Atlanta Cloud Technology
Are you paying too much for your phone service? Are you concerned that your employees are using their personal cell, reducing the reputation of your business? Would you like to have a free phone for each and every employee (this is a limited time item)
Send me your PDF phone bill, and my sales engineers can meet or exceed the service you are already using. I expect we can also save you money.
Email me your phone bill today (PDF only, please) wolf@atlantacloudtech.com
August 2019 – A new series of security books for business leaders from Atlanta Cloud Technology.
We hear the same questions over and over, and rather than making videos we decided to start a strategic security book series. The first in the series is How to Achieve Network Security: Using Risk Assessment and Game Theory to Protect Your Network.
Now, more than ever, Leaders such as yourself must incorporate heightened awareness of cybersecurity into your daily life. Many things can be automated, and there are people hired to keep breaches to a minimum in your offices. This handbook is intended to alert you to a surprising amount of control you can assert in the seemingly unending cyber-barrage on your networks, your company and personal devices, as well as your clients’ personally identifiable information.The author, Wolf Halton has been in Information Technology roles since before there was a named IT Industry. He holds a Master’s Degree in IT Project Management and Leadership with a focus on Information Security. He has consulted with colleges to create graduate degrees (Master’s and PhD) in IT Security. He has been lead author of four textbooks, a course, and about a dozen articles about the nuts and bolts of how systems are compromised (hacked). He spent six years working my way up from adjunct to acting chair of the School of Computer Networking at a technical college in Atlanta GA, where he taught penetration testing, Python programming, and operating systems. In the last few years he has worked with large companies in the Financial and Communications Industries as a Principal Security Architect, focused generally on Compliance and Policy.
Candler Rogers
The technology we utilize on a daily basis, both in our personal and professional lives, is built for efficiency. Whether utilizing remote access to vital resources for our jobs or checking Facebook for forgotten birthdays, we are dependent upon the networks and devices that connect us. The convenience and utility of these services should not blind us to the reality of our vulnerability through them. An unseen war is waged on a daily basis, and the spoils of that war are data and access. Like it or not, unless you’re hand-delivering every communique to its intended recipient, you’ve already been drafted.
Knowing our own weaknesses, we can work to strengthen our defenses and minimize our risk. Identifying the structural vulnerabilities is usually as easy as taking a look in the mirror. Our devices are only as secure as the users they serve. Ensuring your users are implementing the best practices is the most important first step in securing your home or business.
According to last year’s Data Breach Investigations Report by Verizon, “81 % of hacking-related breaches leveraged either stolen and/or weak passwords.”1 That exact metric was absent from this year’s report. Brute force and dictionary attacks are proven tactics to breach systems with weak, easily guessed passwords. Simply changing these on a regular basis using safe standards can help protect against potential penetration. Brute force attacks usually progress from guessing simple to more complex guesses. Simply lengthening your passphrase can exponentially increase the time necessary to pick your digital lock. Simply doubling the length of a 6 character, all lowercase word to 12 increases cracking estimates from 0.01 hours to 77,148.56 days*2. Dictionary attacks target a more concentrated list of likely passwords. Avoiding things such as your name, business name, and commonly used phrases can better protect you. In conjunction, a long, complex password can make your credentials a more difficult target for would-be intruders. If available, coupling your login information with two-factor authentication offers another layer in your growing defensive arsenal.
A secure password can deter intruders at the front gate, but what about the rest of the perimeter? That gate is useless of your rear flank is exposed. Ensuring your systems are up to date with the latest patches means you won’t be blindsided by attacks that prey on well known weaknesses. In the first half of 2017 the WannaCry worm infected Windows systems by exploiting a vulnerability. Even after an initial patch was released on March 14, the worm continued to spread to systems that had not been updated. Ransomware prevented affected users from accessing their own data such as financial statements and even medical records.3 It is the responsibility of the manufacturer to assess the potential misuse of their product, but because updates are at will, the onus of applying patches once released lies with the user of those products. Ensure you are familiar with who is responsible for implementing updates within the scope of your home or business. If the responsibility lies with you, speak directly with the vendors who support you. Know how far their support extends and take the necessary measures to complement their practices with your own. Identify the potential weaknesses in your perimeter so you can focus on the execution of your work, knowing you’ve prepared for common threats.
