head start on their day arrive to find the offices have been ransacked. Monitors at each open-space workstation in your workplace are missing their computer systems. They’re untethered, with their cables uselessly strewn across each desk. Years of client-facing and in-house proprietary data is gone.
This is an expensive cost in terms of IT equipment loss, data loss that quite likely was not backed up, or even if it was, only backed up on-site. And come to think of it, where are those backup drives?
Whoa, let’s stop and fast forward to 2019. Times have changed, the computer theft scenario is no longer the fear. While it probably still could happen and has a similar sense of violation, it’s just not the way threat actors work anymore.
Today we’re talking about a whole gamut of computer issues most people would not have predicted twenty to thirty years ago: Computers in our pockets, leaking proprietary company secrets. Bring Your Own Devices (BYOD) to work. Ransomware that could appear on any device or system. USB sticks. The list goes on and on.
To make matters even more interesting…
Companies are also under intense pressure to get Internet of Things (IoT), aka Internet- connected devices to market faster than their competitors. That means these devices may require a security patch. Do you have a tally on how many IoT devices your business has?
According to research from Zscaler, 91.5% of IoT data transactions from IoT devices in corporate networks were unencrypted. And there are plenty of new IoT products and services released all the time, ripe for the hacking.
Gartner predicts up to 20.4 billion IoT devices will be in use by 2020, just over two months from now. That’s 2.7 IoT devices for every person in the world.
That’s why Computer Security Day becomes more significant each day; to drive awareness of the importance of computer-related security.
Of course, the security risks are certainly imminent and growing every single day of the year. Cyber criminals never stop. They are constantly trying to find ways into your systems, to extort and ransom money from your business or mislead employees to believe an email came from the CEO.
Sometimes the CEO is the threat actor with corporate espionage as the motive for the hacking.
What can you do to protect your own computer security?
Use a Strong Password
Use a combination of letters, numbers and special characters for something only you would know. Maybe it’s a favourite song or saying. You decide. Then substitute numbers for letters, such as 3 and E. Include the use of lower case and capital letters and special characters such as !$%@#^.
No, that was not foul language. But you may not be in a good place if you don’t use those special characters to create a strong password.
What else can you do to add an additional wall of security?
Use Two-Factor Authentication (2FA)
Two-Factor Authentication gives you a second layer of security, above and beyond a strong password. It’s as simple as your trusted vendor sending you a numeric code to either your email address or mobile number they have on file.
You may have already been prompted to start using them at some vendors in your business or personal life.
Whenever possible, use 2FA and demand that your vendors use it for the safety of your business. You may choose to do the same with your personal online sites and apps too.
We’ve talked about how you can use 2FA to protect your own information from cyber attacks on vendors you select. But what are you doing to protect your customers? Do you require customers to use a strong password and 2FA to protect their information?
Using strong passwords, two factor authentication and a firewall at work and home is one thing. But that will not necessarily keep your IP address, DNS addresses, geographical location and specific identifying information private.
Is your business and personal information visible to everyone online?
For a simple answer to this question, go to whatismyip.com and type in your website name.
Chances are it will reveal your exact Internet Protocol (IP) Address on the Internet. You can see how easy it is for anyone to do this.
If you searched for your IP, what did you see? Does this site reveal more information about you than your business than you thought it would?
You Could Use a Virtual Private Network
To do that, you can look into a more comprehensive approach with a Virtual Private Network (VPN). This allows you to completely block your IP address and identifying information.
Not only do cyber threat actors or hackers know this information about you, but they can use it to pinpoint where you are and every site you are visiting.
When you use a VPN, your real computer’s IP address or Domain Name Servers (DNS) will not be revealed to anyone online.
Hide Business Website Hosting Information
You may also wish to have your domain registration company hide all of your identifying information from people who want to search for it. The service is usually offered for a very nominal fee. Websites such as whois.com do not merely sell domain names. Their main function is to provide domain information about currently used websites; albeit not for nefarious purposes.
Plunk in your own domain name and you’ll see what is available for all to see.
How difficult do you suppose it would be for a cyber threat actor or hacker to take advantage of your freely available information? The worst part is that accessing this information takes zero hacking skills.
Which computer security tasks should you outsource?
If you’d like to protect your company and customer information and data privacy, you should contact an experienced professional cybersecurity firm. It’s stronger than having a secret service security detail watching over your network at all times.
A professional cybersecurity company will do that with an intelligence and operations centre that’s staffed 24/7. And, they definitely need vast incident response experience.
Even if you could do parts of it on your own; do you really want to spend your day doing things that don’t contribute to revenue generation?
Not only that, you could spend more time and be more relaxed with your family; knowing your systems, network and employees’ jobs are protected.
We can help you everyday, not just on Computer Security Day. Contact us at ISA Cybersecurity for rock-solid protection from cyber attacks today.
Potential Visual for old school IoT device: Nokia 9000.