BreachExchange mailing list archives
Computer security: If you have to call the FBI, it’s too late
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Fri, 11 Mar 2016 14:54:38 -0700
http://www.tennessean.com/story/money/tech/2016/03/11/computer-security-if-you-have-call-fbi-s-too-late/81613810/ Newsflash: The local FBI came to our office last week. Donât worry â we invited them. We wanted to make sure our team is completely up-to-date on cybersecurity, so we can educate our clients to prevent security breaches. It was great to hear it straight from the FBI, but our team wasnât surprised by what we heard. Here are a few things that the local FBI and I would both tell you about keeping your information secure: The definition of insanity is doing the same thing again and expecting different results. The reason hacking continues is because we want it to be easy to get to our own data. If itâs simple for you, itâs simple for a hacker to get into your account, too. Until technology can make it both simple and secure, we have to change our own behavior to protect our data. You could go to Amazon right now and order books that teach you how to hack. Does that give you pause? Itâs not hard to be a hacker. But that also means that we each have responsibility to protect our own systems â when we throw up our hands and donât go through much effort to be secure, the bad guys win. Hackers have come up with lots of ways to make money off our lack of computer security, but here are two ways we can eliminate the risks with good security procedures: Shooting phish in a barrel You have probably been exposed to phishing already. With phishing, you get an email that appears to be from someone you trust, or from what appears to be a credible source like your bank, but it asks for your username and password, credit card or other account numbers. Donât do it! And if they ask you to wire money, stop immediately. Often, you can find clues in the email. If itâs an unusual request, listen to that little voice inside. Check the email address carefully, and roll over any URLs to see the full address before you click. Donât open an attachment from this kind of email! Itâs always safer to call and talk to the person (and if itâs your bank, look up the phone number yourself â donât trust a phone number you see in a suspicious email) to get the full story. Often, youâll find itâs a scam. Like Supermanâs âcâryptonite If you have employees, you have a security threat. Itâs that simple. You canât control every click on every email attachment, or every USB stick or smart phone connected to your computers. Have you heard of CryptoLocker? This ransomware spreads through a computer and associated computer network via an email attachment, and it encrypts your files. To free your data, youâre told to pay the hackers that created the ransomware. (Recently, ransomware began spreading on Macs, so donât believe the adage that Macs donât get hacked, either.) Always: - Stop, look and ask: Does this seem like an odd request, even if I know who the sender seems to be? - Back up critical data regularly. - Create strong passwords. Use upper and lowercase letters, numbers and symbols, and make them longer than eight characters. - Use a separate password for every site. - Use multi-factor authentication anywhere itâs offered. Never: - Connect USBs to any device or computer that has access to important information. - Back up personal cell phones and tablets to work computers. - Store your password in a browser. - Use the same password for email and social media. - Send a username and password over Internet/data. Make a phone call if you have to share a password. Just remember the 6 Ps So, in honor of my dad, who passed a couple of weeks ago, Iâll share his all-time favorite tip: Remember the 6 Ps: Proper Prior Planning Prevents Poor Performance. If youâre not planning and actively paying attention, you can easily fall victim to a hack that can lead to identity theft, unintended disclosure of intellectual property and dissemination of financial and personal information about you, your employees, your employers and their clients and vendors. Ouch. If the FBI has to get involved, youâre way too late and it was a situation that you could have easily prevented. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160311/9d534e88/attachment.html>
Current thread:
- Computer security: If you have to call the FBI, it’s too late Audrey McNeil (Mar 11)