In medium and large businesses across the country, CISOs (or chief information security officers) are under siege. The cyber-security landscape is more complex and threatening than it has ever been. They work on a tiny budget and are still expected to monitor, audit and provide for their company’s security needs. One slip-up and the company could suffer.
Businesses work hard at choosing good security products and the cyber-security industry has evolved to provide better businesses solutions over the years. Even so, staying secure requires more than security software. They need to address their software vulnerabilities.
What are software vulnerabilities? Users of Internet Explorer are familiar with them, often having seen updates arrive with an explanation about a “security vulnerability in the browser that could allow third party users to take control.” Why, Microsoft had a major Internet Explorer 9 security problem only in September 2012. Businesses needed to deny access to visitors on Internet Explorer until a patch could be installed. That’s just one program. A business network could have many of these vulnerabilities in each software program it uses. In theory, a talented hacker could use these, enter the system and take control of the entire business.
People often think that only software that’s deployed companywide poses a risk of this magnitude. This isn’t true, though. A careless employee who personally installs some ill-advised videogame on his company-issued laptop could open everything up, too. Fortunately, as studies show, most successful attacks only use well-known vulnerabilities – not obscure ones such as this. Cyber-security departments simply need to keep themselves updated on the latest in vulnerability intelligence and act quickly when something turns up.
How do you know if your company is careful enough? Ask yourself the following.
- Do you have dedicated cyber-security personnel with the training, resources and authority needed to do good job?
- Are your cyber-security people trained to tell critical vulnerabilities apart from the less urgent ones?
- How are you set up for zero-day vulnerabilities – security loopholes that haven’t been announced by the software maker yet and that do not have a patch? You need access to a quality vulnerability intelligence service to keep abreast.
Many businesses do not invest in vulnerability intelligence – they will wait until the software maker contacts them. If you are unlucky, your networks could attract a successful attack by then. Look for a good intelligence service and enable your cyber-security staff to put their recommendations into practice. You should be reasonably secure then.
In today’s technology age, it is virtually impossible to avoid creating a cyber-footprint. Whether you are checking emails, tweeting about your lunch, or making a video of your cat playing with a ball of yarn, you are allowing the entire world to access personal information about you. It is becoming easier and easier to register on websites and create content. In fact, the website owners want you to register and create content. So the entire Internet is specially designed to urge you to create content. Every day, employers, college admission boards, and even your parents are searching for information about you via the World Wide Web. In many cases, less than respectable information can pop up. So how are you supposed to avoid getting caught in this trap? Follow the five steps outlined below to prevent the wrong information from reaching the wrong people.
- Yeah, well I’ve registered on over 10,000 websites. Do not register on a site simply to say that you registered on that site. Only sign up for an account if you are entirely sure you are going to use it for a while. If you are unsure, make a “fake” account on that site. Use a fake name and a random username. Have a spare email you use for just this type of situation. If you find that you are still enjoying yourself on that site in a month, transfer your information over to a legitimate account.
- Does this make me look fat?Be aware of how your affiliation with a particular site can affect your reputation. Take for example social networking sites like Facebook and Twitter. In many cases, your posts on these sites are harmless. But in many instances, you may post that undesirable picture of yourself at last Saturday’s party or that radical post about marijuana legalization. Although not directly harmful, it is probably information you don’t want certain people to see. So choose your sites and the content you post on them wisely. The ancient Greeks had a fascinating technique. They would write a story or an article, put it away for years, and if they still liked it all that time later, they would use it. You don’t have to wait two years, but wait a little while and think about your posts before you make them.
- Halt! What’s the password?The next step is to set privacy settings. In most cases, websites are installing security features for your profile so that you can limit who sees certain parts of your profile. It is recommended to limit your profile to friends only. However, it is perfectly fine to hide those questionable photos and posts from the public and only allow friends to see them.
- Backstabber! Friends can be a problem. Are friends really your friends? You probably add anybody that sends you a friend request on Facebook. Instead of adding complete strangers, only add the people you know in real life and trust not to leak your personal information. More and more cases of employers befriending their employees via fake accounts are arising every day. Don’t get caught up in this trap.
- My Diary. The last step to avoid getting into trouble on the Internet is to keep close tabs on what accounts you have on what websites. Keep a simple piece of paper at your desk and write down every website you have an account on and the username you used. This way, if you ever have to go back and remove some of this information, you know where to go.
Hiding yourself in the Internet is impossible. But following these five simple steps is an incredible start to preventing embarrassing or harmful content from hitting the mean Internet streets. The most important tool is to stay mindful of what you are putting out there and who will see it. If someone wants to find your deepest darkest secrets, the first place they are going to go is the Internet.