Cybersecurity: can we really be safe?: Based on our observation, the answer is no. This is because if a hacker or insider threat wants to get into your network and steal your information they will.
The best companies can do is make it as difficult as possible for them to achieve their goal. By setting up alerts and parameters business can start to be more proactive rather than reactive to the outcome of a data breach.
I would be happy to go into more detail, but without any guidance from your side, I am unsure of what specifics to drill down into.
When it comes to cybersecurity, it’s impossible to be completely protected from every potential threat out there. Take, for instance, the massive data breaches that have become commonplace over the past few years. You can do your best to protect that information, but it’s ultimately up to those companies to keep it safe. That being said, there are some
ways you can better protect yourself if your account information is compromised by one of these data breaches. The most important one being, never to use the same password
across multiple online accounts. By following this simple rule, you can rest assured that your online accounts remain safe, even if one of them becomes compromised.
Coinratecap has gathered enough information from experts on this topic.
Let’s review experts opinion on the subject matter;
I am a former federal enforcement attorney and Chief Compliance Officer of a global financial institution, now back in private practice. I counsel companies on cybersecurity issues and on diversifying management and the board to include cyber intelligence. Here are a few comments from an outside perspective:
I see increased understanding and engagement at the top management and board levels, even at small companies. Traditionally, IT was not understood, and management would not understand the role and responsibility of IT departments.
Now, you must have a board and top management engagement. The main pain point from IT is the need for the latest resources to keep a company safe. Many companies don’t upgrade their information security systems enough, and the technology to breach critical systems is advancing much faster than the company’s security.
The Board must understand the issues, and the potential harm to a company if a breach occurs (see Walmart, Home Depot, Yahoo, etc.). Having a sophisticated Board, not only business but in today’s cyber and IT security is a must to understand the issues and protect the company from these types of harms.
Translating an understanding of the importance of a proactive IT security policy, and feeling like the company is on board with IT security efforts. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand.
IT is different. It’s a different language for a business person, and unfortunately, most Board members will ignore or defer on issues they don’t understand. So when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded.
This can lead to a reactive plan only that focuses on the when as opposed to prevention. As mentioned above, IT is a different language. It’s becoming more important, and almost imperative, that a Board has an experience IT/cybersecurity liaison to be the go-between and translate the IT language into business and vice versa.
More often the Board simply doesn’t understand an issue. When I am engaged to investigate and report, it ordinarily is an issue that could have been resolved without outside counsel, but a lack of clear communications between IT and the Board stymied that understanding.
It’s imperative in most companies to have a Board member knowledgeable in the area that can understand and communicate issues related to IT security and have a voice in an area that most board members don’t understand.
As mentioned above, for a cyber policy to be ready for prime time, you must create the right environment. Many policies are reactive, meaning that they do not anticipate issues but wait for issues to arise and then act or react. Many of these policies are short-sighted, looking at the near-term and not focused on long-term goals.
Proactive policies are forward-looking, not only in anticipating issues that might arise but in having clear directions and goals. The IT staff has the best chance of being successful in a proactive organization with proactive policies, where the culture is open to change and forward-thinking.
Success in a reactive organization, by contrast, is an uphill battle. These organizations are likely resistant to change, lacking or minimalizing proper training, and also likely have no real sense of management buy-in.
Braden Perry – Cybersecurity Attorney
Twitter: @bradenmperry
There’s no such thing as safe, both in physical and cyberspace. I’m Greg Scott, and I’m a long-time cybersecurity pro. I was frustrated in 2014 with headline after headline about companies who allowed attackers to steal my personal information, and so I decided to do something about it.
I wrote Bullseye Breach: Anatomy of an Electronic Break-In to show how Russian mobsters stole 40 million customer credit card numbers from a fictional retailer, Bullseye Stores. And Virus Bomb shows what might happen if attackers really do get serious about penetrating an industry and stealing secrets.