The battle between convenience and security is characterized best by the proliferation of remote access. Why wait for an appointment with a software vendor’s technician or try desperately to troubleshoot by phone when with a few clicks you can grant access to an available technician from virtually anywhere in the world in seconds. The risks involved can easily outweigh the benefits of instant support when one considers the environmental factors. It would be akin to tunneling outside your own defenses to seek aid from an ally. You can access the alternate entrance, but it doesn’t offer the same protections as your primary checkpoint. The NIST attests that the potential for misuse of remote access technology comes from not knowing the surroundings on the other side.4 The risk of a remote user being unauthorized can be minimized by practicing similar security standards for your figurative front gate. Two (or more) factor authentication helps to ensure that the user is the intended and authorized individual, not a threat with compromised credentials. Making sure each authorized user has a unique set of identifying login information can mean the difference between a contained breach and complete compromise of access. The only way to completely eliminate risk from infiltration through remote access is never to use it. Realistically, one should seek to reasonably minimize its utilization.www.advisorycloud.com/profile/Wolf-HaltonThe battle between convenience and security is characterized best by the proliferation of remote access. Why wait for an appointment with a software vendor’s technician or try desperately to troubleshoot by phone when with a few clicks you can grant access to an available technician from virtually anywhere in the world in seconds. The risks involved can easily outweigh the benefits of instant support when one considers the environmental factors. It would be akin to tunneling outside your own defenses to seek aid from an ally. You can access the alternate entrance, but it doesn’t offer the same protections as your primary checkpoint. The NIST attests that the potential for misuse of remote access technology comes from not knowing the surroundings on the other side.4 The risk of a remote user being unauthorized can be minimized by practicing similar security standards for your figurative front gate. Two (or more) factor authentication helps to ensure that the user is the intended and authorized individual, not a threat with compromised credentials. Making sure each authorized user has a unique set of identifying login information can mean the difference between a contained breach and complete compromise of access. The only way to completely eliminate risk from infiltration through remote access is never to use it. Realistically, one should seek to reasonably minimize its utilization.
No plan is perfect, but if you follow these best practices, you can take the first steps in risk reduction. Use the resources available to you through staff, vendors, and research to build a plan that fits your life.
The war for your data is persistent and unavoidable. The landscape may change, but the benefits of data security will not.
Let’s Talk about your security.. https://bit.ly/WolfHalton
===================================================
1. Verizon. 2017 Data Breach Investigations Report. www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf.
2.“Brute Force Calculator.” thyroid_gland [TUSOM | Pharmwiki], tmedweb.tulanThe Secret Word Is..e.edu/content_open/bfcalc.php?uc=./www.advisorycloud.com/profile/Wolf-Halton2.“Brute Force Calculator.” thyroid_gland [TUSOM | Pharmwiki], tmedweb.tulanThe Secret Word Is..e.edu/content_open/bfcalc.php?uc=.
3. “Ransom.Wannacry.” Symantec, www.symantec.com/security-center/writeup/2017-051310-3522-99.
4.Scarfone, Karen. “Security Concerns with Remote Access .” NIST, csrc.nist.gov/CSRC/media/Events/HIPAA-Security-Rule-Implementation-and-Assurance/documents/NIST_Remote_Access.pdf.
*Based upon a program making 25,769,803,776 guesses per hour.
There are a lot of choices available in these days of cloud computing. There are too many choices for a busy executive. Your world has always been complex, and your days are full of decisions. Atlanta Cloud Tech was created to help you make sense of your cloud choices and to support your decisions with data and common sense. Cyber-Security can actually be fun, but you have to be able to see the challenge as a game rather than a military engagement. Game Theory models give us better ways to respond to the constant flow of Cyber-play that has your customers’ data as their goal.