Monday

Category: Risk

Ransomware Response Procedures

Ransomware is a type of malicious software that encrypts your files and demands a ransom to restore them. It can cause serious damage to your data, your privacy and your finances. If you discover that your computer has ransomware, you need to act quickly and follow these 10 steps:

  1. Disconnect your computer from the internet and any other devices. This will prevent the ransomware from spreading to other machines or contacting its command-and-control server.
  2. Identify the type and variant of ransomware that infected your computer. You can use online tools such as ID Ransomware or other reputable sites to upload a ransom note or an encrypted file and get information about the ransomware.
  3. Check if there is a decryption tool available for the ransomware that infected your computer. Some security researchers and companies have created free tools that can decrypt some types of ransomware. You can find a list of such tools on various security-related websites, like Avast, Emsisoft, Kaspersky, McAfee, Trend Micro, or other solutions.
  4. If there is no decryption tool available, try not to pay the ransom. It may not be possible to recover the encrypted files, so you may feel the need to pay the ransom. Paying the ransom does not guarantee that you will get your files back, and it may encourage the attackers to target you again. Moreover, you may be breaking the law by funding criminal activity.
  5. Remove the ransomware from your computer. You can use an antivirus or anti-malware program to scan your computer and remove any traces of the ransomware. You may need to boot your computer in safe mode or use a bootable USB drive to run the scan.
  6. Restore your files from a backup, if you have one. The best way to recover from a ransomware attack is to have a backup of your important files that are stored offline or on a separate device. If you have such a backup, you can quickly restore your files after removing the ransomware from your computer.
  7. Change your passwords and enable multi-factor authentication. The ransomware may have stolen your credentials or installed a keylogger on your computer, so you should change your passwords for all your online accounts and enable multi-factor authentication where possible.
  8. Update your operating system and applications. The ransomware may have exploited a vulnerability in your software to infect your computer, so you should update your operating system and applications to the latest versions and apply any security patches.
  9. Educate yourself and others about ransomware prevention. The best way to avoid ransomware is to prevent it from infecting your computer in the first place. You should learn how to recognize phishing emails, avoid clicking on suspicious links or attachments, and use reputable security software.
  10. Report the incident to the authorities and seek professional help if needed. You should report the ransomware attack to the relevant authorities in your country or region, as they may be able to assist you or investigate the attackers. You should also seek professional help from a trusted IT expert or a security company if you need assistance with removing the ransomware or recovering your files.

5 Tips to Secure Digital Devices in High-Risk Situations

Traveling to a high-risk area can expose your electronic devices to hacking or data theft risks. Here are five recommended steps to secure your devices and protect your sensitive information.

  1. Back up your data before you travel – Make sure you have a copy of your important files and documents in a secure cloud service or an external hard drive. Don’t bring the backup to the risky area, which will help preserve a copy of critical data if your data so you can restore your data if your device is lost, stolen, or compromised.
  2. Encrypt your devices and use strong passwords – Encryption is a process that scrambles your data and makes it unreadable without a key or a password. You can encrypt your entire device or specific folders and files. Use a strong password that is hard to guess and different for each device and account. You can also use a password manager to store and generate passwords securely.
  3. Disable or remove unnecessary features and apps – Some features and apps on your devices can make you more vulnerable to hacking or data theft. For example, Bluetooth, Wi-Fi, GPS, and NFC can be used to track your location or access your data without your permission. Disable or remove these features and apps when you are not using them or when you are in a public place.
  4. Use a VPN and avoid public Wi-Fi networks – A VPN (virtual private network) is a service that creates a secure connection between your device and the internet. It encrypts your data and hides your IP address, making it harder for hackers or third parties to intercept or monitor your online activity. Avoid using public Wi-Fi networks, such as those in hotels, airports, or cafes, as they are often unsecured and can expose your data to hackers or malicious software.
  5. Be vigilant and cautious – The most important step to secure your devices is to be aware of the potential risks and take precautions to avoid them. Do not leave your devices unattended or lend them to strangers. Do not open suspicious emails or attachments or click on unknown links. Do not download or install software from untrusted sources. Do not enter sensitive information on websites that are not secure (look for the padlock icon and https in the address bar). If you notice any signs of hacking or data theft, such as unusual activity, pop-ups, or messages, disconnect from the internet and scan your device for malware.

