We asked a team of IT security experts from around the country critical questions about security. Here are their answers: 

What were the biggest security issues in 2016?

  • Ransomware – This has gone from a few guys in a garage holding data hostage, to a multi-billion-dollar industry that is so prevalent governments are warning businesses to boost their security with multiple layers of protection.  This is unheard of and shows how concerned they are about the effects of Ransomware.
  • Government-Sponsored Hacking and Spyware—An example of this is the possible Russian government support of hackers breaking into the Democratic Party computers.
  • U.S. Department of Justice Hacking —Over 10,000 Department of Homeland Security and 20,000 FBI employees’ and contractors’ data was breached, with Social Security numbers being posted on the Internet.
  • Yahoo announced that they suffered multiple breaches of account information over the years.
  • A hacker by the name of Peace compromised 167 million LinkedIn users and 71 million Twitter users, including celebrities like Katy Perry, and business owners like Mark Zuckerberg of Facebook and Biz Stone of Twitter.

What are the biggest security threats in 2017?

  • Ransomware is getting much more creative. Ransomware now takes files away, holds them, gives them to the hacker before encrypting them, gathers information and uses it to ransom additional people in various ways. Medical practices that deal with PHI (protected health information) are especially vulnerable to these breeches.
  • Popcorn Ransomware – Victims don’t have to pay a ransom if they help criminals infect others. Unfortunately, some people aren’t ethical and would be willing to do this.
  • Subscription-Based Ransomware – The hacker holds your data and threatens to release it unless you pay them yearly.
  • Jigsaw Ransomware – For every hour you don’t pay ransom the criminals begin deleting your files. If you reboot your computer, they automatically delete 1,000 files.
  • More opportunities for breeches with the “Internet of Things”— There are more entry points available to hackers today, such as Kindles, Apple Watches, thermostats, computerized refrigerators, drones and much more.

What tools do you use to protect your workstations?

  • An Anti-Virus and Firewall are no longer enough. You need a multi-layered defense with these along with data-loss prevention, hard-drive encryption, malware protection and web/content filtering that travels with the user wherever they are.
  • Next-Generation Solutions that provide IT professionals important and behavioral information to keep data safe.
  • All of this should be available along with real-time security surveillance that allows the IT professional to detect and prevent intrusions, and tell you if data has been stolen.
  • Security updates for operating systems, applications and firmware for all technology devices on a network are a must.
  • Education for users is the key.

How will state-sponsored hacking play a part in 2017?

State sponsored hacking into elections is in the limelight right now because the media promoted it.  However, it’s been going on since 2010. Along with this, malware was developed by the U.S. to cripple Iran’s nuclear arms platform. We’ve seen more of this each year, and it will continue as technology advances.

Are all brands the same?  What makes one better or worse than another?

  • Most brands are the same—Not commercial vs. consumer, however. Retail brands offer similar series. The key is to choose a commercially viable brand and implement multiple layers. You don’t need to use the same name in each layer as long as they are reputable and regularly updated.
  • A lot depends on the person implementing these products. They must be performed by a knowledgeable Managed Service Provider (MSP).

Will we have an increase in phishing in 2017, or more specifically spear phishing?

  • Yes—we see more phishing attacks. Phishing relies on the weakest link which is the user. This moves the shift for protection to user awareness and education, so they don’t reveal passwords.
  • It’s a numbers game for the criminals. They send out 1,000, emails and if they get clicks from 10, they have succeeded. They will keep doing this as long as they can.
  • A form of spear phishing is increasing where criminals research and target individuals in companies, like the financial officer or even the president. The president may get an email from his chief financial officer asking for a wire transfer to a particular account (which is the criminal’s mind). This has happened. Hence, spear phishing is much more dangerous. Again, user training is the key. The general public is still unaware, and they fall into these traps time and again. Your IT professional can’t protect your data if your employees keep falling for phishing schemes.

According to a study by Verizon in 2016, 63% of all security breaches involved a weak or stolen password as a method of computer or network breach.

What do you suggest as a precaution to avoid weak passwords?

  • Configure the network in a way it forces the user to have a complicated password and to make sure they’re not using the same password all over the web. The network administrator for each site can see your password, and if you use the same password to enter your email, they can enter your email and capture your private information.
  • Use two-factor authentication. This is a one-time password used in conjunction with other passwords. Note: When your bank or other site asks you for security questions, such as to identify pictures or provide a pin, this is not a two-factor authentication. A Google authenticator, RSA token, thumbprint or retina scanner are other factors.
  • Never put your password in plain view (for example, on a post-it-note on your monitor) where others can see it (or even under your keyboard!).
  • Use a password manager solution where your passwords are strongly encrypted and highly secure. You simply use a master password, and it randomly creates passwords in a safe vault for all the sites you use. All you have to do is remember your master password.
  • Bear in mind that your password credentials are cached into the memory of your computer. If a criminal can get into your PC, they can lift your credentials out of the memory. You need a solution that changes your passwords continually on your network. Your MSP can help you with this because it’s complicated to set up correctly.

Takeaways 

  • Security and the need for it will never go away.  It will become larger.  You need two things:
    • An expert who is a trusted advisor who understands your business needs, what solutions you require, and keeps them up to date.
    • An expert who can provide the employee education necessary to protect your critical data.
  • Passwords must be embraced. Everyone hates relying on passwords, but you need to embrace them because they keep your data safe.
  • When it comes to the cloud, do your due diligence.  Hire an expert who will look into the product you’re using.  Some clouds don’t back up data.  Your MSP is your best advisor where this is concerned.
  • Surround yourself with experts. Ask them questions: “What are you doing? What should I be concerned about? What do you recommend?  What are my IP numbers?  Do we have the right firewall in place?  Do we have a disaster-recovery plan if our data is breeched?” etc.  Ask them to educate you and your employees.
  • Stuff is always changing. Never be content that everything is fine.  Tomorrow there will always be a new attack.  You need an expert to monitor this and ensure conventional technology is in place to protect you.
  • Take cyber security seriously.  Do something about this now and continue in the future.  You need an expert who understands this and makes it a priority.

RCOR Technologies has you covered when it comes to cyber security.  For more information on what we can do for your business, contact us at (919) 313-9355 or tim@rcor.com