Just because you're paranoid, doesn't mean they're not out to get you......
The process of securing your home office or business can get very technical. Today's technology is constantly changing and with change come new opportunities for attackers who are motivated by various forces. Monetary gain, disruption of service or just plain old bragging rights. Whatever the motivation. The task of securing your online assets can become overwhelming which is why I offer a simplified basic line of defence using known philosophies of cyber security.
Before we begin, let me explain a couple of concepts that need to be understood. Every business/office is different. Your assets are different depending on the service or product you provide. You will find that you have many assets, perhaps a large list of them, and that is where you need to start determining the value of each asset as well as the damage it will do to your business if it is compromised. Examples of assets are sensitive or personal data, applications, databases, or protected data such as health or financial information. The simple existence of your on-line connection is a valuable asset.
The process of identifying and prioritizing your assets is basically called a risk assessment. This process can get very complicated but I don't want to get lost in the woods. Lets keep it simple. The basic components are below.
Risk = the calculated assessment of potential threats to a business' vulnerabilities within its network and information systems.
Asset - Anything that provides value to a business.
- Customer Contact information.
- Personal Information.
- Financial Information.
- Any info subject to government laws.
- Business related website.
Threat - is what a business is defending itself against.
- Virus
- Hacker
- Denial of Service attack (DOS)
- Malware - RansomWare
Vulnerabilities - are the gaps or weaknesses that exist on computer or network.
- Weak passwords
- Poorly configured firewall or router that lets hackers in.
- Remote access to your computer/network.
- Users - opening suspicious email. (This is the most successful attack)
Here is a simplified Risk Assessment plan:
- Identify the vulnerabilities. (weak passwords, poorly configured components)
- Decide who might be harmed and how. (loss of revenue, customer trust, legal action)
- Evaluate the risks and decide on prevention. (how much damage will be caused, how to PREVENT)
- Record your findings and implement them.
- Periodically review your risk assessment and update if necessary.
These are some of the most common, (but not all) types of vulnerabilities.
Full access members can click to view the common fixes for them. (Join Now)
- Malicious email. (This is the most successful attack)
- Compromised credentials (username and password through phishhing, etc)
- Poorly configured firewall or router that lets hackers in.
- Remote access to your computer/network.
- Mis-configured User accounts (guest, administrator, unknown account.)
- Missing updates for your operating system as well as applications on your network/computer.
- Unencrypted connections.
- Installing compromised software.
- Physical Security
- Not updating virus definitions.