Disabling or Uninstalling Unnecessary Services and Apps in Windows 10

Windows 10 is a powerful and versatile operating system that offers many features and functionalities. However, not all of them are necessary or useful for every user. In fact, some of the services and apps that come preinstalled or run in the background can pose security risks or slow down your system performance.

In this blog post, we will describe which unnecessary services and apps you should disable or remove from Windows 10 for security reasons. We will also explain how to do it safely and easily.

What Are Windows Services?

Windows services are programs that run in the background and provide essential functions for the operating system, such as networking, security, printing, etc. They usually start automatically when you boot up your computer and run until you shut it down.

What Are Windows Apps?

Windows apps are applications that you can install from the Microsoft Store or other sources. They are designed to work with the modern user interface of Windows 10 and offer various functionalities, such as games, productivity tools, social media, etc.

Why Should You Disable or Remove Unnecessary Services and Apps?

There are several reasons why you may want to disable or remove unnecessary services and apps from Windows 10:

  • Security – Some services and apps may have vulnerabilities that can be exploited by hackers or malware. For example, the Remote Desktop service can allow remote access to your computer if it is not configured properly. The Bluetooth service can expose your device to wireless attacks if you don’t use it. Some apps may also collect your personal data or display unwanted ads.
  • Performance – Some services and apps may consume a lot of system resources, such as CPU, RAM, disk space, etc. This can affect your system speed and responsiveness, especially if you have a low-end device or multiple programs running at the same time.
  • Privacy – Some services and apps may send your data to Microsoft or other third-party servers for various purposes, such as diagnostics, feedback, advertising, etc. This can compromise your privacy and expose your online activities to others.
  • Storage – Some services and apps may take up a lot of disk space on your device, especially if they are rarely used or updated. This can limit your available storage space for other files and programs.

Which Services and Apps Should You Disable or Remove?

Continue reading “Disabling or Uninstalling Unnecessary Services and Apps in Windows 10”

10 Steps to Securely Configuring Windows 10

Windows 10 is the most popular operating system in the world, but it also comes with some security risks. If you want to protect your data and privacy, you need to configure Windows 10 for security. Here are 10 steps you can follow to make your Windows 10 more secure.

