Evaluating Budget, Time, and Resources for Your Splunk Deployment Splunk: to Cloud or Not to Cloud?
4 Reasons Why You’ve Already Been Hacked
In this day and age, where our digital footprint widens daily, and every physical device in our lives (from toasters to air conditioners) arrive WiFi-enabled out of the box, it is not paranoid to assume that something attached to you or your company has already been compromised. How though? “I only ever fell for the Nigerian Prince Uncle thing like once… in the 90’s…” you claim. “How could this happen!?”
- You Re-Use Passwords
Creativity is hard. Coming up with a unique password for each of your 400 logins is frustrating, and remembering them is even harder. This brings us to a universal truth: Passwords get re-used. Don’t get me wrong, “B@tman!2#,” which you chose in high school and have used for everything ever since, is secure enough for most password complexity checks, but falls on its face when one vector is compromised. Password managers like LastPass can generate unique passwords for the individual, but protecting an enterprise is far more challenging.
COMBAT THIS BY: Enforcing programs, such as a staggered rotating password policy, helps prevent a lack of creativity from becoming a digital downfall.
- You Don’t Change Your Locks
Whether it is the employee who was fired for taking hour long bathroom breaks to play Candy Crush on his phone, or that creepy friend-of-a-friend “Chad” who showed up at your Super Bowl party, ate all the chili and proceeded to use your wireless internet to download NSFW fanfiction to then read it aloud, chances are (statistically) you didn’t change the password or disable the account after they left.
COMBAT THIS BY: A periodic audit and review of access logs and lists can be a lifesaver.
- You Have Trust Issues
Sometimes you do everything right and you still get owned. All the personal security precautions in the world cannot protect you from the compromise of a vendor or service with custody of your personal information. There isn’t a lot you can do to prevent this, besides steer your business towards trusted and reputable companies.
COMBAT THIS BY: Engage with your representatives to ensure that they are protecting your data and update your credentials periodically. (See #1 to prevent cross-violation)
- Nothing You Own is Secure
Unless it is unplugged, powered off, broken and buried, your device/system/network is vulnerable. With the rush to push the newest bleeding-edge technology to market, very little thought, if any, is given toward securing tech against malicious use or access. With the ever growing list of devices contributing to the Internet of Things, it is not uncommon for your refrigerator and baby monitor, complete with their own IP addresses and unsecured-by-default APIs, to now live within the boundaries that you must protect.
Mapping out your footprint and identifying potential threats to you, your peers, or your company isn’t an easy thing to conceptualize without feeling like you need to be wearing a hat made of aluminum foil. “Be Proactive!” isn’t just a slogan on a bumper sticker. Strategize solutions and implement them as you can. Relax. We’re all in the same boat.