Example Consulting Q&A
Below you will find some example questions people have asked and answers we gave.
What are some good ways to protect myself online?
Particularly when it comes to web browsing, taken from our Computer and Web Browser class:
In order of importance:
- Make sure the correct website address is in the web browser's address text bar (the address typed in is also called the universal resource locator, or URL). Sounds obvious, but this consistently gets people all the time.
- Make sure "https://" is shown in address bar for any website that has any kind of log-in accounts, especially bank websites.
- A green padlock is located somewhere on your web browser. Red padlock means leave quickly because the certificate is expired or invalid.
- Some green in the font of the address bar to signify an authentic security certificate is in use. That's usually a green "https", padlock, and if the business name shows up. If you see NO padlock and NO green font, we recommend not using their website until they fix their security issues.
- The correct name of the bank is located somewhere in the address bar or tab. If it just says "Secure" that is also fine. If there is no name displayed, but all the above criteria checks out, you're likely at the correct website.
If you come across a website asking for you to accept a security certificate, we recommend you don't accept and leave that website. Either their website is malfunctioning or they generated their own security certificate without a trusted third party verifying it's authenticity (which may mean it's a fraudulent/fake website). Please take the class to learn even more.
Additionally, be caution about where and how you connect to the internet. View our Working Remotely risk assessment here to learn more about this.
How do you protect yourself from corporate hacks like what happened to Equifax? We were affected before the news even hit.
Realistically, because Equifax's business is to know as much about all of us as they can (data collection of public and eventually more private data) and they're really good at it, this limits what we can do, especially if they are the gatekeepers to our credit. Other organizations make updates to this system, reporting when you did something ideal (like pay bills & loans) bad, like not pay rent or a loan, etc. It's not a bad idea if your a business needing to know someones payment history. And since someone broke into Equifax's database(s) and stole this information, your personal information is out there and it's already too late to protect yourself directly from a hack this revealing.
Slight but unlikely solution: If you never use credit and credit lines or never have anyone check your credit, you may be able to go all cash. Additionally, you may change your entire identity in addition to only using cash. Doable? Sure. Realistic? Maybe not for most people in the US or the West.
An interesting option may be to opt out of credit reporting companies so you don't get solicitations by email, traditional mail, or phone calls about credit cards, etc. Learn more about this here and here.
And of course, you can keep your credit frozen so it would be harder for someone to use your credit.
Keep in mind, that even though this breach happened to them, they can profit from the breach because they may try to sell you identity theft protection services.
What are the warning signs as a user that you've been hacked when you don't have a personal IT specialist? (Besides the obvious emails/messages from your personal contacts with suspicious links)
While we did a small write-up of some things to look out for, please be aware that there are entire job fields dedicated to detecting any kind of cyber attackers and hacks. While a job field like "Computer Forensics" can help find hacks after an attack, a "Hunt Analyst's" job is to actively find attackers and hacks as close to "as they happen" as possible, usually by means of looking for certain patterns in computer/device log files, network access logs, traffic logs, etc., all based on times, what is being attacked, source of attack, type of attack, suspicious activity, and more. These analyst's generally work out of a physical (or virtual) SOC (security operations center) and monitor this kind of information from many businesses all at once (or unless a large business can afford their own in-house SOC), often with some aid from AI (artificial intelligence) built into the software they use to help them spot attackers.
Here are some ways to help detect if you have had a hack, taken from our Cyber Incident Response Planner:
Detecting breaches can be extremely difficult even for large companies with plenty of resources- most attacks that are detected take up to 6-7 months to be detected (within those large companies, sometimes even if they have a SOC team monitoring). Imagine what a cyber criminal could have done with 6 to 7 months of time inside of a company's computer and P.O.S. systems. If detecting a breach for businesses with large security teams and budgets is very difficult, detecting in a very small business can seem be close to impossible. But it can be done. Here are some signs (IOC, Indicators of compromise) that you will want to look out for that could indicate a hack, old data breach, or a live ongoing data breach:
The most obvious hacks that almost certainly tell you've been hacked are:
- Ransom-ware that has locked your computer and you get a ransom 'note' about paying to recover your stolen/encrypted data.
- You find your company's confidential data already online for all to see.
- You run a piece of security software (DLP, antivirus, security suite, firewalls, etc.) that clearly tells you that you've been compromised and that it could not or did not stop the breach.
- Money is legitimately unaccounted for and missing from your bank account(s). Generally, unless the bank admits it is actually having some issues with robbery and digital theft, someone physically or more likely 'digitally' stole the money from you probably by compromising your computers or devices or by successfully assuming your identity.
- A physical breach was found. For example, a burglary or some equipment theft, especially of devices and computers that contains sensitive information (or unwiped sensitive data).
The following are general indicators that *MAY* indicate a good chance that you've been hacked, but are not concrete proof of compromises:
- Unusually slow Internet, computers, or devices: If you come into work one day and your computer or device is acting not like it usually does for a longer period of time as you're using it, this is suspicious.
