A Web-security study once found the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.
That was back in 2012 but it’s still a major issue. Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.
Indeed, we see proof of his admonition in news headlines almost daily, which has prompted countless Biz Coach articles about cyber attacks with tips for Internet security.
The most-read Biz Coach article of all time quoted Stan Stahl, Ph.D., a nationally recognized security expert, in using Starbucks’ WIFI, a security pro issues warning and security checklist.
Also highly read is our mobile-banking warnings about security prove prophetic.
Don’t forget about healthcare. It’s vital to understand why many healthcare workers are responsible for an alarming trend: Medical ID theft.
Here’s a lesson about passwords after the theft of 16,000+ UCLA patient records.
“We’ve seen Israeli and Palestinian cyber-vigilantes launch DDoS attacks against each other’s web sites,” he explained.
“What happens when radical organizations discover they can launch a DDoS attack against their enemies?” he asked. “We should not be surprised to see the Internet become a battleground in America’s culture wars.”
Stan Stahl on Bloomberg
Key questions for organizations
Dr. Stahl recommends that all organizations answer four key questions:
- Are we gathering the information we need to understand our cyber threat and the quality of our cyber defenses?
- Are we effectively analyzing this information, using it to better secure our information?
- Are we sharing it with the necessary parties?
- In particular, is management getting the information they need to proactively manage information risk?
“One highly critical defensive measure, for example, is to rigorously keep software patched,” he added. One of the easiest ways for a cyber criminal to take control of a computer is to exploit a vulnerability in unpatched software.”
Dr. Stahl’s firm, Citadel Information Group, is regularly asked to help businesses.
“Patching needs to be on the weekly must-do list of every IT department and IT vendor,” he explained. “Yet, when we assess the patch levels of organizations, we are not surprised to often see more than 100 unpatched vulnerabilities on desktops.”
Questions for IT departments
To information technology departments, he poses these five questions:
- Does IT gather vulnerability information?
- Do they analyze it, taking appropriate action to keep vulnerabilities to a minimum?
- Is it shared with senior management?
- Does senior management know that IT must patch vulnerabilities to comply with laws like HIPAA HITECH or contractual obligations like the payment card industry’s data security standard?
- Does senior management regularly monitor “weekly vulnerability trends?”
“Human nature being what it is, cyber crime and hacktivism will likely get worse before things get better,” he concluded. “While we can hope to avoid cybergeddon, we also have to remember that hope is not a strategy.”
Amen. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.
From the Coach’s Corner, here are more Internet security resource links:
5 Safety Measures to Thwart Mounting Social-Network Attacks — Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook. By clicking on the e-mail link, Sally cost her employer nearly $1 million.
Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.
“Security is, I would say, our top priority because for all the exciting things you will be able to do with computers…organizing your lives, staying in touch with people, being creative…if we don’t solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.”