Strengthening Your Weakest Link
Posted on: July 18, 2019, by : WillCandler Rogers
The Reality of Interconnectivity
The technology we utilize on a daily basis, both in our personal and professional lives, is built for efficiency. Whether utilizing remote access to vital resources for our jobs or checking Facebook for forgotten birthdays, we are dependent upon the networks and devices that connect us. The convenience and utility of these services should not blind us to the reality of our vulnerability through them. An unseen war is waged on a daily basis, and the spoils of that war are data and access. Like it or not, unless you’re hand-delivering every communique to its intended recipient, you’ve already been drafted.
Basic Training
Knowing our own weaknesses, we can work to strengthen our defenses and minimize our risk. Identifying the structural vulnerabilities is usually as easy as taking a look in the mirror. Our devices are only as secure as the users they serve. Ensuring your users are implementing the best practices is the most important first step in securing your home or business.
The Secret Word Is..
According to last year’s Data Breach Investigations Report by Verizon, “81 % of hacking-related breaches leveraged either stolen and/or weak passwords.”1 That exact metric was absent from this year’s report. Brute force and dictionary attacks are proven tactics to breach systems with weak, easily guessed passwords. Simply changing these on a regular basis using safe standards can help protect against potential penetration. Brute force attacks usually progress from guessing simple to more complex guesses. Simply lengthening your passphrase can exponentially increase the time necessary to pick your digital lock. Simply doubling the length of a 6 character, all lowercase word to 12 increases cracking estimates from 0.01 hours to 77,148.56 days*2. Dictionary attacks target a more concentrated list of likely passwords. Avoiding things such as your name, business name, and commonly used phrases can better protect you. In conjunction, a long, complex password can make your credentials a more difficult target for would-be intruders. If available, coupling your login information with two-factor authentication offers another layer in your growing defensive arsenal.
Now or Later?
A secure password can deter intruders at the front gate, but what about the rest of the perimeter? That gate is useless of your rear flank is exposed. Ensuring your systems are up to date with the latest patches means you won’t be blindsided by attacks that prey on well known weaknesses. In the first half of 2017 the WannaCry worm infected Windows systems by exploiting a vulnerability. Even after an initial patch was released on March 14, the worm continued to spread to systems that had not been updated. Ransomware prevented affected users from accessing their own data such as financial statements and even medical records.3 It is the responsibility of the manufacturer to assess the potential misuse of their product, but because updates are at will, the onus of applying patches once released lies with the user of those products. Ensure you are familiar with who is responsible for implementing updates within the scope of your home or business. If the responsibility lies with you, speak directly with the vendors who support you. Know how far their support extends and take the necessary measures to complement their practices with your own. Identify the potential weaknesses in your perimeter so you can focus on the execution of your work, knowing you’ve prepared for common threats.
Permission to Enter
The battle between convenience and security is characterized best by the proliferation of remote access. Why wait for an appointment with a software vendor’s technician or try desperately to troubleshoot by phone when with a few clicks you can grant access to an available technician from virtually anywhere in the world in seconds. The risks involved can easily outweigh the benefits of instant support when one considers the environmental factors. It would be akin to tunneling outside your own defenses to seek aid from an ally. You can access the alternate entrance, but it doesn’t offer the same protections as your primary checkpoint. The NIST attests that the potential for misuse of remote access technology comes from not knowing the surroundings on the other side.4 The risk of a remote user being unauthorized can be minimized by practicing similar security standards for your figurative front gate. Two (or more) factor authentication helps to ensure that the user is the intended and authorized individual, not a threat with compromised credentials. Making sure each authorized user has a unique set of identifying login information can mean the difference between a contained breach and complete compromise of access. The only way to completely eliminate risk from infiltration through remote access is never to use it. Realistically, one should seek to reasonably minimize its utilization.www.advisorycloud.com/profile/Wolf-HaltonThe battle between convenience and security is characterized best by the proliferation of remote access. Why wait for an appointment with a software vendor’s technician or try desperately to troubleshoot by phone when with a few clicks you can grant access to an available technician from virtually anywhere in the world in seconds. The risks involved can easily outweigh the benefits of instant support when one considers the environmental factors. It would be akin to tunneling outside your own defenses to seek aid from an ally. You can access the alternate entrance, but it doesn’t offer the same protections as your primary checkpoint. The NIST attests that the potential for misuse of remote access technology comes from not knowing the surroundings on the other side.4 The risk of a remote user being unauthorized can be minimized by practicing similar security standards for your figurative front gate. Two (or more) factor authentication helps to ensure that the user is the intended and authorized individual, not a threat with compromised credentials. Making sure each authorized user has a unique set of identifying login information can mean the difference between a contained breach and complete compromise of access. The only way to completely eliminate risk from infiltration through remote access is never to use it. Realistically, one should seek to reasonably minimize its utilization.
No plan is perfect, but if you follow these best practices, you can take the first steps in risk reduction. Use the resources available to you through staff, vendors, and research to build a plan that fits your life.
The war for your data is persistent and unavoidable. The landscape may change, but the benefits of data security will not.
Let’s Talk about your security.. https://bit.ly/WolfHalton
===================================================
1. Verizon. 2017 Data Breach Investigations Report. www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf.
2.“Brute Force Calculator.” thyroid_gland [TUSOM | Pharmwiki], tmedweb.tulanThe Secret Word Is..e.edu/content_open/bfcalc.php?uc=./www.advisorycloud.com/profile/Wolf-Halton2.“Brute Force Calculator.” thyroid_gland [TUSOM | Pharmwiki], tmedweb.tulanThe Secret Word Is..e.edu/content_open/bfcalc.php?uc=.
3. “Ransom.Wannacry.” Symantec, www.symantec.com/security-center/writeup/2017-051310-3522-99.
4.Scarfone, Karen. “Security Concerns with Remote Access .” NIST, csrc.nist.gov/CSRC/media/Events/HIPAA-Security-Rule-Implementation-and-Assurance/documents/NIST_Remote_Access.pdf.
*Based upon a program making 25,769,803,776 guesses per hour.