  1. Update Windows 10 regularly – Windows 10 updates often include security patches and bug fixes that can prevent hackers from exploiting vulnerabilities in your system. To check for updates, go to Settings > Update & Security > Windows Update and click on Check for updates. If there are any available updates, install them as soon as possible.
  2. Use a strong password and a PIN – A strong password is one that is long, complex, and unique. It should include a mix of uppercase and lowercase letters, numbers, and symbols. A PIN is a four-digit code that you can use to unlock your device instead of typing your password. To set up a password and a PIN, go to Settings > Accounts > Sign-in options and choose Password and PIN. Make sure you don’t use the same password or PIN for other accounts or devices.
  3. Enable BitLocker encryption – BitLocker is a feature that encrypts your hard drive, making it unreadable to anyone who doesn’t have the right key. This can protect your data in case your device is lost, stolen, or hacked. To enable BitLocker, go to Settings > System > About and click on Device encryption. If your device supports BitLocker, you will see a Turn on button. Click on it and follow the instructions.
  4. Use Windows Defender Firewall and antivirus – Windows Defender Firewall is a feature that blocks unauthorized network connections, preventing hackers from accessing your device or data. Windows Defender antivirus is a feature that scans your device for malware and removes any threats. To use Windows Defender Firewall and antivirus, go to Settings > Update & Security > Windows Security and click on Firewall & network protection and Virus & threat protection. Make sure they are both turned on and up to date.
  5. Enable two-factor authentication – Two-factor authentication is a feature that adds an extra layer of security to your online accounts. It requires you to enter a code or use an app on your phone after entering your password, verifying your identity. To enable two-factor authentication, go to Settings > Accounts > Sign-in options and click on Security key or Windows Hello. Follow the instructions to set up your preferred method of two-factor authentication.
  6. Use a VPN service – A VPN service is a feature that encrypts your internet traffic, hiding your IP address and location from prying eyes. This can protect your privacy and security when you use public Wi-Fi or access geo-restricted content. To use a VPN service, you need to download and install a VPN app from the Microsoft Store or a trusted website. Then, launch the app and connect to a server of your choice.
  7. Disable unnecessary services and apps – Some services and apps that come with Windows 10 may not be essential for your needs, but they can consume resources and pose security risks. To disable unnecessary services and apps, go to Settings > Apps > Apps & features and click on the service or app you want to uninstall or modify. You can also go to Settings > Privacy and review the permissions that each app has access to.
  8. Use a secure browser and extensions – A secure browser is one that protects your online activity from trackers, ads, and malicious websites. A secure extension is one that enhances the functionality of your browser without compromising your security or privacy. To use a secure browser and extensions, you can choose one of the following options:
    • Use Microsoft Edge, which is the default browser for Windows 10. It has features like SmartScreen, Tracking Prevention, InPrivate mode, and Password Monitor that can improve your security and privacy.
    • Use Google Chrome, which is the most popular browser in the world. It has features like Safe Browsing, Incognito mode, Password Checkup, and Sync that can improve your security and privacy.
    • Use Mozilla Firefox, which is the most privacy-focused browser in the world. It has features like Enhanced Tracking Protection, Private Browsing mode, Lockwise, and Monitor that can improve your security and privacy.
  9. Backup your data regularly – Backing up your data is a feature that copies your files to another location, such as an external hard drive or a cloud service. This can protect your data from accidental deletion, corruption, or ransomware attacks. To protect your data regularly, go to Settings > Update & Security > Backup and click on Add a drive or Backup options. Choose where you want to store your backup files and how often you want to backup.
  10. Educate yourself on cyber threats and best practices – The most important feature for securing your Windows 10 is your own knowledge and awareness. You need to learn how to recognize and avoid common cyber threats, such as phishing, malware, or social engineering. You also need to follow best practices, such as using strong passwords, updating your software, and locking your device when not in use. You can find more information and tips on how to secure your Windows 10 on the Microsoft website or other reputable sources.

Updating Cisco AnyConnect VPN Client

Cisco AnyConnect VPN client is software that allows you to securely connect to your organization’s network from any location. It is important to keep the VPN client updated to ensure optimal performance and security. In this article, we will show you how to deploy the updated Cisco AnyConnect VPN client to your users using the following steps:

  1. Download the latest version of Cisco AnyConnect VPN client from the Cisco website. You will need a valid Cisco account and a license to access the download page. Choose the appropriate installer for your operating system and architecture (32-bit or 64-bit).
  2. Log in to your Cisco Adaptive Security Appliance (ASA) device using a web browser or a SSH client. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Software.
  3. Click Add and browse to the location where you saved the downloaded installer file. Select the file and click Upload. The ASA will verify the file and add it to the list of available AnyConnect packages.
  4. Click Apply to save the changes. You can also optionally configure the ASA to automatically update the AnyConnect client on the user’s device when they connect to the VPN. To do this, go to Configuration > Remote Access VPN > Network (Client) Access > Group Policies and edit the default group policy or create a new one.
  5. Under Advanced > AnyConnect Client, check the Enable Auto Update box and select the desired update method (User Controllable, Automatic, or Manual). Click OK and Apply to save the changes.
  6. Inform your users that they can download and install the updated Cisco AnyConnect VPN client from the ASA web portal or from their existing client application. They will need to enter their credentials and accept the terms and conditions before proceeding with the installation.
  7. Once installed, the users can launch the Cisco AnyConnect VPN client from their desktop or start menu and connect to your organization’s network using their credentials and any additional authentication methods required by your security policy.

