The 3 P’s of Cybersecurity — How to Put These Basic Fundamentals to Work for Your Business
Bob Lord, Chief Information Security Officer at Yahoo, headlined a panel at SXSW in Austin, TX, entitled The New Normal: User Security in an Insecure World.
Instead of focusing solely on the threats presented by this terrifying cybersecurity world we live in (see the massive Russian intelligence-directed hack on Yahoo, which compromised 500 million user accounts in 2014), Lord also presented a positive message: three crucial principles that can lead to a healthy cybersecurity environment. After all, as security experts the world over reiterate time and again, understanding cybersecurity risks isn’t the same as protecting against them.
The beauty of Lord’s presentation came in its simplicity, which focused on three P’s that can protect business data, prevent a ransomware attack, and increase productivity:
• Patches
• Passwords
• Phishing
Now, for a little more detail on each bullet:
1) Patches
Whether it’s for your operating system, your suite of Microsoft Office applications, or just your favorite smartphone app, security patches (otherwise known as software updates) ensure critical protection against evolving cybercrime trends. But sometimes the delivery mechanism for those updates can be confusing, leading to users either neglecting important downloads, installing patches that aren’t necessary or securely vetted, or even disrupting normal operations with an ill-timed click of that “Install Now” button. That’s where the guidance of a trusted IT provider comes in.
A good IT provider takes a proactive as opposed to
2) Passwords
Speaking of that aforementioned Yahoo hack, which resulted in the federal indictment of Russian hackers last week… Details from the Department of Justice’s investigation revealed that the hackers didn’t have to try hard to
That’s why it’s so important to not reuse the same password across multiple platforms; to create strong, long passwords comprised of random letters, numbers, and characters (think “th1sisn0tmyp@sswOrd” instead of “
3) Phishing
Aside from brute-force attacks by shadowy hackers, the next biggest and often most insidious form of cybercrime comes via phishing. Defined as an email sent out from a domain address that looks legitimate (think “mycompaany.com” instead of “mycompany.com”) containing links or attachments that also appear to be valid, phishing has become the #1 delivery method for ransomware and malware. Recipients of the carefully crafted and often harmless looking emails are guided to click on a bogus link or download a malicious file, which when opened can access and often encrypt all of the data on your computer and any connected networks.
That’s why it’s so important to empower employees with targeted training to identify phishing emails, to regularly and remotely back up all critical data in case of infection, and to know what to do if you fall victim to an attack (hint: don’t pay the ransom!).
No matter what your level of cybersecurity knowledge and experience, understanding these critical three P’s (patches, passwords, phishing) can help lead to comprehensive protection. The other most important component?
Having a trusted IT provider like Namorgy Network Solutions in your corner putting those three
