When I was at another job a few years ago, I remember watching in disbelief as all the files on my PC were encrypted. A note popped up saying that I had joined some “community” and that I had to pay a fee to see my now encrypted files. I shut down the PC and called my IT guy, who told me my files were probably toast. However, by shutting down quickly, I saved the root files; my IT hero removed the virus and restored my computer.
I was lucky. Others are not. As Senior Editor Pat Waurzyniak related in two excellent features on cybersecurity (ME, October and December 2017), data, trade secrets and personal information are at risk every time you go on the Internet. In my case, I hadn’t opened suspicious email, but I apparently visited a compromised website. That’s all it took.
So what can you do? Play defense—and lots of it.
Cybersecurity experts at EDGE2017, held in October 2017 in Knoxville, TN, offered good ideas. They noted cybersecurity is not a nuisance—it’s a necessity. While humans (like me) let the bad guys in, they can also help keep them out.
According to Scott Augenbaum, special agent for the FBI, 90% of the issues he deals with could have been prevented by securing email accounts. “The bad guys are stealing email usernames and passwords—the keys to your crown jewels.” The lesson? Don’t use the same password for multiple platforms and use two-factor authentication.
Another tip—be proactive. Regularly installing security patches, cyberthreat training, and data recovery plans are key.
“When critical data are compromised, being able to recover that data [with] a resilient backup strategy is everything,” said Tony Rucci, director of information security and threat intelligence for Information International Associates Inc. He added that companies should practice recovering their data.
Finally, having a security department is not enough—everyone should be involved: “A company of 100,000 employees [may] have 100 security employees,” said Ben Johnson, co-founder of Carbon Black and co-founder and CTO of Obsidian Security. “That’s a 1000 to 1 ratio. The more employees and management get involved, the better.”
So, maybe your New Year’s resolution should be to practice safe surfing. And change your passwords!