Strategies for Safe Computing in an Increasingly Dangerous World
Ransomware, KRACKS exploit, Bitcoin miners, Meltdown and Spectre… Yikes! It’s getting downright scary out there! I have an idea though: let’s encase each and every computer in concrete and bury them thirty-nine and a half feet down under the ground. The chances of being compromised then drop below 1%, but not zero…
All kidding aside, the old axiom of “wherever there is something to eat, there is something there to eat it” is being proven out in spades and it is very disconcerting to say the least from the standpoint of how to get stuff done without getting blindsided by some jerk looking to make a meal of you. So… what to do…?
And no, as cool as they were, I’m not talking about the alternative new-wave band from the 80’s. What I am talking about though is a bit of a fantasy because there is no cure, per se. This is a classic game of cops & robbers. Every time we figure out how they got in and we lock that door, new doors or Windows (see what I did there?) open up and we’re right back to Square One. So let’s get this out in the open right now: this is not going away and there is no cure and it’s just going to continue to get worse. There. Depressing as it sounds – I said it.
I am, however, a bit of an eternal optimist and I believe that we can reduce the “attack surface” considerably without encasing all the computers in concrete and deep-six them. The answer is…
While we can’t reduce the risk to zero we can get it to an acceptable level where you can have a sliver of confidence that you won’t end up on the wrong end of well, a confidence game. Here’s how:
1. Get your head out of the sand – think it won’t happen to you because you are too small or too inconsequential or too boring or don’t have anything worthwhile stealing? Think again! In the last year, two of our clients (less than 35 users each) were hacked by someone wanting to steal banking information, confidential emails, corporate secrets, and intellectual property. Three more were hit with ransomware and another was attacked by hackers attempting to use their network resources as unsuspecting bitcoin miners. So let’s dispel the notion that you are too anything to be of interest to anyone.
2. Patch, patch, patch – keep up to date with the latest patches of computer operating systems and applications. This one is a no-brainer. Most exploits are uncovered very soon upon being released in the wild. The sad thing is most – but not all – successful “events” can be stopped dead by the appropriate patch or fix so do not wait. Do it now because once the malware gets in, it opens all kinds of doors for the perps to gain access to your network.
3. Appropriate network security – not all events are a result of a malware infection. Some of them are simply brute force. The perps find a doorway to your network and then relentlessly hammer at it with combinations of usernames and passwords until they find one that works. How do they do that? See above – they find thousands of computers that HAVE NOT BEEN PATCHED, they unleash their particular brand of malware and presto change-o, they have an army of bots to do the heavy lifting for them. So, what exactly is “appropriate network security”?
a. Strong passwords (minimum 8 characters comprised of at least one capital, one numeral and one symbol) that are changed a minimum of 3 – 4 times yearly. Can’t believe I STILL have to say that in this day and age. Better yet, make super strong passwords that consist of sentences you can remember but then purposely misspell a couple of words and throw in some double spaces (e.g. “my ALLt1me favriite moovie is “It’s a wonderful Life”). Hah! Good luck guessing THAT one Mr. Jerkface hacker.
b. Change your network administrator login name – the Holy Grail for hackers is access to the administrator account which by default is named (you guessed it) Administrator. By changing the name to anything other than Administrator, you will close a very large door. If they do not know the administrator account name, they stand little chance of hacking the password. Then set up a fake Administrator account (with no rights) and then monitor it for activity. If someone attempts to gain access via the Administrator account, you’ll be all over it like Oprah on a baked ham.
c. Implement GeoIP blocking – this consists of only allowing remote access to your network from the continental North America. All IP addresses outside of that are barred at the door (your firewall). It’s not perfect but like I said, nothing is perfect and it is a helluva start. Of course, if you require access outside continental North America, this will take some tweaking. This won’t affect mail flow but it will stop those pesky Russians dead in their tracks.
d. Speaking of mail flow – train your users in the ways of safe computing. I have covered this before in countless blogs so I won’t go over the entirety of things end-users do that get them in trouble, but suffice it to say, all the locks and alarm systems in the world won’t do diddlysquat if someone opens an attachment they shouldn’t or clicks on a bogus link. The Golden Rule here is: Think before you click!
The Biggest Threat You Face At the End of The Day
The biggest threat you have is still your end-users because they inevitably hold the keys to the front door. But at least you will reduce the attack surface if you just follow some reasonably simple steps like those outlined above. Does this guarantee you won’t end up being smacked down hard? No. No one can guarantee that and if anyone does, they’re likely working for the aforementioned pesky Russians.
Want help with implementing better security? Contact us today. Stay safe out there!