Know Your Enemy:
The online world is full of digital threats. Some can be outside factors, and some can be internal. Some internal threats to organizations are using unauthorized devices and stolen property. Using an unauthorized device to access company networks can open the door to external security threats. When the door is opened to external threats it makes it easy for a hacker to get into the network and steal sensitive information. Another internal threat is stolen property. This can happen when an employee leaves a work device somewhere where a member outside of their organization can obtain it. This poses a severe threat to the organization because an outsider can access the organization’s personal information from their own computers. Some external factors include things such as the Internet of Things, phishing, and brute force attacks. The Internet of Things includes things like weak passwords and a lack of patching. These weak spots make it easy for hackers to get into the social networking of the company. Going off of the Internet of Things, brute force attacks access companies’ networks through weak passwords using brute force tools (e.g., Hashcat, L0phtCrack, or Aircrack-ng). These tools guess the company’s passwords to get inside of the network. Another external threat would be phishing. Phishing is when an outside hacker sends an email to a company that looks like it is from a professional organization. Hackers do this with the goal of obtaining sensitive information.
Know Yourself:
Some things I do that I have in place are strong passwords, secure devices, checking the senders address, keeping devices in the workplace whenever possible, and having a clearly defined cyber security program. Having strong passwords makes it harder for someone or something to guess our passwords. However, using brute force tools to get into our network’s. Having secure devices is good for our company because it will prevent unsecure devices from getting into our network. Nevertheless, a friend may bring an unsecure device into our network without our knowledge that can give hackers access to our network. Another thing we do is check the sender’s address. We always make sure that we know the sender’s organization and it is not a hacker. Even though I double check the sender address, there is always a risk of a human error that gives a hacker sensitive information. Keeping devices in the home when possible is a good way to keep track of them and make sure they don’t get stolen. On the other hand, when I need to take the device out of the workplace there is always the threat that the device will be stolen. Finally having a clearly defined cyber security program ensures that all I know the best practices of cyber security. Despite knowing the best practices, I could still make a bad cyber security decision.
Develop Your Strategy:
There are some new practices and services that may be good to improve cyber security of my devices. One of these is abiding by the principle of least privilege. This means that I would give my friends and family the least amount of access needed to get on the network so that there is no human error that can give way to hackers. One more thing we should do is apply released patches and updates immediately. This makes sure that hackers do not find the weak spot in my websites that can lead to obtaining sensitive information. Another thing I should do is implement multi-factor authentication. This ensures that if hackers discover my password, they will not be able to get past the other authenticator. Again, another thing that I should do is establish a strictly enforced policy for mobile devices. This will make sure that there are no unauthorized devices on my network. Finally, we should minimize attack surfaces via microsegmentation. This would ensure that if hackers get into my network they will only get into a small portion of the network.