Digital Security is a global phenomenon. Bad actors and victims come from all nationalities, all walks of life. We can no longer consider ourselves safe by conducting our business with "reputable" vendors. As the Target breach demonstrated a few years ago, any computing device can be the agent that compromises the most personal and private of information. We must increase our vigilence on all of the electronics that surrounds us and makes our lives easier.
The data breach landscape is changing incredibly fast. Because of the growth of the cloud, what once required technical skills can be cheaply outsourced to agents who will do the work for a share in the profit. This commodity approach means that data breachers aim for soft targets who are less likely to have adequate protections.
Particularly noteworthy has been the rise of Ransomeware where attackers don't even try to extract data of value from your system but merely seek to take away access to the documents that you depend on and would be willing to pay for in order to gain access again.
To protect yourself, you must have a proactive strategy that takes into consideration the following concepts and challenges:
- Personally Identifying Information (PII) can exist on any computer, often for very innocuous or innocent reasons. Business related computers as well as personal devices must be considered as potential targets for PII theives. In many cases, personal systems represent the softer target which are easier to exploit.
- Vulnerabilities: A vulnerability is the combination of a software weakness or flaw, combined with an attacker's ability to access the compromise as well as the ability to deploy code that can exploit the flaw. There are two primary ways of limiting the effects of vulnerabilities: a) Update the Operating System and Applications when vulnerable code has been identified and fixed by vendors, b) Actively monitor and block behavior that indicates a hacker is attempting to exploit vulnerabilities.
- "Human Threat": Because of external security devices like Firewalls, the hacker's ability to exploit a vulnerability often requires the assistance of an unsuspecting human agent. Casual or non-technical users are often susceptible to warnings of serious threats to their computer systems. In trying to do the right thing, they inadvertently help the attacker to compromise their system. All users need assistance from trustworthy sources to avoid identity thefts.
- True Financial Risk: One of the most difficult thing for people to conceptualize is the real cost or value of the information that they keep on their computers and digital devices. A recent report on Ransomeware has found that hackers have determined a dollar value that most people are willing to pay in order to regain access to their data files. That value? About $500. Depending on the nature of the work the individual does and their data practices of convenience, computer owners and users can represent thousands up to tens of thousands of dollars to the right hacker.
- Audit Over Time: Sensitive data can be exposed at any time. You may download a PDF with PII in it or you may believe that keeping files in "My Documents" is protecting them from prying eyes. The only way to know what your vulnerability is comes with routine auditing. Don't rely on yourself or a human agent whose bias might cause an oversight of important personal information. An automated agent, impersonal and objective, can best scan every possible location on your system to uncover hidden PII, including in such an unlikely location as your recycle bin.
If you would like to discuss your personal security challenges further and explore the benefits of having a managed service provider working for you, please complete the quick survey below and let us contact you with more information about Digital Security and MSPs.