The Worst Advice We’ve Heard About Cyber Security
We often get asked about cyber security and cyber security assessments. Sometimes we are in the room when others are talking about it and I’ll admit, I eavesdrop a little to see what they say. Here is the top 5 worst pieces of advice I’ve heard lately about cyber security:
- Our IT guy/girl/company takes care of that for me!
- We bought a “box” from vendor XYZ that stops all bad internet traffic.
- Our anti-virus is up to date, so we’re good.
- We use Macs, and they don’t get viruses.
- You can’t stop it, so why even try!
While you might have the best IT person fixing your computers, in EVERY vulnerability assessment and cyber security audit we have performed, the IT support person has NEVER said cyber security was in their job description. Most often, their job was keeping the computers up and running, replacing batteries in wireless mice, and installing the latest version of your line of business application. While they have the best of intentions, uptime gets in the way of cyber security.
There is no silver bullet, no one solution, and no one “box” that can prevent you from being hacked. Only through a defense in depth strategy, with constant attention to new vulnerability attacks and the reviewing the latest exploits will you be even close to keeping up with the hackers.
Anti-virus is only one piece of the larger defense in depth strategy. Do you need anti-virus? Yes. Is it going to stop all malware? No. But, you still need it. And, pay for the updated definitions. Viruses come out too frequently for you to “wait until next year” to get the upgrade.
While Apple’s Mac operating system may not be the target of much of the malware and viruses written today, it is only because of the smaller numbers of installed computers. It’s not financially advantageous for attackers to write viruses for the Apple. But, Apple computers do get viruses.
Lastly, ignorance is not bliss when it comes to protecting your computers against hackers. And in some States, it is against the law to ignore the problem, hoping it will go away. In Massachusetts, resident’s personal data protection laws require an active approach, including annual risk based reviews of your IT environment.
Hacking is continuing to grow. Only through regular vulnerability assessments and information technology audits can you keep up.