- A computer that appears to have been obviously tampered with: If you turned off your computer when you left work and it still on or has windows and programs running when you return, someone may have been trying to steal important information. Keep a look out for files or folders have been moved, deleted or created, and you know you didn't create, remove or move them.
- An unauthorized and highly suspicious device was install and connected to your computer or computer network.
- You resold, donated, or recycled old equipment that was not properly wiped of potentially sensitive data.
- Pop-ups and redirected websites when browsing: If you're browsing the internet and you keep getting redirected to other websites, get constant intrusive pop-ups even with a pop-up blocker on, it's a sign that the machine either has malware on it, or is attempting to get you to slip up and grant a unfettered access to your systems.
- Locked-out accounts and unable to reset your password: If you've ever been locked out of your email or social media accounts, you know it's usually because you typed the wrong login credentials one too many times. If you receive a lock-out message the first time you try to access an account (and you know you've typed your password correctly), you might have been hacked.
- Unusual or unapproved programs: If random programs are suddenly showing up on your workstations, you may have a breach on your hands.
While it can be exceptionally hard for a small business to conduct forensic analysis to determine if a compromise was truly made, what was taken, and how it was done, we highly suggest you contact a professional service that determines these kinds of attacks.
If you really want to dig deep into finding suspicious activities on your systems and you have a hint of technical blood in you, here is a guide online that will tell you about the various tools and techniques you can use. Caution, this basic material isn't for those on a time crunch if you don't know how computer networking protocols work- but technically you may be able to find hack-like activities.
If you'd like to know if someone recently attacked and hacked your business, check out this service which checks social media site Twitter for news about it:
If you're interested in your own accounts being compromised with other companies or on other online services, you can check here:
Have you used Norton Core? Is it worth the purchase? What is the best router to purchase for security?
We have not used Norton Core ourselves.
Norton Core an interesting looking network "appliance" with a small computer built-in that takes on the role of a wired router with multiple security features, a wireless router, a switch, a firewall, and a subscription to Norton Security (and antivirus) software. Basically, it's almost a small business grade wireless router for your home, but it seems to have a few compelling features that could potentially protect your home from some forms of cyber attacks such as:
- Deep Packet Inspection ("DPI", be careful- network/internet connection speed may be noticeably slower when turned on) to inspect your non-https network/internet traffic for malware
- Norton Security software for all of your computers and Security Plus for covering additional devices
It appears that this device is specifically made for home use and has an on-going subscription after a year. But we caution you, read reviews from users about their experience using this device- as of December 2017, there are a lot of complaints about reliability and support on Amazon. It doesn't protect you from everything, but it seems like a great place to start securing your home network if the reliability and support issues are fixed.
While we can't speak on what the best router out there is, what one of our core employees has at home are the slightly more affordable and similarly featured (DPI) smb-class Ubiquiti Edge Router with a Ubiquiti AC-Pro wireless access point and their choice of any anti-malware software. Setup takes a little more work, but after setup, the reliability and extra functionality are golden.
How important are lengthy and complex passwords when data breaches will easily give them up?
Lengthy passwords and ways of keeping them safe and secure are about the only controls you have in regards to data breaches of companies because you generally have no control of how they keep their data.
If a company has at least some of it's security game up to par, they would not have stored their user's passwords in plain text for thieves to easily read. The company would have done what is called 'hashing', or basically encrypted a user's password one-way. A hash function will change a real password into seemingly random text and it cannot be reversed, meaning that if a thief has stolen a hashed password and a user's original password is long and complex enough, thieves cannot 'reasonably' figure out the real password based on the hash ('reasonably' being millions of years of having their computers 'guess' passwords hashes). Often, another layer of randomization is added to the password hash, called salt, that make it harder to 'crack'.
But, as is usually the case, it's not the crypto functions that can be broken, it's how it's implementation that gets broken. If a malicious hacker is able to break into a website and modify the website's login code to not hash, everyone's passwords will be stored as plain text- then after some time, and the hacker can ex-filtrate all the login data at a later time. Another super common thing is to trick people into going to and logging on to a fake, but realistic website that is a near clone of the real website.
In our office security portion of our Security Awareness course, we do go over complex passwords and how to make easy to remember and strong passwords.
How can you help protect my network better than any other company?
Currently, we do not directly do security services for you. We hope to empower you to take control of your own security because we believe that security should not just be in the domain of a security specialist, but of everyone- business owners, executives, and employees.
We provide you with a lot of the methods that security consultants advise to their clients on staying secure. To be more specific, we provide a more direct means of securing your business through awareness training, risk assessments, and guides, without the need to always have a security specialist do this for you (and because having a specialist isn't always necessary). Additionally, we provide an alert service that notifies you when your systems may have had a new vulnerability come up. We also provide incident response planners and policy generators for you and your business.
At GetCyberSecured, we can help you achieve a practical level of cyber security for your small business.