History and Status of the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was created in response to the rapid growth of credit card transactions in the 1990s causing thousands of small companies to start storing credit card data and processing consumer transactions on unprotected networks.  Since many of these small businesses didn’t know how to properly secure these credit card transactions, it also led to a rapid increase in data theft and a growing concern from banks and credit card companies about ways to protect their brand and consumer accounts. In an effort to resolve the growing concern around payment card fraud and cybercrime in general, industry leaders such as Visa, MasterCard, and American Express got together and created a global security standard to protect online card payments.

The PCI DSS standard was established to set basic guidelines and requirements around how businesses must create a safer cardholder data environment, using basic requirements to drive minimum requirements around security that would lead to more secure business systems. As the standard evolved and procedures more refined, PCI DSS became an internationally accepted standard for all merchants and service providers.

PCI DSS History

PCI DSS was introduced in December 2004, after Visa and other brands had introduced their own standards.  These brand-specific standards weren’t well received by merchants and service providers, since these were small companies that didn’t need the confusion of multiple standards.

Continue reading “History and Status of the PCI DSS”

How to Create a Secure Windows 10 Workstation for Beginners

If you are new to Windows 10 and want to create a secure workstation for your personal or professional use, this blog post is for you. In this post, I will show you how to set up a Windows 10 workstation with some basic security features that will help you protect your data and privacy. Here are the steps you need to follow:

Continue reading “How to Create a Secure Windows 10 Workstation for Beginners”

IT Security Manager Responsibilities

What are the day-to-day responsibilities of an IT Security Manager?

An IT Security Manager is a technology professional who oversees the security of an organization’s information systems and networks. They are responsible for planning, implementing, and monitoring security policies and procedures to protect the organization from cyber threats and ensure compliance with relevant regulations and standards.

An IT Security Manager requires a combination of technical skills, such as knowledge of network security, encryption, firewalls, antivirus software, etc., and soft skills, such as communication, leadership, problem-solving, teamwork, etc. An IT Security Manager typically has a bachelor’s degree in computer science, information technology, cybersecurity or equivalent business experience. They may also have relevant certifications (CISSP, CISM, Security+, CASP+, CEH, etc.) to demonstrate specific skills and knowledge. An IT Security Manager may work for various types of organizations, such as government agencies, corporations, nonprofits, educational institutions, etc., depending on their industry and size.

Continue reading “IT Security Manager Responsibilities”

Top 10 Cybersecurity Team Effectiveness Metrics

What are the top 10 metrics used to measure cybersecurity team effectiveness?

Cybersecurity is a vital aspect of any organization that relies on digital systems and networks. However, measuring the effectiveness of a cybersecurity team can be challenging, as there are many factors and variables involved. In this blog post, we will explore some of the most common and useful metrics that can help assess how well a cybersecurity team is performing and where they can improve.

1. Mean time to detect (MTTD) – This metric measures how quickly a cybersecurity team can identify a potential threat or incident. The lower the MTTD, the better, as it means that the team can respond faster and minimize the damage.
2. Mean time to respond (MTTR) – This metric measures how quickly a cybersecurity team can contain and resolve a threat or incident. The lower the MTTR, the better, as it means that the team can restore normal operations and reduce the impact.
3. Mean time to recover (MTTR) – This metric measures how quickly a cybersecurity team can restore the affected systems and data after a threat or incident. The lower the MTTR, the better, as it means that the team can resume business continuity and reduce the downtime.
4. Number of incidents – This metric measures how many threats or incidents a cybersecurity team has to deal with in a given period. The lower the number of incidents, the better, as it means that the team has a strong security posture and can prevent most attacks.
5. Severity of incidents – This metric measures how serious or damaging a threat or incident is for an organization. The lower the severity of incidents, the better, as it means that the team can mitigate most risks and protect the most critical assets.
6. Incident response rate – This metric measures how many threats or incidents a cybersecurity team can successfully handle in a given period. The higher the incident response rate, the better, as it means that the team has enough resources and capabilities to deal with all challenges.
7. Incident resolution rate – This metric measures how many threats or incidents a cybersecurity team can successfully resolve in a given period. The higher the incident resolution rate, the better, as it means that the team has effective processes and tools to eliminate all threats.
8. Cost of incidents – This metric measures how much money an organization loses due to threats or incidents in a given period. The lower the cost of incidents, the better, as it means that the team can minimize the financial losses and optimize the security budget.
9. Customer satisfaction – This metric measures how satisfied an organization’s customers are with its security performance and service quality. The higher the level of customer satisfaction, the better, as it means that the team can meet or exceed customer expectations and build trust and loyalty.
10. Employee satisfaction – This metric measures how satisfied an organization’s employees are with its security culture and environment. The higher the employee satisfaction, the better, as it means that the team can foster a positive and collaborative atmosphere and retain talent.

