Do you truly want to protect yourself from the most dangerous of cybercriminal schemes? To make sure that you are safe from hackers, crackers, black hats, and bitcoin miners?
Well, you can’t.
Hacking techniques are so sophisticated that there is almost no way for something to be truly secure. Cybercriminals have found ways to break into nearly any system.
Some truly outlandish methods of stealing your data include reading computer heat signatures and even the LED lights on your server. And Avi Rubin in a recent TED talk gets further into this issue how and why nothing networked is impervious to hacking.
His talk goes beyond computers to show how hackers can manipulate almost anything you can imagine including infrastructure, cars, refrigerators, and even pacemakers (which as of 2006 have networking capability).
Where to get advice?
As the problem of cybersecurity gets more and more dire, experts like Rubin have begun to shout advice from the rooftops.
Online resources for people abound with the goal of creating a more robust community dedicated to cyber safety. Only by recognizing the enormous global issue surrounding data breaches and cybercrime will we have the tools to combat the problem.
An excellent way to access information is through various TED talks presented by experts in this field.
A leading cybersecurity company, Varonis.com, makes this easier by collecting several of the most useful presentations on the subject for you to peruse (including Rubin’s).
So, what is to be done? A common bit of advice from cybercrime experts comes in the form of an analogy for your home.
Just because someone could break into your house with a battering ram, the adage goes, doesn’t mean you shouldn’t lock your windows and doors.
Passwords are the door locks of your online “home” but most people are giving away the key.
Carnegie Mellon Professor and security expert Laurie Faith Cranor speaks to the very pervasive problem of password failure.
According to entrepreneur.com, two out of five people have had a cybersecurity incident that resulted from a breached password.
This same study points out some typical password fails including:
- Using only one password for multiple accounts — 54% of people use 5 passwords or less for their entire life.
- Using old passwords for many years — 21% of people are using passwords that are more than 10 years old.
- Using common phrases, like “password” “qwerty” or “12345” — don’t laugh, these were among the most popular passwords in 2014.
Security steps you can take to cover your passwords
Though keeping up with cybersecurity can be frustrating, it is absolutely imperative.
There are a number of suggestions that everyone can follow to avoid being victimized.
Make your passwords at least 12 characters in length. Each character you add makes your code exponentially more difficult to crack.
You want to keep full words or pronouns out of your password. Experts suggest using the first letters of the words in a long phrase.
For example, something like “The Bears Won Superbowl XX in 1985 thanks to Walter Payton and The Fridge!” would become TBWSXXI1985TTWPATH! Any Bears fan could remember that.
Keep a unique password for every site.
Though it may be difficult to keep track, there are password manager programs you can use. Sites like LastPass and Dashlane use complex encryption to keep passwords organized for you and out of the hands of criminal actors.
- Two Step Verification
More and more sites are allowing for this kind of verification and you should always take advantage of it.
Usually, it requires a code be sent to your cell phone to enter before you are allowed access to a secure site.
Use this link to find instructions on how to set up two-step verification on some of the most used websites.
What you can do as a small business?
In the current climate, it is easy for small businesses to throw up their hands. Many figure they will be safe because they are too small of a target. However, many cybercriminal assets work automatically, without regard for size or level of sophistication.
As a small company, you may be part of a larger supply chain. Your lax security then could lead to a massive breach.
For example, a massive Target breach of information for 110 million credit/debit card users in 2013 was caused by a cyberattack on one of their HVAC vendors.
The moral of this story is: be vigilant.
What a breach might mean for your company
A recent study by Accenture shows just how devastating a cyber breach can be for a company:
- Cost: A malware attack costs a company an average of $2.4 Million.
- Time: The same report says the average time it takes to recover is around 50 days.
- It’s growing: Cybersecurity costs grew 22.7% in 2016-17 i
- It’s everywhere: In 2017, the cost of cybercrime globally increased by over 27%
Cybercrime is an increasing problem that cannot be ignored. So what is an SMB to do?
Know your foe and find a friend
In a TED talk in 2017, Caleb Barlow, a cybersecurity expert from IBM, discussed how to look collaboratively to combat this problem. He likens cybercrime to a health crisis and suggests ways businesses can work together to end the infection.
Check into employees
It is always awkward to ask people to undergo a background check, but make it a part of regular protocol. There are online services such as NetDetective or BeenVerified to do this work for you.
Have a plan
In this case, the government has your back.The FCC’s Small Business cyber planner is a great resource for planning.
Once you have already been compromised, it is too late.
The top 5% of your essential documents are what cybersecurity experts refer to as the “crown jewels” of your business.
Prioritize protecting these documents by keeping them on a dedicated non-networked PC.
Talk to your employees
Creating a culture of security is essential. Guidelines surrounding password use should be part of your onboarding procedure and well enforced. Try to make rules easy to follow and simple to understand.
Keep a watchful eye
If you hear about or see someone who seems to be acting strangely or suspiciously, pay attention. Encourage others to report if they see things like this as well. Create an anonymous way to enter these reports.
Read also: How to Easily Pass The CompTIA Security+ Certification Exam
Cybercrime is constantly evolving. Keep up with trends and send out information to your entire organization on new scams. Perhaps make it part of a regular staff meeting.
Careful who you work with
Make sure your vendors are secure. Talk to your bank about improved cyber protection. Also, ask your ISP provider about your current level of protection and see if you need an upgrade.
Ultimately, there is nothing that is completely out of the reach of hackers. The only thing to do is lower your risks and hope for the best.
With knowledge and understanding (like the information you can get from TED talks), you can at least be secure that you are doing everything you can.