Hello ADI Community,
Today I would like to talk about the big S… SECURITY. If you follow the news or social media then you have definitely ran into news articles about the latest hack. I just did a quick google search and bumped into the March 10 2022 ransomware attack of automotive giant DENSO. The culprit was found to be the PANDORA Ransomware, first seen in March 2022. Security experts believe Pandora is a rebrand of another ransomware from 2021 due to code similarities.
There are 2 points I would to sum up from this:
- Ransomware, viruses, and other Malware are a very REAL threat in 2022
- Often once malware is detected and remediated, hacker groups will rebrand the malware and once again their is a NEW UNKNOWN threat.
So as a business owner how can you protect your IT from this ever evolving world of malware?
The answer is LAYERS. Very much like onions and ogres :). If you refer to the image of the Security Layer Pyramid, you will see security defined in 7 layers:
(1) Human Layer → (2) Perimeter → (3) Network → (4) Endpoint → (5) Application → (6) Data → (7) Mission Critical Assets
7 layers is a lot to discuss so this post will be #1 of a 7 post series.
(1) The Human Layer: I hate to say it, but humans are the biggest threat to IT security… and its not our fault! As the first layer of defense we are given a lot of unexpected responsibilities. We have passwords we need to remember, constantly update, but cant write down. We have to constantly be on the lookout for Spam and Phishing email that hide under official disguises. All of this while balancing our daily tasks, both professional and personal. On the day your stressed out with no sleep, malware will be fresh and new!
How do HUMANS pump up their defense?
All is not lost on our front. There are many steps we can take to best secure our companies IT:
- DONT WRITE PASSWORDS: Sorry but you have 2 options here. Memorize or use a reputable password manager like LastPass manager.
- UPDATE YOUR PASSWORDS: This is one of the big headaches but it is very important. Change your password once a month at least. Use symbols, number, upper case, and lower case. Make it 10 characters or longer.
- UPDATE YOUR APPLICATIONS: When a new malware is detected by the security community there is a swift effort to remediate them. Often the remediations come in the form of a software update. If you do not update to the latest stable version of an application, you are vulnerable. Turn on auto updates when possible.
- LISTEN TO WARNINGS: Warning messages such as Windows UAC are not put in place to annoy you. They will let you know that you are doing something that will give system access to an outside resource. This may be intentional if you’re running a new install for example, but pay attention as you may be letting a virus in.
- SCHEDULE ANTIVIRUS SCANS: We have enough to remember. Schedule a FULL DAILY antivirus scan during your computer’s off hours.
- UPDATE DRIVERS and FIRMWARE: This is often overlooked. Every manufacturer from your computer memory chip to your router will periodically come out with firmware updates. These updates are necessary to fix vulnerabilities. For this part you may need an IT professional as the process is more involved than an app update. If you need help give us a call 😉
Stay tuned for part 2 of the series.
Sincerely your tech savvy engineer,
Angel Contreras
Blogger for Advanced Data Infrastructure, LLC
Visit us at http://www.adipros.com or call us at (919) 727-2200.
References: