Security Recommendations in The Wake of Cyber Security Month
Nov. 10, 2017
According to the U.S. Department of Homeland Security, October was National Cyber Security Awareness Month. However, for me, it started on Wednesday, September 27th, when the Greater New Haven Chamber of Commerce’s Technology Council provided a presentation on cyber security by Kyber Security, a division of CONNECT Computer, an IT services company owned and run by President and CEO, Lynn M. Souza. This was just the beginning of heightened cyber security awareness for me.
On Tuesday, October 3rd, I attended an MIT Enterprise Forum titled “Securing the Internet of Things: Reducing Risk in a Connected World!” The panelists at this forum focused on (i) securing devices which have small microprocessors which cannot be secured in the same ways in which our desktop and laptop computers, tablets and smartphones are secured, (ii) securing the 100+ processors which can be found in most automobiles today, and (iii) securing a large network with thousands of computers like the system at Yale University. One of the presenters said that he is more worried about a coordinated cyber-attack from North Korea than he is about a nuclear war with North Korea.
Finally, on Tuesday, October 17th, I attended a full morning presentation, again presented by Kyber Security, during which the presenters went into greater detail about cyber risks. In addition to the Kyber Security team, there were presentations about cyber risk insurance by Robert T. Sargent, President of Tennant Risk Services, and about Datto Inc.’s data security solution with built-in ransomware detection by Mike DePalma, of Datto Inc.
In case I was not completely anxious after these presentations, during the first half of October I read Dan Brown’s novel Digital Fortress, published in 1999. Although it is a bit outdated, so many of the issues dealt with in Brown’s bestseller have become the background to our lives in the past 18 years.
The balance of this article provides a summary of the recommendations for protecting yourself and your data which I received from Kyber Security.
1. Use strong passwords which are at least 16 characters in length and utilize random words (letters), numbers and special characters. Don’t use the same passwords for everything. Hackers have a slew of tools which allow them to crack less complicated passwords and they eventually will crack your password or steal it from a service or institution which you use. If you use the same password for everything, once they crack (or steal) your password they will have access to everything you have, every device, every software, every bank and credit card attack. Use a password with words you can remember, but not words which are significant to your life. Do not use your kids’ names, college name, etc. Hackers can easily obtain that information from social media sites and use it to crack their passwords.
Obtain and use a password storage software, such as Last Pass or 1Password. These programs are designed to assist you with creating complicated passwords and remembering all of your many passwords.
Use 2-factor authentication (or two-step verification as it is sometimes called) for logging into online services as almost all of them are now offering this. 2-factor authentication is when you need to enter a username and a password (one factor), and also the service will text you a series of numbers that you need to input to sign in as well (second factor). For example, when I sign into Facebook, Gmail, LinkedIn or any other online services, I will enter my username and password, and then click the button on the screen to receive my one-time code. Once I receive it, I will enter that into the site to complete my login. This will prevent anyone who may have stolen your password from accessing your online services; they will not have your phone to get the one-time code.
Set up all of your systems and software so that they automatically update as soon as new software/security patches are released. You don’t want to only update your software when you get around to it, because at some point that will be too late. If you don’t update constantly, eventually a hacker will access your system through a “hole” in your software that you did not patch in time.
Make sure that you are backing up everything automatically and continuously to an offsite location, as well as to a local appliance or hard drive. Datto provides a best-in-class solution for data security, backups and business continuity. I highly recommend you look into their solution. If you don’t have good backups, you will not be able to restore your data in the event of a ransomware attack.
Uninstall your commercial antivirus software and adopt/install a “whitelisting” application. Commercial antivirus software uses a blacklist approach. As computer viruses are discovered, the commercial software developers develop a patch which allows the software to notice the viruses as infected documents are reviewed before being opened for use. Each new patch adds a new virus to the software’s “blacklist.” Experts say that no commercial antivirus product can possibly cover the multiple viruses that hackers are constantly developing. Eventually, your anti-virus software will not have a patch for the newest virus when you are attacked. Consequently, the better approach is to develop a list of software, a “white list,” which is allowed to run on your computer. With this approach, anything else (not on your “white list”) that tries to run will not be allowed. If you decide to add a new software package to your computer, you will need to add it to the “white list” before it will be allowed to run. This is the only recommendation which I received from Kyber Security which I have not (YET) adopted. I will do this as soon as I figure out how to do it.
Sign up for your free “dark web” scan with Kyber Security by going to http://kybersecure.com/darkweb. You will need to enter some information which they will use to search the “dark web” to see if your passwords have already been obtained by hackers. Wikipedia defines the “dark web” as “the World Wide Web content that exists on darknets, overlay networks which use the Internet but require specific software, configurations or authorization to access. The dark web forms a small part of the deep web, the part of the Web not indexed by search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web. The darknets which constitute the dark web include small, friend-to-friend peer-to-peer networks, as well as large, popular networks like Tor, Freenet, and I2P, operated by public organizations and individuals. Users of the dark web refer to the regular web as Clearnet due to its unencrypted nature.
DO ALL OF THIS NOW!!! Don’t procrastinate!!!
Not all companies or entrepreneurs are the same, and not every lawyer has the experience handling the complexities of growth-oriented businesses. Using the legal process strategically is much more than just handling day-to-day operations, it’s understanding the company’s structure and ownership, the goals of the principals, and having a deep understanding of financing, mergers and acquisitions, licensing, and negotiations.
I provide a free consultation, a “Business Strategy Session,” before every representation to ensure my clients understand how legal issues can impact the future of their companies. If I am not the right attorney for your company, I will help you find an attorney with the expertise you need. Just call me to schedule your free consultation.
Isaiah D. Cooper
Practical Solutions for Complex Business Transactions!