Swimming in dangerous waters!

Posted by Brad Graham, Northern Computers 01-04-2020 03:10 PM

Just about every month now another large company makes the global headlines when they get their doors kicked in by cyber criminals, and we have our personal information stolen. No doubt, you also hear of many local companies and institutions in your area having their security breached, and it seems to be happening more and more lately, even with all of the warnings and extra precautions we are trying to take. 

Don’t gat caught in a Phishing or Whaling Cyber Attack!
As countermeasures become more advanced, so do the cyber criminals, so there is an endless arms race that seems to maintain a constant equilibrium and this probably won’t change. Where we can improve though is also the most often overlooked aspect of our technical ecosystem; the user!

Yes, that human component sitting behind the keyboard is often the weak link in the security chain, and the one target that can really open the door wide to an outsider looking to gain access to your valuable data. Gaining access into a system through the user is called a “social Engineering” attack because it targets a person with manipulation in order to gain trust and ultimately a way into an otherwise secure system.

Having your network completely locked down from an outside attack does nothing if a user offers a password over the phone, or runs some malware sent along in a deceptive email. We are not machines, so we will always be the weak link in the cyber security chain.

Start thinking like a cyber criminal!
Go ahead, put on that “black hat” for a while and start thinking about how you would break into your own network, and you will probably realize that manipulating someone at the keyboard is your low hanging fruit. Sitting in an unmarked black van with WiFi scanner and trying to brute force your way into a network is certainly not as easy as learning a bit about Joe the accountant’s interests in order to send him a very convincing socially engineered email designed to get him to click that one link that opens Pandora’s Box on your otherwise secure system. Yeah, it is happening a LOT lately!

Educate your users to “think twice” before clicking!
It’s all too easy to click on a seemingly legitimate link in an email as you weed through the endless spam over your morning coffee! It takes practice to get into the habit of slowing down to check links and to remember that you are swimming in dangerous waters at all times. Have your IT department offer regular training and updates on the latest scams to all users and make sure you are vigilant with backing up your data.

Of course, use the latest up to date cyber security software, but don’t forget… these will do nothing for you if you open the door for an attacker from inside your organization!

Brad Graham, Northern Computers.