/network-security-pt-1-human-element.jpg)
Transcription:
Network security is very personal to me because , the fact is, I've personally been the victim of a data breach. My own data has been lost, and I know what it means to me and how concerned I am to have my data out there. And having my own personal experience with data loss drives me to ensure AvantGuard never experiences the same thing. So from a business perspective, the data breach can mean millions of dollars in cleanup and restoration, not to mention the loss of customers. It's the number one thing I worry about, and it's something that definitely does keep me up at night.
Because email is certainly a vector that that can be used to entice a user to click on a link, take them to a malicious web site, click on an attachment that that might have a virus, or take someone to a Web site that looks like a Google login. They prompt the user to give a username and password, which is all a bad actor needs in order to gain access to a machine or your username and password. They do this to take advantage of an unpatched system, and once they've got access into your network or your system itself, they get a lot of control.
It's interesting to consider how the motivations to breach a network have changed. When I was early on in my I.T. career, they wanted to make as much of an impact as they could. Essentially, they want to take down an entire network or create an impact in such a way to make the news. Now it's totally different.
It's a money making process. For the most part, what they want is to take the computing power of my computer and use it. If they can use my computer in addition to one hundred thousand others just like it, then they have the power to initiate a denial of service (ddos) attack, or use the systems to do crypto mining and try to make money. If they can do that all undetected, then they can continue to have that resource at their disposal to do any of those things.
Given all of this, I think it's critical for any business to make sure that as business leaders are training on any policies within the company, to make sure that their users are a firewall between the bad stuff that's on the Internet and the company. It's crucial that your employees know these things, that you're training them how to identify the bad actors. As part of your training, they learn to identify little clues within emails, and become more aware of how these bad actors try to get into your network.
As we coach and train our team, we frequently send test phishing emails to make sure that that our users are consistently practicing these skills. We try to do everything we can to make sure that they are as ready to face the threats that are very real as they need to be.
With all the best efforts to train your users to be careful about what they're doing on the Internet or with their email, the fact remains that mistakes still do get made. There's definitely a technical gap that exists between making sure that we are also responding to these threats with things like implementing quality endpoint security, making sure our systems are patched, and that we're scanning our systems for vulnerabilities.
––––––––––––––––––––––––––––––––––––
Ready For Part 2? Click below to watch it now
/network-security-pt-2-patching-vulnerabilities_fb.jpg?width=1200&name=network-security-pt-2-patching-vulnerabilities_fb.jpg)