Although we can never reduce the odds of bad things happening in cyberspace to zero, we can move the odds closer to zero. At the personal level, don’t use the same password everywhere, don’t fall for phishing scams, don’t store sensitive information in portable devices, do keep good backups, do stay vigilant. On a macro level, give your support to organizations that demonstrate they care about cybersecurity by subjecting their security practices to public scrutiny. Learn why our credit reporting system is broken and what we can do to fix it, and then advocate for it.
Greg Scott
My name is Stacy Clements; I own Milepost 42, a tech partner for small businesses, and I also teach a local Cybersecurity 101 class for small businesses. This is one of the points I make in my course – in our connected world, there is no way to be 100% cyber secure. Like the Kobayashi Maru, the bad guys just keep coming, and they only have to get through once.
Instead, what we need to focus on is being cyber-resilient. For businesses, this means taking some time to do a risk assessment and setting up processes to ensure they take protective actions and can respond and recover to cyber incidents. It’s similar for individuals – we need to be proactive about understanding what information we have, protecting
it as one of our valuables, monitoring for potential security issues, and having a contingency plan if something goes wrong.
The National Institute of Standards and Technology Cybersecurity Framework is the basis for the class I teach. The core functions of the framework – Identify, Protect, Detect, Respond, Recover – provide a good lens for businesses to use to help manage cybersecurity risk.
Stacy M. Clements
Is it 100% safe, No, But…: Is 100% cybersecurity safety possible, no. But, every person/organization should implement best practices to reduce the risk significantly.
A few I suggest:
Avoid free WiFi connections are typically burdened by man-in-the-middle attacks that highjack your data, especially your data running to applications in sleep mode on your phone. In this case, you may not even know that an unintended data exfiltration is happening in the background of your mobile devices. To stay safe, there are two main rules to remember:
Don’t auto-connect to insecure WiFi networks. If you must, use a VPN solution that blocks all traffic unless it’s running.
The best strategy is to use your cellular data plan. Most cell phones include a tethering option. Make sure your laptops and your tablets utilize the WiFi from this setup and not the free wireless offered through the nearest Cinnabon.
Never leave your phone unattended.
Our devices today contain our entire life history, including access to IoT devices in our homes (door locks, lights, speakers, etc.). If your phone is picked up by a bad actor, they could guess a four-digit passcode and access information such as bank accounts, healthcare information, provider information, birthdays, emails, pictures and even notes that contain the passwords to these sites (provided you’re not using a password manager). These tips are ones that can save you many headaches, and certainly prevent the unintended leakage of privileged data.
Ian McClarty
President & CEO
PhoenixNAP Global IT Services
To be truly safe in cybersecurity would mean a complete lack of cyber threats. With that being the criteria to be truly safe than true safety is an impossibility. There are far too many threats, and governments have too little an understanding of network security (and the internet in general).
The average netizen can protect themselves from most threats, however. It simply requires diligence, particularly in the following areas:
1. Strong antivirus and adblocker: Strong antivirus software will protect your computer from being infected by malicious websites and downloads. A strong adblocker will prevent pop-up ads on websites that could deliver malicious scripts. With both combined, you’ll be protected from most virus-type threats online.
2. Being aware of common attacks: It helps a lot to know what the latest threats are. For example, a virus was spreading through Facebook. It is delivered via message attachment from someone on your Friends list who was already infected. Many tech websites covered this, so always follow the latest cybersecurity news.
3. Remaining moderately anonymous: We say “moderately” because it’s near impossible to be 100% anonymous online. However, there are numerous ways to lessen your digital footprint. Opting out of site trackers, using browser plug-ins to block cookies, using a search engine like DuckDuckGo that does not track your search activity.
Thus, while we can never be truly safe from cyber threats, we can erect enough barriers to keep a majority of threats at bay.
Robert Dale
Cyber Security Warrior
Editor @ **BetterDefend
