What can you do to protect against hackers when risks pop up seemingly overnight to compromise your security and identity? To find out about the threats, and what you can do to ward off hacking, the Orlando Sentinel Editorial Board spoke with Blake Dowling, CEO of Aegis Business Technologies in Tallahassee, who writes tech columns for several organizations and can be reached at firstname.lastname@example.org
Q: There have been some high-profile ransomware attacks in recent months. Can computer users who aren’t experts be trained to identify these threats?
A: Anyone can be trained to spot online threats, and training is a key component to battling cyber crime. There is no magic bullet to stop all malicious online behavior, so users must step up their game and be able to recognize threats to their organizations and their data. Cyber common sense also comes into play: If you get an email from Bank of America asking to “verify” your account info and you don’t bank with them, why would you click on it? Also, never “give” your info to anyone unless you are 100 percent sure you are in a secure situation. Account numbers and private information must be kept ultra-secure. Think Knights Templar guarding the Holy Grail if you need an analogy. Some hackers are actually calling organizations, asking to log into their PCs, saying they are from Microsoft. Rule of thumb, Microsoft never calls you to assist. Hang up, and if you have caller ID, report the number to the Florida Department of Law Enforcement’s Cyber Crime Division.
Q: What’s intrusion testing, and how would it protect against ransom ware?
A: A great first step is to do a simulation of a cyber-attack. The company Knowb4 has a great ransomware test that you can run (and it’s free). You can pick a variety of templates from which to choose from, like a fake Gmail template asking your users to change their password. Once you enter email addresses and pick a template, you send the test, and anyone who clicks on it you know and can take the required next steps. Which is detailed training. A lot of users are click happy out there, and you must help them snap out of that behavior.
Q: Ransomware and other malicious software are often traced to certain parts of the world: Russia, Eastern Europe, North Korea, and China. Is it possible for a business or individual to block traffic from these parts of the world?
A: Cyber crime is on the rise. You used to have to have a great deal of skill to become a hacker. Now any petty thief can go on the dark web and buy a ransomware tool kit: Overnight there’s another hacker on the scene. Many of these new generation hackers operate outside of our borders, so we like to eliminate them from the equation. We do that by enabling a feature of some firewalls called Geo-IP filtering, which blocks all traffic from a specific region. This tool can greatly minimize your risk of exposure to various online threats originating from these areas.
Q: What kinds of best practices involving software and hardware are effective in guarding against ransomware and other threats?
A: When the Wannacry attack hit earlier this year, Britain and Russia were hit especially hard, and there are two reasons for this. In the British medical world, a lot of legacy (old) software operating systems are in place, which don’t get the latest security patches and updates. Also, in Russia, there is rampant use of pirated software, which like the legacy software does not get updated to defend against the latest threats and vulnerabilities. The best way to avoid these scenarios is to keep your software up to date, patches and updated. Also, keep your hardware renewed, under warranty and support. Be sure to have the latest anti-virus and anti-spam security products in use. Use two-factor authentication with financial institutions (this means a device like a phone and a password are needed to conduct a transaction). Lastly, prepare the worst and have a redundant-image-based backup for your computing world for quick restoration in case of an attack where data is compromised. The more layers you have in your security approach, the better off you will be.
Q: What kinds of passwords are most effective in repelling threats? How can we possibly remember them all? Has the conventional wisdom on passwords changed at all in recent years?
A: Your password protocol is your front line of defense against cyber-attacks. By avoiding a word in the dictionary as your password, you are less likely to be attacked by a criminal running an auto-hack tool. The addition of a character, number and capital letter add to your security. There are still brute-force attacks to be concerned with, where using social engineering (looking at your social media pages, etc.) hackers are trying to guess your password. For example you post photos of your cat named Mr. Snickers, and you use that as your password — voila! You have been hacked.
Q: How might you find out if your personal information has already been stolen by hackers? What should you do then?
A: There is a great online tool that allows you to enter your email address and find out if your information has been breached, and is it for sale on the dark web. Granted, there have been so many breaches of universities, branches of the government, financial institutions, etc., that your name just might be flagged. It is not the end of the world. Just make sure you monitor your credit score and account activity and stay vigilant as the bad guys are literally around every cyber corner. However, if you use the methodologies and best practices I’ve mentioned, you and Mr. Snickers will certainly be less likely to have a problem.
Full column and video here: http://www.orlandosentinel.com/opinion/os-ed-hack-attack-safeguard-your-data-security-20170814-story.html