How to Mitigate the Risk of a Cyber Attack

With the recent revelations of major security breaches at Equifax and the SEC, we are reminded again how much risk is involved with storing and securing data. Computer systems make the storage and retrieval of vast amounts of data possible, but with that also comes an increased risk that the data will fall into the wrong hands. If you still don’t believe that Cyber Security is a major factor going into 2018, just look at these cyber security statistics.

This isn’t a risk only assumed by major corporations, because the same thing is happening on a smaller scale all around us, and businesses are not recovering from it. Cyber security is everyone’s job, so if you don’t know what you are doing about it personally, then please read on.

The Threat

If you are not a cyber security professional, then likely you might feel like you are fending off attacks from sophisticated users, so why bother with worrying about it? After all, if they want to hack you they will.

While this is an oversimplification, it does have some truth: if you are in the vast majority of computer users, then you likely don’t have the tools and knowledge that even basic “script kiddies,” entry level hackers, have. This shouldn’t discourage you, however, because only a little knowledge can go a long way.

The good news is that you have the advantage. You get to choose the battlefield, the tactics, and even the prize of victory.

Understand your weaknesses

Approaching security as a personal responsibility means you need to understand your own weaknesses, and how you can overcome them. For 99% of people (unofficial statistic), this is going to be passwords.

We as humans tend to gravitate towards the option of least resistance. This means that when faced with remembering tens or hundreds of passwords, we will use the simplest one that meets the minimum requirements across the most accounts. Then we’ll never change it because that would take a lot of work.

This is absolutely the biggest problem right now, and unfortunately, there is no way to solve it. Biometrics will not be replacing passwords, because they have a fatal flaw: they are not secret. If you use fingerprint scanning, then everything you touch potentially has a copy of your password. If you use facial recognition, anyone with a camera can take a picture of your password.

No, passwords are not going anywhere, but that doesn’t mean you need to languish in password purgatory (or worse).

Security Updates

The second largest entry point for an attack is going to be the system(s) that you use. This might include an Operating System, such as MAC OSX or Windows 10, your Browser, your Phone, IP Cameras, Routers, etc.

Knowing which systems have data or resources that are valuable to hackers means you get to choose the battlefield and the tactics. If you are on an Apple computer, for example, you’ve already given yourself an advantage against low level attacks, because you are in a minority of users. Low level attacks take advantage of known security flaws to attempt to exploit systems that haven’t been updated.

This also means that if you regularly install security patches on all your systems, then you will be much less susceptible to low level attacks. This is a much better approach than trying to be in a minority, since being in a minority might mean that less attention from hackers, and therefore less attention to security, has resulted in bigger and worse zero day exploits.

Your best bet to avoid systems security issues is by running modern systems, from your Wi-Fi to your OS, and keeping up to date with security patches.

How We Secure our Customers’ Data

As you can tell, Cyber Security is very important to us at Inbound Studio. Our systems and servers are under a constant barrage from the web, testing our security at every point. We are very insistent that security protocols are in place.

Passwords:

1. Always unique for each account & user
2. Stored encrypted on a secure password management system
3. Multi-factor authentication is required to access passwords
4. Passwords in development instances are equally secure as in production

Security Updates:

1. Are applied as soon as possible, generally within a couple days of release
2. For high risk websites and systems, the updates are applied in a sandbox, or development instance, and QA’d before implementing in a production environment

Monitoring and Logging

1. Websites and systems are monitored 24×7 for various threat points
2. WordPress installs are secured on server and web app levels
3. High risk websites and ecommerce sites are scanned daily
4. Logs are stored on separate read-only locations

While these efforts certainly mitigate the risk of being compromised, nothing can guarantee a security event won’t occur. For this purpose, it is important to be able to determine what data was compromised, and how quickly normal service can be restored.

We keep regular backups on separate physical systems that can be recovered quickly and reliably.

To Summarize

If there was one thing I could impress upon everyone it is the importance of practicing good password management. Here is a good article that discusses some of the best Password Management Tools that can help you with this task. If everyone at your organization managed to keep secure passwords, and kept their systems up to date with the latest security patches, those two things would go furthest in keeping your data safe from the prying eyes of hackers.