Three Basic Rules
Online bad actors have victimized most connected organizations. More than 3 years ago, then-Director of the FBI James Comey famously told 60 Minutes that there were two kinds of businesses, “those that have been hacked and those who don’t know it yet.”
Chances are that organizations who don’t think they’ve been phished just don’t know about it. A very old hacking technique of using hyperlinks that look legitimate but are not, phishing attacks have persistently grown in use and effectiveness. This despite known ways to avoid them.
Too much is at stake to be casual or passive about online security.
In fact, Bowling Green State University in Ohio learned that to its peril. In early 2017, the University’s security team, reacting to an alarming spike of hacking activity, changed its security policy to mandate what was formerly optional security best-practice.
Proactive measures are always beneficial to long-term security. When sensitive information is at stake, convenience should take a backseat to aggression.
Be proactive against online security threats in three ways
Take these 3 steps now to protect your business from advancing and persistent threats (APT):
- Be current in using patched or updated operating systems, BIOS and firewall(s). The major hardware and software companies regularly distribute updates to harden your security platform. Take advantage of this free and readily-accessible resource. For example, all computers with an Intel or AMD chip are vulnerable to the massively dangerous Spectre and Meltdown bugs. Operating system patches from Apple, Google, Linux and Microsoft have all been published. Install these updates in all your company, to all devices. Hardware manufacturers Asus, Dell, HP, IBM, Lenovo and others are releasing BIOS updates (if they haven’t already done so) to address the “speculative processing” flaw.
- Be smart about account access. The biggest vulnerability, after people themselves, is irresponsible access to email accounts. If the bad guys can access an employee email account, they can introduce massive risk to the enterprise. Media reports describe corporate bank fraud at the hands of hackers who made what appeared to be routine financial transaction requests to redirected bank accounts (source). Eliminate much of that vulnerability by imposing 2-Factor Authentication (2FA) on all devices outside the secure office campus. Most platforms support this technology that requires more than just a password, but also a one-time code, to access resources. Management should require all mobile devices to authenticate to its network via 2FA, especially for email accounts.
- Be wary of hyperlinks in emails. Phishing works by presenting hyperlinks that look right but aren’t. They usually hide a typo or mask their alternate domain. Web protocols allow phishers to present “ibm.com” but with a link to “lbm.com.” A casual observer won’t notice the difference. Clicking on a phishing link can install malware, capture user information, and perform any number of nefarious and harmful actions.
These three basic best practices should be implemented in every organization, but especially in those whose business depends on discretion and confidentiality. CapLinked’s own security officer maintains rigorous security standards, and insists on internal compliance.
Be assured of our best wish for your successful deals.