Internet and Computer Safety
Cybersecurity

Identify Risk

What are your risk? Most of use instantly think of getting a virus, getting hacked or scammed.
Human error, being misinformed or uninformed are the greatest risks.

Internal risks - employee theft
External risks - "bad actors"
Intrussion - "digital breaking and entering", corporate sabatoge,
Outdated hardware software that has not been updated.
Using default or weak password
Physical risks - lost or stolen property

Disaster Events - fire, flood, hurricane, tornado, loss of power, loss of internet, hardware failure.

It is not a question of if something bad will happen, it is a question of when.

Prevent Threats

Can you prevent something happening, or prevent a problem being worse than it could be?
Yes, there are things you can do.

It should go without saying: Use Security Software and Services, and Best Practices. Be Aware of what you are doing, what you click on, and where you are.

Be Proactive about Preventative maintenance

Have a plan. What are you going to do when (not if) something happens. Have a backup, have a secondary means or maintining operations.

Change default user name and passwords on modems and routers. All default user names and passwords are readily available on the internet. And update modem and router firmware regularly.

Use secure passwords. There are lists of most commonly used passwords readily available on the internet. And password discovery software combined with AI can easily detect any eight character password in under one hour.
Use two-step authentication whenever possible.
Keep your firmware, operating system and other software up-to-date. Updates frequently include "security updates" needed to keep bad-actors out.
Learn How to Recognize scams, spam, phishing and other attempts to obatin access to your systems and information.
For more information about these go to my Cybersecurity Awareness Month

Consider adding a firewall (or firewalls) between you and the outside world.

Segment your network, don't give everyone administrative control .. Most modems/router combinations have a setting to have primary and guest WiFi connections, use them. Consider adding a second router to further segment network connections.

Use a good VPN service whenever connected to the Internet, especially on public WiFi connections.

"Disasters" happen. A disaster does not have to be a hurricane, flood, fire or a software company sending out a bad update. For some a disaster can be a hardware failure, a computer, server or service quits working.

Some of the recent incidents I wondered why companies were not prepared. Why was there not a "secondary location" to operate from.

Have Backups. Online backup services are an excellent way to manage backups, and they provide that "secondary location" to some extent.
Else, use a local backup such as an external drive, or cloan drives for easy replacement. Use full backups and incramental backups.
Do Not rely on "syncronized" backups as an attack on the primary system can corrupt the backup with the problem you are experiencing.

Detect Problems

How do you detect a problem, potential problem, or a problem that is about to get worse?

Most of us use: "Things aren't working right", don't sound right, don't feel right, all the way to the obvious "It isn't working".
Check your computer logs for warnings and errors, or periodically have someone do that for you.
Check firewall logs to detect suspicious activity.

Consider "Penetration Testing" to discover systems and user weaknesses.

Consider software that monitors activity on you network.
Most of us can't have our systems monitored 24/7/365 to detect problems such as intrusion detection - as some should -
Small businesses and Home users are targets for hackers as well and some security suites include some intrusion or suspicious activity features.

Mitigate Damage

The First Step in Mitigating Damage is to be prepared, have a plan, and work the plan.

Disconnect - turn off the device that has been infected, breached or compromised.
Notify banks, credit companies and others as needed about problems or possible problems. Monitor your accounts for suspicious activity, and monitor for accounts being created that you did not.

Change all your passwords on all your internet accessable accounts.
Get someone who knows what they are doing, a professional to help you remove any potentially unwanted software and malware from you system(s).

Report Incidences

Reporting cyber-crimes helps make the Internet a safer place for you and everyone.

Recovery

Recovery can be a slow "painful" process. In part it depends on how prepared you are.

As we have seen and experienced in recent months, even a security update can cause havock across industries.
Is there a backup plan for unexpected man-made or natural disaster.

Examples One and Two:
When CrowdStrike pushed out a security update, and Microsoft passed the update along to clients, it affected industies around the globe.
When Hurricane Helene dumped masssive volumes of rain over western North Carolina, families, communities and businesses were devistated.
One business in particular that had a regional affect. Ingles groceries had a lot of their technology centered in one location. When that location was damaged, Ingles was unable to conduct business as usual for days.

In each of these two examples, had companies had secondary locations (effective backup systems) to simply switch over to and use, neither of events would have been so disruptive.
By having a secondary location that was un-affected by the man-made or natural disaster, network administrators could have adjusted settings from the primary to the secondary network.
These steps would have been costly up-front, but much less disruptive and costly in the long-run.

Most of us do not need to go to these extremes to be prepared but basic precautions and preparedness can be less disruptive and costly in the long-run.

Additional Cybersecurity Information

For some practical Best Practices for staying safe on the Internet visit my Cybersecurity Awareness Month page.