Hello cyber warriors,
This is not the title most of us imagined as a child. In fact, most of you are thinking you don’t have such a title today – but you do. You’re walking around landmines planted into innocent looking emails, assessing the risk of every click on a website before you proceed, and hopefully taking many other steps such as 2FA to keep enemies outside the walls of your domain. I know at times this is exhausting, confusing, and frustrating. I feel your pain, and we’re right there with you. This week, President Biden warned the private sector to stay on guard for possible Russian cyberattacks. Maybe you’re thinking you are not a worthy target, or you’re concerned but also confused as to what you can do to stay safe. My team, and I are here to solidify your defenses and help you feel at ease when you go to bed at night.
First, let’s make it clear that you are a worthy target. Hacking is done by automation so there is very little cost involved in trying to hack someone. It’s like investing in a little tech to collect free lottery tickets: the more lottery tickets you collect, the more likely you are to win – and that’s what hackers do. Some do go after big fish and invest a lot of time, but most others throw as wide of a net as possible to catch as many fish as they can. However, this is not the only reason you are a worthy target. Your computer is connected to networks within the USA, and you have a trusted list of contacts. Launching an attack from your compromised computer exponentially increases hackers’ chance of catching victims. In addition, with the advances in artificial intelligence, it is cheap to launch socially engineered attacks. These automated attacks gain information first, then personalize themselves based on your business, habits, and day to day operations. Sound scary enough? There is much more, but I will stop here for now.
So, what can you do? First and foremost: prioritize cybersecurity. Don’t wait until you experience a breach to address weaknesses. A good place to start is engaging with us on regular bases to assess your systems. My team and I can help determine vulnerabilities that will cause you to end up in that wide net with the other fish. Security is about the company culture and mindset: if you are not psychologically willing to make permanent changes, no matter what we implement, you will go back to your old and dangerous habits.
Ready for specific steps you can take to protect yourself now? Let’s dig in. For starters, use a password manager. That is where you should store your records and use complex, unique passwords for all your logins. Some password managers let you share logins with team members as well, which is very helpful. You should also enable two factor authentication (2FA) on as many logins as possible. Ideally, your password manager supports 2FA and can provide login codes since this method is more secure than SMS based authentication. Furthermore, make sure all your software is up to date and patches are applied in a timely manner, and have a dependable backup system in place that is always monitored. Backup system must support file versioning, so if the latest backups are corrupted, earlier versions can be restored. Finally, have a cyber security incident response plan. Your plan will save you from confusion and agony should you be exposed. The good news is that my team and I can help you with all this. However, we can only help if you care about your cybersecurity as much as we do.
While specific steps are helpful, based on our experience, your mindset is the true game changer. My wish for you is to commit 2 to 4 hours each month to evaluate your cybersecurity. Evaluate habits, systems, tools, and apps. Every piece of technology that’s crucial to your business, as well as bad habits, can be the compromise that brings your business to its knees.
As always, we are ready to hold your hand along the way.
– Burak Sarac, Team Lead
|