Secure Your Digital Footprint
Cybersecurity Awareness – By Ron Frechette, The Cyber Coach
The recent Colonial Pipeline Ransomware attack was an enormous wake up call for the entire world. The CEO was forced to pay a $4.4 million dollar ransom because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back. For many of the small-midsize businesses we support, this would not have been possible and would most likely have resulted in bankruptcy.
The best way to minimize the risk of experiencing ransomware or a data breach is to adopt good cyber hygiene practices. Cyber criminals are especially active during the summer months due to the masses being on vacation in a lax state of mind. So, as we transition into the summer, we ask all our readers to be extra vigilant in practicing good cyber hygiene in order to avoid the pitfalls of experiencing a data breach or ransomware attack.
To understand the basics of cyber hygiene, this month we will provide a visual perspective of what our online presence looks like in cyberspace. In the IT security industry, we refer to a person or company’s online presence as a digital footprint.
There are billions of digital footprints in cyberspace. Each time you hit the send button on a digital device, your IP address launches packets of data into cyberspace. These data packets travel at lightning speed to other digital footprints that you have selected to send. This could be an email, paying a bill online, sending a client an agreement, or conducting some on-line banking. Let’s analyze the components of a digital footprint.
The circle represents our security perimeter. This is where we put security controls in place to reduce the risk of our sensitive information from being compromised. The lines around the circle represent data attempting to enter and exit our environment. The lock inside the circle represents the area where our sensitive information resides. This could be credit card data, PII (Personal Identifiable Information like DOB, SSN, wills, banking info, etc.), PHI (protected health information) and/or Client Data.
Who is trying to steal my data and how do they do it?
There are millions of cybercriminals across the world who come to work every day with the sole purpose of stealing information online that they can sell on the Dark Web for monetary gain. There are over 500k new malware variants being launched into cyberspace daily The digital age is forcing us begin adopting a “defense in depth” mindset as we become more dependent on technology to live our lives.
There are four threat vectors around the security perimeter of every digital footprint that cybercriminals try to exploit.
1.People – Spouses, children, and/or business colleagues having or not having the awareness that these vulnerabilities exist, how they behave when they are confronted by a phishing email, and how they respond.
2.Processes – Having formal policies and procedures in place with detailed guidelines and having been properly educated on the threats of cyber-attacks.
3.Facilities – This has to do with physical controls. Do you have locks in areas of your home or business where sensitive information can be accessed? If you have servers in house, are they under lock and key with 24-hour camera surveillance?
4.Technologies – Ensuring that the networks and applications you utilize have been properly vetted and can guarantee an acceptable level of security.
This applies to your digital footprint as well as the digital footprints of others who you interact with on a routine basis. Never feel shy about evangelizing what you learn about good cybersecurity hygiene with friends, family and business colleagues. It will enhance the security of everyone you interact with in cyberspace.
Over the next few months, we will begin to break down each of these threat vectors and share ways you can begin to identify existing security vulnerabilities. We will arm you with tools and knowledge to identify where those gaps are and provide guidance to install the proper security controls.
Questions? Email me: firstname.lastname@example.org or send me a tweet @GoldskyRon.