When security is mainstream, it’s too late

by Mark Hodges ([email protected]) 228 views 

It’s funny to see someone post on social media, “Let’s make this go viral.” Why? Because that concept was only cool before it became a mainstream phrase. Using that phrase today shows how out of touch someone is.

Most phrases that end up on social media carry no more dangerous payload other than identifying an individual as out-of-touch. There are other phrases, though, that can have a significant impact on a personal or business level. When people do not understand a new phrase or concept around it, most default to ignoring the subject. In terms of securing your business on a digital front, ignoring it comes at your peril.

Here are three concepts every business owner or anyone tasked with business security should know:

Multi-factor Authentication (MFA): This absolutely beautiful technology can protect you from over 90% of digital threats. MFA is simple in concept and extremely powerful in practice. Passwords are porous and blatantly insecure. MFA requires a user to provide the password and a code, either texted to them or generated by an authenticator app, to complete the login. Hint — if you want cybersecurity insurance coverage, chances are this will be required

Zero Day: Zero day is not a concept most users are familiar with, but it impacts nearly everyone. You will often hear threats described as a “zero-day vulnerability.” Simply put, a zero-day problem is one the manufacturer did not know about before its exploitation (the vulnerability has been known for zero days). There are armies of cyber criminals hunting for zero-day exploits in nearly everything you use, such as Windows 10, Windows 11, macOS, your connected thermostat, etc.

Mark Hodges

Once an exploit is found, it is typically used … quietly. The goal is to keep the manufacturer from knowing about it as long as possible because once it is found, the “day” ticker starts and patches are issued to close the vulnerability. How do you address this? You can only react by keeping your systems updated and patched.

Social Engineering: This concept is starting to have a broad range of meanings. Social engineering aims to get other people to think as you want or do as you want. We see a lot of social engineering posts (originally called “fake news” years ago) coming out of eastern Europe.

These often aim to stir up unrest or anger across large groups of people. Social engineering is not just about changing attitudes — it can be used to attack your security as well. There seems to be a trending uptick in social engineering attacks on help desks. These involve a person calling the company help desk in a tirade and acting as the CEO of that business. They state they are locked out of their account, “and I want my password reset RIGHT NOW.”

These attacks succeed, and before you know it, the bad actor has full access to the CEO’s inbox. More importantly, they have control of their outbox and the ability to send instructions to subordinates — such as “wire this payment here.”

How do you prepare your workforce? In the example above, simply having everyone trained to address any such situation with “I’ll call you back on your number we have on file to finish resetting your password” is a verbal form of multifactor authentication that would avoid a mess.

Understanding and planning for these three simple phrases can help you secure your business, so “let’s make this go viral.”

Mark Hodges is chief growth officer of Arkansas IT services firm Edafio Technology Partners. The opinions expressed are those of the author.