These are some of the most common and useful metrics that can help measure cybersecurity team effectiveness. However, they are not exhaustive or definitive, and each organization may have different goals and priorities when it comes to security. Therefore, it is important to customize and adapt these metrics according to each organization’s specific needs and context.

How to Detect a New Domain Controller in Your Network

Some malware can create a Domain Controller to infect your network and steal data. DCShadow is a late-stage kill chain attack that allows an attacker with compromised privileged credentials to register a rogue Active Directory (AD) domain controller (DC). Then the adversary can push any changes they like via replication — including changes that grant them elevated rights and create persistence. It can be extremely difficult to detect a new Domain Controller, so you need to know how to find one if you suspect an infection.

Overview

A domain controller is a server that manages the security and authentication of users and computers in a domain. A domain is a logical grouping of network resources that share a common name and directory database. A new domain controller can be added to a domain for various reasons, such as increasing redundancy, improving performance, or expanding the network.

However, a new domain controller can also pose a security risk if it is not authorized or configured properly. An unauthorized domain controller can compromise the security of the entire domain by granting access to unauthorized users or computers, or by intercepting and modifying network traffic. Therefore, it is important to detect and monitor any new domain controllers in your network.

In this blog post, we will show you how to detect a new domain controller in your network using some simple tools and techniques. We will assume that you have administrative privileges on your network and that you are familiar with basic Windows commands and PowerShell.

Use the Netdom Command

The netdom command is a Windows command-line tool that can be used to manage domains and trust relationships. One of the functions of the netdom command is to list all the domain controllers in a domain. To use the netdom command, you need to open a command prompt as an administrator and type the following command:

netdom query dc

This command will display all the domain controllers in your current domain. You can also specify a different domain name after the dc parameter if you want to query another domain. For example:

netdom query dc example.com

The output of this command will look something like this:

List of domain controllers with accounts in the domain:

DC1DC2DC3The command completed successfully.

You can compare this output with your previous records or expectations to see if there is any new or unexpected domain controller in your domain. If you find one, you should investigate further to determine its origin and purpose.

Use the Get-ADDomainController PowerShell Cmdlet

The Get-ADDomainController PowerShell cmdlet is another tool that can be used to retrieve information about domain controllers in a domain. To use this cmdlet, you need to open a PowerShell window as an administrator and type the following command:

Get-ADDomainController -Filter *

This command will display all the domain controllers in your current domain along with some additional information, such as their name, site, operating system, IP address, and roles. You can also specify a different domain name after the -Server parameter if you want to query another domain. For example:

Get-ADDomainController -Filter * -Server example.com

The output of this command will look something like this:

