The Invisible Man

The Invisible Man

The concept of the “invisible man” has been written about many times throughout history. Probably the earliest was by Plato in The Ring of Gyges. The story is about a ring that grants its owner the power to become invisible at will. In the story, Plato considers whether an intelligent person would be moral if he did not have to fear being caught and punished. The notion that once freed from the eyes of others, humans will feel unbound from the morals that keep us civilized. Perhaps, this is one of the scariest things about cybercriminals — in many ways, they are invisible and therefore, perhaps not bound by good morals.

Has your network been visited by the invisible man? Data breaches are an unavoidable part of doing business today. It is not a matter of “if a breach will occur” but rather “when a breach will occur.” The outcome of the breach on your organization will be based on how well prepared you are with actionable, well-documented strategies and procedures. At IT Radix, we want our clients to be prepared before a breach occurs. Here are a few simple steps you can take to be more prepared:

Avoid password sharing

We already know we should not share our passwords with others. In this case, we mean password sharing between different systems. For example, your email password should be different than your computer password and different yet again from any line-of-business software such as accounting, project management, etc. Password sharing is often the undoing of many organizations because it makes the hacker’s job easier, but also leaves you vulnerable in the event one of your suppliers is breached. If you have different credentials for each system you log into, it prevents the re-use of your credentials to access other systems.

Educate your staff

In early August, an Android banking malware called “Invisible Man” was discovered that used key-logging to collect banking app login details. Not everyone vets an app before downloading to their smart device or computer. Nor are they always cautious about clicking on links within emails. Raising awareness and educating your team about what to look out for will significantly help reduce the potential risks. Ask us about security awareness programs that you can put in place today.

Protect smart devices

As the Internet of Things starts to become reality in your business, be sure to talk to us about the potential security risks. A weakness in a smart TV can be used as a stepping-stone into your network or turned into a listening device to gather company information. The Internet of Things can include security systems, HVAC systems and more. Ideally, you want to limit access to only authorized users and limit the device access only to limited portions of your network. Where possible, disable unnecessary functionality and keep the devices up to date and secured like any other network component.

Know exactly where your data is

By knowing where your data is, it allows you to put up appropriate defenses; and if a breach occurs, you know exactly where to focus your efforts on investigating the cause. If you don’t have a good handle on where your data is, the time and money required to investigate the situation are going to increase exponentially.

Understand your breach disclosure responsibilities

Disclosure is almost always necessary, and your legal obligations are getting stricter. Having a good team of advisors is critical—from insurance to legal—will help you safely navigate the legal obligations of breach investigation, notification and response.

As part of this, most cyber insurance policies these days request you have an incident response plan. Be sure to test your plan before an incident occurs to ensure that it works as intended.

These are just a few things you can do today to up your game in the cybersecurity realm. Need help getting started, give us a call today.

First published in our September 2017 IT Radix Resource newsletter