“I’m sorry sir, I can’t open a new account for you.”
“Crap!” I’ve been standing in the Apple store for the last 90 minutes waiting to set up a new wireless account, but I’ve been ironically thwarted by my own safeguards.
My Equifax, Transunion, and Experian credit have long been frozen. I can’t get a new credit card, mortgage, auto loan, personal loan, or apparently now a cell phone. I froze my credit sometime after the Yahoo breach when they lost data on 3 billion of their users or a little less than half the friggin’ planet! Who is responsible for sifting through that stolen data anyway? I imagine an entry-level hacker sitting in his cubicle in Moscow anxiously scrolling through billions of compromised social security numbers. He’s squirming because he’s supposed to meet the other interns for drinks in Red Square and still needs to process another 2,895,732,245 victims.
Shortly after I froze my credit, one of the credit agencies, Equifax, got breached. Did they at least have the courtesy to let the hackers know my account is frozen, so lots of luck trying to defraud this guy? I’d like to hope when my name comes up the hackers see an emoji of Han Solo frozen in carbonite, sigh and move on.
Han Solo and My Credit Circa 2017:
It’s to the point now where I yawn if I see a breach in the news of under 100 million users. I imagine a similar reaction happens to weary residents in the hurricane-ravaged south when they don’t evacuate before a storm only to have their houses and (gulp) sometimes lives wash away.
As consumers, we can’t ignore the virtual security storms that keep hitting our shores. Start by updating your password lengths. A seven-character password comprised of numbers, letters and symbols can be hacked in six minutes by a brute force attack. Six minutes! My Mr. Coffee takes longer than that. And to all hackers reading this, I have officially retired using my dog’s name and address.
On the plus side, stopping attacks have become just as sophisticated. There are thousands of tools and resources at your disposal to shut down even the most sophisticated attacks. The only caveat is that you need to use them. Don’t fall prey to “Breach Fatigue” wherein wave after wave of cyber-attacks reported daily in the news makes you jaded to the point where you let your guard down.
Here are just a few examples of some easy things you can do:
• Get a password manager. A password manager is a computer program that allows users to store, generate, and manage their passwords for local applications and online services.
• Use two-factor authentication (2FA). Many sites let you enable this feature, which requires you to enter a code typically sent to your phone in addition to your password when logging in.
• Always install new updates to your computer and phone operating systems. Most updates include security fixes that prevent hackers from accessing and exploiting your data.
• Get yourself a decent anti-virus and firewall software – and use them! Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
• Be suspicious of emails or messages asking for login or account info and check that links are legit before clicking.
• Back up important data to the Cloud or on an external hard drive; keep copies of important data!
This of course extends to businesses as well and way beyond 2FA and patch management. From AI through ZTNA. and everything in between, businesses of all shapes and sizes cannot become complacent. I wonder if the corporations paying millions in Bitcoin to hackers hoping to get their data back would have preferred to implement a DRaaS-based restore instead of funding future attacks.
Beyond the Risk Assessments, Threat Detection, Identity and Access Management, User Training, Perimeter, Cloud and Endpoint, SIEM, DRaaS, and Cyber insurance, it's about creating a security-based culture where every department and employee is hypersensitive to the threats that can bring their business crashing down. All the tools on the planet aren’t going to help if employees are clicking on malicious links, using simplistic passwords, or downloading unauthorized software.
Following IT best practices goes beyond using the latest technology; it’s about staying ahead of risks and disasters that can derail your company. We know the storms are only going to get worse. We can’t stop the onslaught, but we can be prepared when they hit the shore.