DistinguishedName : CN=DC1,OU=Domain Controllers,DC=eexample, DC comDNSHostName : DC1.example.comEnabled : TrueName : DC1ObjectClass : computerObjectGUID : 12345678-1234-1234-1234-123456789012SamAccountName : DC1$SID : S-1-5-21-1234567890-1234567890-1234567890-1000Site : Default-First-Site-NameOperatingSystem : Windows Server 2019OperatingSystemVersion : 10.0 (17763)Forest : example.comDomain : example.comIPv4Address : 192.168.1.1IPv6Address : fe80::1234:5678:90ab:cdef%12IsGlobalCatalog : TrueIsReadOnly : FalseIsSeized : FalseRoles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}DistinguishedName : CN=DC2,OU=Domain Controllers,DC=example, DC ComDNSHostName : DC2.example.comEnabled : TrueName : DC2ObjectClass : computerObjectGUID : 23456789-2345-2345-2345-234567890123SamAccountName : DC2$SID : S-1-5-21-2345678901-2345678901-2345678901-1000Site : Default-First-Site-NameOperatingSystem : Windows Server 2019OperatingSystemVersion : 10.0 (17763)Forest : example.comDomain : example.comIPv4Address : 192.168.1.2IPv6Address : fe80::1235:5678:90ac:cdef%12IsGlobalCatalog : TrueIsReadOnly : FalseIsSeized : FalseRoles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}

You can also use Event ID 4742 in your Security log to monitor the changes to your registered Domain Controllers. This event shows which user initiated the change, so you know which Domain Administrator account is being used to perform the attack.

How to Report Smishing to Your Cell Phone Service Provider

Smishing is a type of phishing scam that targets your cell phone through text messages. The goal of smishing is to trick you into clicking on a malicious link, downloading a harmful attachment, or revealing your personal or financial information.

Smishing can be very dangerous and costly, as it can expose you to identity theft, fraud, malware, or unwanted charges on your phone bill. It is important to know how to report smishing to your cell phone service provider if you receive a suspicious text message.

Here are the step-by-step instructions for reporting smishing to your cell phone service provider:

Continue reading “How to Report Smishing to Your Cell Phone Service Provider”

10 Steps to Protect Backup Servers from Ransomware

Ransomware is everywhere, and you must accept that your organization is a target of cyber-criminals looking for a payday. You must think about your backups and what you are doing to protect your precious backups from attack.

As a general rule, ransomware attacks are mass attacks, where cyber-criminals are targeting common and relatively soft implementations. Sophisticated targets with knowledgeable administrators are a less attractive target for them, so just a few simple configuration changes and some thoughtful procedures can really limit an attacker’s success.

Here are 10 steps you can perform to help protect your backups during an attack:

Continue reading “10 Steps to Protect Backup Servers from Ransomware”

Windows Security Checklist for Home Systems

While your IT Department may have a handle on enterprise security, not everyone is technical enough to feel confident that their home computer systems are secure from attack. Many people wonder where is the best place to start, what steps they can take that will make the most impact, and which systems are most likely to need attention.

While there are literally hundreds of settings you can alter and fine tune to adjust your specific system settings, we are going to focus on general security actions you can look into, each helping build a general security mindset that will hopefully get you started without feeling overwhelmed. As you begin with general security changes, you will become more confident in your abilities and less worried that you are breaking anything.

