Cyber Security: Back to the Basics
When I talk with people about cyber security, people get all excited and want to talk about the latest gizmo they read about that will stop cyber criminals, or how they can be protected from the “elite” hackers. The reality is, unless you are a Fortune 500 company, this is where you need to just, stop! Every once in a while, you need to take a step back and re-evaluate where you are, and what you are doing. Go back to the basics and make sure you have firm footing. As many farmers would say, “you need to pat down the ground for a firm foundation before you build anything on top of it”.
My advice is, that every year, you should be reviewing what you are doing to protect your infrastructure, and your employees. These attacks change from day to day, but how they attack and from which directions, do not change as often. Currently, many attacks focus on users, as they are currently the weakest link. The approach of these attacks has been changing as well, criminals send spam, vishing attacks, SMSishing attacks, etc., but they all have one thing in common, in that they are trying to get the end user to do something. You goal should be to teach the user to be aware of these types of attacks, and by doing so, you will improve your company’s security posture.
The same has to do with operating system patching. Do you have a process setup to patch monthly if not more often? The key word here is, process. If you do not have a process in place, then you are just doing something as you remember to do it. This is problematic. A process will make sure you get it done on time, every time.
What about a process for updating firmware for the firewalls or switches? Those beasts that you are probably too afraid to touch. You cannot just hope that the attacker will ignore your outdated vulnerable firmware, you need to patch it just like everything else.
By having a process in place to keep your firmware and software up to date, your users well informed, and your monitoring checked so it is correct, will allow you to build a more secure and stable infrastructure.
Contact Thrive to speak with one of cyber security experts, and we’ll help put a strategy in place to protect your company, and its assets.