It’s Halloween season so let’s discuss scary things. I recently took advantage of the offer from www.cyberstreams.com to have them run a free Dark Web scan. As I’m writing this, I get a weekly newsletter from Sweeney Conrad CPA firm and one of the articles is titled, “Email attacks up 667% following rise of COVID-19 worldwide.” The statistics are from (cyber) security firm Barracuda.
Obviously, the slimy bad guys (and gals) are out there and after us more than ever.
I received my Dark Web scan report and found it pretty “gentle.” Only five breaches, one from a LinkedIn breach, two from a group affiliated with a business group I’m in, and two miscellaneous ones. None got access to my passwords. So I called David Henderson with Cyberstreams to discuss it and here’s what he told me, with the first point the most important:
- 60% of breaches are from human error. That’s right, it’s you or your employees causing most of the damage.
- The above could be people using the same password or a variation on many different sites. For example, someone at one of their clients used (and I’m changing the word) platinum, platinum1, platinum8, and other variations. Once breached, the bad guys try variations of platinum until they get a hit.
- When a website you use is breached, like LinkedIn, change all of your passwords.
- Use two-factor authentication.
- Don’t use your business email for personal matters.
- Make sure your data is backed up and safe from ransomware (meaning, not on an external drive connected to the system all the time). Use cloud backup that’s protected from ransomware.
- Do security awareness training (like Cyberstreams does) as well as ethical hacking (testing your people).
- Use a password service like LastPass, and make sure your password to your service is very strong.
- 60% of companies with major data breaches go out of business.
- David’s company is just like yours or mine in that they get attacked all the time. He has 14 people plus past employees. His last scan found 21 accounts with data breaches (not his system but sites his people had been on) with 41 total breaches.
- Get cyber insurance, it’s inexpensive.
The abovementioned article on phishing also pointed out how one blackmail attack was detected 1,008 times over two days and how most attacks start by a person clicking on something they shouldn’t (click on). I know every so often I get 10-12 phishing emails at the same time, with the same message. It really doesn’t matter if you’re a large firm, small firm, or an individual – they’re after you.
“It’s so much darker when a light goes out than it would have been if it had never shone.” John Steinbeck