Last week, Bob Lord, Chief Information Security Officer at Yahoo, headlined a panel at SXSW in Austin, TX, entitled The New Normal: User Security in an Insecure World.
Instead of focusing solely on the threats presented by this terrifying cybersecurity world we live in (see the massive Russian intelligence-directed hack on Yahoo, which compromised 500 million user accounts in 2014), Lord also presented a positive message: three crucial principles that can lead to a healthy cybersecurity environment. After all, as security experts the world over reiterate time and again, understanding cybersecurity risks isn’t the same as protecting against them.
The beauty of Lord’s presentation came in its simplicity, which focused on three P’s that can protect business data, prevent a ransomware attack, and increase productivity:
Now, for a little more detail on each bullet:
1) Patches—Whether it’s for your operating system, your suite of Microsoft Office applications, or just your favorite smartphone app, security patches (otherwise known as software updates) ensure critical protection against evolving cybercrime trends. But sometimes the delivery mechanism for those updates can be confusing, leading to users either neglecting important downloads, installing patches that aren’t necessary or securely vetted, or even disrupting normal operations with an ill-timed click of that “Install Now” button. That’s where the guidance of a trusted IT provider comes in. A good cybersecurity expert like CMIT Solutions takes a proactive as opposed to a reactive approach to IT support, fixing problems before they occur, monitoring and maintaining systems 24/7, and only installing patches and updates when they’re safe to deploy and convenient for employees.
2) Passwords—Speaking of that aforementioned Yahoo hack, which resulted in the federal indictment of Russian hackers last week…Details from the Department of Justice’s investigation revealed that the hackers didn’t have to try hard to perpetrate their cybercrime. According to the indictment, the Russian hackers searched email accounts and online messaging apps for keywords like “password123” to find people’s login credentials, many of which were used for multiple accounts. That’s why it’s so important to not reuse the same password across multiple platforms; to create strong, long passwords comprised of random letters, numbers, and characters (think “th1sisn0tmyp@sswOrd” instead of “thisisnotmypassword”); to activate two-factor authentication whenever and wherever it’s available; and to go the extra mile with enterprise-level password management solutions.
3) Phishing—Aside from brute-force attacks by shadowy hackers, the next biggest and often most insidious form of cybercrime comes via phishing. Defined as an email sent out from a domain address that looks legitimate (think “mycompaany.com” instead of “mycompany.com”) containing links or attachments that also appear to be valid, phishing has become the #1 delivery method for ransomware and malware. Recipients of the carefully crafted and often harmless-looking emails are guided to click on a bogus link or download a malicious file, which when opened can access and often encrypt all of the data on your computer and any connected networks. That’s why it’s so important to empower employees with targeted training to identify phishing emails, to regularly and remotely back up all critical data in case of infection, and to know what to do if you fall victim to an attack (hint: don’t pay the ransom!).
No matter what your level of cybersecurity knowledge and experience, understanding these critical three P’s (patches, passwords, phishing) can help lead to comprehensive protection. The other most important component? Having a trusted IT provider like CMIT Solutions in your corner putting those three P’s into action. We worry about cybersecurity so you don’t have to, freeing you up to run your business and deliver the best customer service on the planet while we make sure all computers and technology systems run smoothly. Contact us today to learn more.