General Considerations

  1. Router – All the devices on your home network communicate with the router. This is the device usually supplied by your internet provider, that allows your home computers to access the internet. This is the access point where most attacks are going to come from, so you want to start here to make sure you have a secure connection to the internet.
    • The router has an administrator-level account, and you must change the default password so that an attacker can’t access your router and disable any security settings.
    • You’ll also want to check if the router is updated with the latest firmware. As vulnerabilities are discovered, the router vendor will provide updated software and you want to make sure your router is patched. This can usually be configured so the router will automatically install new patches, but sometimes this must be manually performed. You’ll want to make sure you investigate these settings and configure them appropriately.
    • You should also disable remote administrator access to your router. This will prevent an attacker from logging into your router unless they are directly connected to the router from your home network. If you need help from your internet provider, they will contact you anyway, so you can grant them access if you need their remote help.
    • You can search the internet with the specific make and model of your router to get the user’s manual or recommended settings.
  2. Wi-Fi Security Settings – Many routers include Wi-Fi, which allows your home computers to connect to the router wirelessly so you can easily access the internet. You’ll need to check the security on your wireless network to enable the basic security features.
    • In Security Settings, create a name for the Wi-Fi network (SSID) and a complex password, and then select a type of encryption, like WAP2. Do not name your Wi-Fi network something that can easily be associated with you, such as your last name or address.
    • When possible, you’ll want to use AES on top of WPA2. Advanced Encryption Standard is a newer encryption standard that should be available on routers built after 2006.
    • Wi-Fi Protected Setup (WPS) was created with the intention of making the user experience easier and quicker when connecting new devices to the network. It works on the idea that you press a button on the router and a button on the device. This makes both devices attempt to pair automatically. You’ll want to disable this feature, if possible, because it has a history of security issues.
    • You can also sometimes create a separate guest Wi-Fi network, if supported by your router. A separate guest network has some advantages, like not having access between the two networks. It not only provides your guests with a unique SSID and password, but it also restricts guests from accessing your primary network where your connected devices live. You never have to disclose your main Wi-Fi network password to guests or visitors since they only need to know the guest Wi-Fi password. You can easily change the guest Wi-Fi password when your guest leaves without having to log all your other devices back into the network.
    • You might also want to consider the Wi-Fi signal power. If people can detect your Wi-Fi from across the street or in a nearby home, there is a risk that they will also attempt to log into your network. You can sometimes adjust the router signal strength or physical placement of the hardware to reduce that risk.
  3. System Update – Now that you have a relatively secure network, you can start looking at the devices connected to that network. It used to be a network used from a laptop or desktop computer, but today you can have a multitude of devices that are connected for internet access. You can have a smart thermostat, doorbell camara, video game console, cellphone, coffeemaker, etc.
    • For each system involved, you’ll need to log into the device and make sure you understand how to check for firmware and operating system updates and attempt to configure the device to automatically check for and apply vendor updates, if possible.
    • For each system involved, review the available security and privacy settings to make sure the device meets recommended settings. Vendor websites are a good resource to help you complete this step.
    • This might also be a good time to determine if the device really needs internet access. If the device is using internet access just to allow you to remotely access the device from the internet, for example, you need to ask yourself if you ever plan on using this feature. If you don’t need the feature, you may be able to disconnect the device from your network and reduce your overall risk profile.
  4. Security Suite – For your major devices like laptops and desktops, you should install and properly configure anti-malware and anti-virus software. There are various free versions available, so research a few vendors and find a solution that meets your needs. Make sure you use a vendor that you can trust.
    • Installing an anti-virus solution with default settings is rarely enough to really protect your computer. You’ll want to look at the available settings and properly configure the solution to provide the security you are expecting. Many vendors will guide you to using the best settings.
  5. Installed Programs – Review each program installed on the computers on your network and determine if those programs are still needed.
    • Maybe you installed a game a few years ago and haven’t used it since that one boring weekend. Now is a good time to uninstall or delete all the unneeded programs that are not essential.
    • If the program doesn’t look like something you need, and an internet search doesn’t answer the question around why it is installed, now is a good time to remove the program. It can be difficult to research something you don’t recognize, but a good internet search should answer your questions.
    • Now that you know what should be installed, a periodic check would help you quickly recognize when something new and unauthorized has been installed. If you do a periodic visual scan of installed applications every couple of months, this will be an easy security check to keep the device as clean and secure as possible.
  6. Program Updates – On your computer, you probably have several programs installed that you may not use very frequently. This could include word processing or spreadsheet suites, but it might also include specialized utilities or even games. All of these need to be patched because vendors periodically update their software to add new features and remove security vulnerabilities.
    • Check each application to see if patching can be automated. There should be a way to manually check for updates, but an automated check will make this process much easier.
    • If the program is older or doesn’t support regular updates, you should consider uninstalling or deleting the application. Each situation is unique, but you need to evaluate the risk if that one old program were compromised and allowed remote access to your computer.
  7. Password Hygiene – Now is also a good time to determine if you need to change your passwords. Easy to remember passwords are usually easy to guess passwords. You should really think about what makes a good password and make sure you change all your passwords to meet current best practice guidelines.
    • You can read more about selecting a better password here. You’ll want to select a really good and unique password for every account. You may need a password manager to store all your passwords, which can encourage longer and more random password selection.
    • Never use the same password for two different accounts. If you are using the same password for LinkedIn as you use for Netflix, if one account is compromised the attacker can use that same password to log into potentially sensitive information from a different account.
    • If you haven’t changed the password recently (within the last 90 days) then change the password now. That will make sure that starting today you are following best practice with your password selection.
    • If you hear one of your online accounts may have been compromised, don’t wait for the service to contact you with the bad news. It takes only a couple of minutes to change a password.
    • If you no longer use the online service, see if the online account allows you to delete or disable the account to reduce your online risk profile.
  8. Firewall Rules – Each computer you use probably has a firewall installed. The Windows Firewall is rarely used and it can be a great tool for limiting online access to your computer. You can essentially use the Windows Firewall to block remote access to your computer using specific ports and protocols, which can make a remote attack very difficult. It can be a little technical on how to configure the Windows Firewall correctly, so make sure you do your research and take notes on any changes you make so you can undo the changes if you find something has stopped working.
    • You can read more about how to get started with the Windows Firewall here. Don’t be afraid to do some internet searches to find some recommended settings.
  9. File Backup – So you have your home network secured, and the devices on that network are also more secure, and the accounts used to log into those devices are more secure. That is all great news, and you can continue to improve on that security as you learn more and have more technical confidence. But you are not completely safe, because a determined attacker is probably more technical than you and knows more tricks to successfully attack your systems. All is not lost, because you can create a fail-safe plan for recovery even if your files are deleted, scrambled, or encrypted to prevent your immediate access.
    • Backup your important files to a safe location. You can manually backup your files to an external disk drive or thumb drive. While not perfect, it can be a cheap and effective way to keep an external copy of important files where an attacker can’t find them. Just be sure to remove the external drive every time you finish the manual backup. Some people store the external drive in a fireproof safe.
    • An online backup service can make automated backups to a secure folder on the internet fast, easy, and low cost. While the amount of space available and cost can vary widely, a little shopping around can allow your entire family to back up their computers for about $100 a year. That is an inexpensive insurance policy if things go sideways.
  10. New Devices – While all the about steps will take some time and energy, you have to remember that this isn’t a one-time effort. As you add new devices to your home network, you have to review these steps again to make sure the new device isn’t the weakest link in your home network.

