Defending Against Cyberattack

COLUMBUS (February 5, 2015). How can an organization defend itself in the face of sophisticated cyberattacks? Interhack Sr. Specialist Matthew M. Brothers-McGrew, CISSP discusses cybersecurity with Beth Dal Ponte on WCMH-TV (NBC4 Columbus). The answer goes well beyond the information technology department and the tools put in place to protect information. Ultimately the matter is one of identifying risk and managing it appropriately.

Haphazard efforts and knee-jerk reactions are not the path to security. Neither is the purchase of yet another product. Security is like safety: take advantage of tools, be guided by policy, and act in recognition of your goal and what you want to avoid.

“A comprehensive security program that includes all members of an organization is the most effective preventive measure that a company can put in place. A person in accounting clicking on an email containing malware can often be the weakest link in the best-laid security plans.”
—Matthew M. Brothers-McGrew

Protecting Your Organization

When going about your job, remember not only what you are there to do, but be aware of what you should not do. Should you not give away proprietary information to competitors? If so, what information is proprietary? Where is it maintained? How do you access it? How do you handle it?

You might not print out sensitive information, put it in an envelope, and hand it over to a competitor. But would you reveal the same information in an informal conversation with a friend in a public place, where someone can over hear it? Would you keep that document on the same computer where you aren't using a malware scanner? On the same computer that you use for file sharing?

Remember two things and act accordingly: computer systems fail and people make mistakes. If your behavior protects your organization even when those things happen, you might still be a target but you're not an easy target.

Protecting Yourself

Remember that an organization can lose control over only what information you provide it. Many ask for personal information but that does not mean that you necessarily need to supply it. Name and social security number are common targets for attackers to use for identity theft and fraud. You can reduce the number of possible databases in which that information about you appears through your own behavior.

For example, if you buy a car do you arrange your financing through a bank where you already are doing business? The dealer will want to offer you financing, but in order to do so you need to give your name and social security number. If you provide it, there is now one more database in the world where breach means exposure of your information.

Other tips to protect yourself include keeping your passwords private, not using the same password for different sites, and watching for suspicious activity in your statements and credit reports.

About Interhack

Interhack is a cybersecurity and computer expert firm with operations throughout North America. We perform cybersecurity and incident response services, and act as experts in legal proceedings. Interhack is on the web at web.interhack.com.