Security is hard, right? So many restrictions! Passwords, MFA, content filtering, app restrictions, screen lock outs, etc. Why do I need to have so many defenses? The cyber crooks aren’t after me. They target corporations and big businesses.
Although there is great potential for large profits by choosing to attack big business organizations, miscreants look for vulnerabilities among their victims. The easier it is to breach a company, due to it’s weaknesses, the more attractive the payoff. Why look into hacking a sophisticated network when there are back doors unlocked for an uncomplicated compromise? Start stringing these together and the rewards can be lucrative.
Folks may want to know why these defensive procedures are necessary. They need to understand that it is more then ‘because’.
What can happen if the cyberpunk weasels his way past your defenses? What is at risk?
- Compromised credentials – Stolen personal information can lead to financial loss and identity theft.
- Data Theft – Loss of data, personal or corporate, can pose financial and reputational disaster.
- Financial risks – Compromised credentials can lead to bank fraud, extortion, fraudulent money transfers
- Reputation – No one wants to be tomorrow’s headlines. News of breaches can affect business.
- Extortion – Information found to be proprietary can be used against you or your company through threats to release to the public.
- Stalking – Collecting details about you or your company can lead to unwanted observances.
How can you fortify your cybersecurity posture?
- Asset inventory – Knowing what hardware and software are on your network is essential to protecting it.
- Patching – Keep your hardware and software up to date. Subscribe to newsfeeds and newsletters that will alert you to vulnerabilities and patches.
- Strong, unique password + MFA – You’ve heard it before. This adds an additional layer of security.
- Continuous monitoring – Understanding your ‘normal’ network functions will assist with troubleshooting anomalies. Monitoring user accounts can assist with identifying unusual behaviors and threats.
- Backups – Document and retain regular backups of critical data. Store copies off site and offline.
- Incident Response Plan – A written IRP will save time, confusion and money when a cyber incident occurs.
- Education – Educate all users of the potential cyber dangers, how to recognize and report it, and make this an ongoing part of your cybersecurity awareness program.
Putting more roadblocks between our sensitive assets and the bad guys can make us less likely to experience an attack or breach. “Because I said so” has real actions and strategies behind the phrase.