We are a civilization built on trust. We MUST trust, to survive. That trust is intrinsically being challenged. Here are three examples of under-the-radar sorts of trust that we build on.
- We trust the directions we get at a gas station.
- We trust that our sports teams will one day succeed. Even if they don’t make the playoffs this year, they will one day.
- We trust that when we dial 911, an emergency operator, trained in how to handle emergency moments, will answer the phone.
We have other institutions that society used to trust but no longer trusts.
- We no longer trust the media and individual journalist’s ability to let us know what is really happening. We were told how the presidential election would play out by countless pundits only to discover that they were off base.
- We don’t trust our leaders' ability to ascertain what is really important to us. We hear of what they are doing during the day and can’t fathom why they aren’t working on the problems that oftentimes, most people perceive they should be working on.
At the core of all the trust references above is the art of communication. Those who clearly hear and see what is happening can get a head start with the formulation of their message. Those who get their messages intercepted or hijacked are often irreparably damaged. To that end, I make this hypothesis.
Without making cyber security a priority, an event will occur and people will not trust you anymore.
Once you have shown to be compromised at least one time, people will, by their nature, conclude that you may be compromised again, in the future. In football, once a player has a torn ACL, that person is considered to be at a high risk for another ACL injury. The same is true of a company that has their network hacked, and they lose control or access to confidential information. Once they get hacked, intrinsic trust both from current customers and prospective customers is jeopardized.
Once people don’t trust you, you go out of business.
Despite the volume of people who innately agree with this, it remains an item of intrigue that most small and medium sized business won’t address cyber security with the focus that it deserves. A seemingly endless stream of front page stories with details of how a company or government gets hacked are consumed by readers, but there isn’t enough thoughtful introspection happening.
TNT has enacted a series of cyber security mandates. We won’t take on anyone as a managed service customer if they don’t comply with our best practices (or they sign a waiver). We live in a hospital of sick people, yet a lot of folks still won’t wear gloves and masks when they enter the ER. TNT is establishing baseline protocols to ensure that our customers are not only protected but also trained in cyber security proactive behavior.
Want to learn more about the cyber security threats facing small businesses?
“Let’s hack and disable your cell phone. Start whistling in three, two, one, GO!”
Researchers at the University of Michigan and University of South Carolina claim to have discovered that music could be used to disable or, to a certain extent, even control some IoT devices. The researchers say they were able, through sound waves, to add steps to a Fitbit tracker and interfere with a cell phone app’s ability to control and access Internet of Things devices.
What does this mean? As IP enabled devices become more and more common, we are culturally on a course that the most likely device that we will use to control and interface with them is our cell phones. These IoT devices use chip based devices that are built upon the architecture of micromechanical systems (MEMs). Since these devices lack standards or shared design criteria, there is no governing body to say, “this is good or this is bad,” when a new product comes out.
Common examples where exploits are known and published include the interfaces between fitbits, drones and toy cars with your cell phone.
There are IoT devices in your workplace, today, whether you approved them or not. For example, I am wearing a Garmin watch that supports Bluetooth and wireless, and it is connect to our office public Wi-Fi. Since I know the logon information for the corporate Wi-Fi, I COULD put my watch on the private network, and, more likely than not, no one would know that it was a watch. After all, it has logged on with a valid username and password, and it is logging on from a known location-the office. What if my watch got hacked and became a proxy for, say, a server that was sending out inappropriate content?
Who is at fault? The network admin for not having enough security? Me, for not notifying the network admin that I have an IP enabled watch? Garmin, for making a watch that is hackable?
The IoT world is changing who we use technology. The lack of standards or the inability to track device proliferation shall make the news with ever growing frequency.
It is best to respond to this threat before it is a problem. Mobile Device Management can help. Learn more about TNT's Mobile Device options here.
Businesses are on the hook for customer information and data security, and we are not talking about credit cards.
In a recent court hearing, the Federal Trade Commission cited a company lacked “even basic precautions to protect the sensitive consumer information maintained on its computer system." It appears that actual harm from a data breach doesn’t necessarily need to be proven if the potential for harm exists. The ruling sends a clear and sobering signal to business owners: You must make significant, demonstrable efforts to protect yourself from data breaches or face the consequences.
In the ruling, the FTC stated, "Among other things, it (the company) failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected.”
The days of keeping all emails from a customer, including ones for order and purchase approvals, now represents a liability, not an asset or a CYA tool.
Too often, small businesses state, “Nobody is interested in the data we have. We’re not Sony or a government agency.” That thinking can now put you out of business.
Many IT leaders and business owners often think that there is a single product or service that they can subscribe to and this problem goes away. None exists. You need a managed security system that includes multiple products and offerings to address the gamut of requirements.
Lastly, there is no substitute for cyber security training for users. IT staff are not the ones who initiate the breaches-it is nearly always employees or innocent staff who don’t realize what they are doing.
The Network Team recently hosted a workshop on cyber security. As part of the workshop, we distributed handouts to help you help your employees strengthen the data security of your network. Fill out the form below to download the handout.
In ancient times, they city of Jericho was a modern Manhattan. It was the center of trade and commerce and known throughout all the Middle East as a crown jewel of civilization. Jericho’s leaders built a large wall to protect it from invaders. The wall was so big, that nearly none of the city’s occupants took the time to stay trained in the use of combat weapons like the villages who lived outside the city walls.
God’s people marched around Jericho seven times and the wall fell. Despite the size of their force being much smaller than the number of people living inside the wall, the city fell to the Israelites.
This was preventable, if Jericho’s leadership was like Webroot.
Most of our customers start with some over the counter firewall product that came with a $20 gift card to their favorite department store. They feel by using this firewall, they are as safe as the residents of Jericho. They do nothing to holistically protect the assets inside the company feeling that their firewall is doing all the hard work for them.
By using Webroot, you are doing the same thing as providing a wall not only around your city, but also around each of your assets. The best part, is that you don’t have to worry about bricks, concrete and training for your users as Webroot is a cloud-based product, meaning all the heavy lifting is done by smart guys (and gals) in a faraway place. The software that gets installed is minimalistic and does not require updating, meaning no matter who is attacking, the way automatically protects from the current attack.
In the past, TNT recommended products from Trend Micro, Barracuda and others for endpoint security. These products all had unique configurations with a need for maintenance, or they did not work. With Webroot, it is a set it and forget it technology, meaning once we set it up, there is very little for either of us to do. It is much like getting electricity installed in a new home.
You ought to try it out. It’s free for 30 days and costs only a couple of dollars a month per user after that.
Reach out today to learn more.