Protecting your family starts with taking responsibility for your home security, and that includes your home network. If you perform all these steps, you are well on your way to a safer and more reliable home network.

The Future of Risk, Compliance, and Governance (GRC)

 

After two years of a global pandemic, mature organizations must implement a Risk, Compliance, and Governance (GRC) program that provides visibility into existing and emerging risks, helps simplify the understanding and communication of risks across the business, provides actionable risk intelligence to decision makers, and ensures an agile response to unknown threats. This is the path forward if a business wants to thrive in today’s highly unsettled business environment.

As businesses look forward to what new threats exist, they find themselves asking what is the next major risk event that they should be prepared to respond to or geopolitical event that will immediately impact their business strategy. We can always predict the next event, or how successful our response will be to minimize the business impact, but we can prepare for the worst and hope for the best, and that requires some basic preparation.

Risks are Connected

With the interconnected nature of modern business systems, you have to understand that everything is interconnected today.  The intersection of systems, people, various projects, organizations, and risks among cybersecurity, third-party teams, compliance efforts, operational risks continue to be more complex and difficult to quantify as systems get more complex and interconnected in the future. You cannot look at these risks as isolated to specific systems or personnel, but as all interrelated and connected to provide a complete risk picture. Continue reading “The Future of Risk, Compliance, and Governance (GRC)”

%d bloggers like this: