Moresource Minute Blog Post Provided by: Dan Stewart
IT Security… Data Breaches… Ransomware…
You can’t open a newsfeed (or even a newspaper) without hearing about the latest IT security failure. Not a day goes by that my inbox isn’t filled with 10 items regarding IT Security How To’s or security failure and data breach headlines.
Fear Sells! Let’s face it, it really does! Just look at the doomsday companies out there selling concrete vaults, food stuffs, and survival items – they are selling fear, or more precisely, a solution to abate your FEAR! Info Sec Tech is no different… they can sell to your fear, make you nervous and over buy in an effort to protect yourself, your company and your clients.
Truth sells better! The truth is, yes, your network is at risk, your data is at risk, your future reputation is at risk. The REAL question is not “Am I at risk?”, it is “How much risk exposure do I have?”
There are four (4) main fascets in the information security process:
· Network Security
· Endpoint Security
· Internet Security
· Cloud Security
1. Network Security
Is anything you do to protect your network, both hardware and software. These efforts protect the usability, reliability and integrity of your network. A hacker is capable of getting into your network and blocking your access. Ransomware can lock your data and holds it hostage for a bitcoin ransom.
How to defend your network:
1. Security Engineering which entail:
o Vulnerability assessment: ID’ing worst case scenarios and proactive planning.
o Penetration testing: probing a network for system weaknesses
o Network intrusion detecting systems (NIDS)
2. Attack vectors – where threats come from are:
o Zero-day attacks: attacks that come before vendors are aware of it and can offer a patch.
o Denial of Service: overwhelming your internet by overloading it with requests
o Data interception and theft
o Identity theft
o SQL Injection: injecting your database with malicious code
3. Endpoint Security
Truth is, end-users are often the weakest link in the security chain. This can be due to many factor: not properly educated about phishing campaigns, mistakenly giving out credential to unauthorized personnel, downloading malware, or using weak passwords.
Endpoint security is a device level approach to network protection. By securing data where it enters and leaves the network by means of authorization. Whether it is a PC, wireless POS, or laptop, any device that accesses the network is a potential point of threat. Endpoint security sets policies to prevent such attacks.
Best defense: virtual private network (VPN) if you’ve ever used a VPN, that is endpoint security in action.
4. Internet Security
Did you know that the internet is considered an unsecured network? A scary truth! Especially when you consider how much data we give and receive via the medium. Internet Security or cyber security deals specially with the way data is sent and received in browsers (Internet Explorer, Chrome, Firefox, etc.)
Hackers can enter you network through your internet connection, it’s simple and so easy to do a high school kid with a port sniffer can find you (if your not protected)!!
There are ways to block this unauthorized access with firewalls, anti-malware and anti-spyware – anything that monitors incoming internet traffic for unwanted traffic. While little or nothing will stop the truly dedicated hacker from eventually breaking in (this could take months or years!) encrypting your data can make it harder for them to do much with it because only authorized users can decrypt the data.
· Tools to improve internet security:
· Forms of email security
· SSL certificates
· Web Sockets
· HTTPS (encrypted transfer protocols)
· OAuth 2.0, a leading authorization security technology
· Security tokens
· Security software suites, anti-malware, and password managers
· Frequently updating and installing security updates to software, e.g., Adobe Flash Player updates
· Encryption, and end-to-end encryption
5. Cloud Security
Each day we are doing tons more over the web with cloud-based file sharing, calendars, email, data storage, and applications. All that communication between the cloud and your end-point device – that needs to be secure too. With all that data flowing between connections comes new concerns about privacy and reliability – and the cloud (internet) can be notoriously vulnerable!
Not sure where to start?
Enlist the help of a network security specialist. Take a proactive security stance, educate your end-users, and take advantage of the latest in authentication measures. Just remember that securing your network is an ongoing process. Hackers and technology are constantly changing and upgrading their tools and protocols and the ever-changing landscape of security threats dictate that we adjust along with them.
In order to answer the question: “How much risk exposure do I have?” depends upon how big your security footprint is and how much you have exposed your network and data to the public side of the internet. Putting security protocols in place reduce your risk exposure and can help minimize the affects and attack can have on you.
Cyber Insurance can be utilized to help mitigate the risk exposure firms face in todays IoT (Internt of Things) world.