Security Consulting

Security Consulting

In the 21st century, we all live online. John Donne’s famous quip “no man is an island” has never been more true and is especially relevant to our digital lives these days. Even if you think you don’t use computers, you do. Ever been to the ATM to pick up some cash from your bank? Automated Teller Machines the world over had the vast majority running on Windows XP, which was vulnerable to the recent WannaCry virus attack. I’m sure you’ve heard of big businesses being hacked like Yahoo, Target, and the list really goes on.

“There are only two types of companies: Those that have been hacked and those that will be hacked.” Robert S. Mueller, III, Director FBI made this famous quote but almost by the time he made the quote it was out of date – it should be ‘There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.’

Stephen Barnes from Byron Vale Advisors

Now you know that the cyber threat is pervasive and real for all of us, but what can you do about it?

Giving up or doing nothing is no longer a viable option. You’ll need to have a comprehensive plan as a business and both businesses and individuals alike can start doing simple things to prevent many hacking and cyber threats.

Start with Marc Goodman’s Update Protocol form his book “Future Crimes”

Don’t Panic.

It may seem overwhelming, and the more you know about the inherent risks and vulnerabilities in cyber security it may seem impossible. But many things like putting a man on the moon were “impossible” until we achieved them. Often we just need the motivation to overcome our fears. Additionally, I’d like to suggest a beneficial way to view how we address our security threats. Starting where we are as our baseline, most things that we do to shore up our defenses are positive progress. They may start small, but incrementally over time they will add up. When they do, it adds up to more than just mitigating risks and dodging expenses. It gives us more peace of mind, it bolsters democratic power for the people of our city and world, it helps us focus on what’s important in life, and it restores trust among people.

Some specific services you may want to ask about:
  • Getting HTTPS/SSL installed on your website. This is a widely accepted protocol that allows your website server and anyone connecting to it to verify each other and encrypt all data that is transmitted. Without this, your web browsing is an open book for any hacker that wants to intercept it. With it, you establish better trust with people and also get extra credit with the ratings at google, which means more traffic, and more business for you. Win-win.
  • Set up a password management system. See why you need a password manager now. [embedyt] https://www.youtube.com/watch?v=xHSnHj-zKF4[/embedyt]
  • Set up Multi Factor Authentication (MFA) for systems and data that really need to be secure.
  • Security assessments. The first step to any security plan is understanding what data you have and what it means to you. From there it helps to evaluate if there’s anything else that may not seem like a problem, but could be.
  • Setting up backups for critical files, or any needed information. If you walked into work or your home office/PC and suddenly found it would not turn on, would you miss any data on there? You bet you would. Whether it’s the spreadsheet of quarterly earnings, a blueprint for a new design, or photos of your family at your sister’s wedding, you don’t want to lose what’s important to you. What if I told you that you never have to worry about that scenario again if you do regular backups of important data? But that data also needs to be secure and where you can trust and access it.
  • Set up encryption. “I’ve got nothing to hide…” is a wrong way to view your privacy. Privacy is important to everyone because when information is taken from us, it’s taken out of context. Context is helpful when people discern a better resolution to a conflict rather acting on too little information. Plus if your identity and sensitive information is stored, or you store that for your customers/clients, then you’re in deep when that info gets stolen. Encryption prevents most of these problems by garbling all the information for anyone except you and those you tell it to trust.

Got questions? Just ask!