Stay Informed, Stay Safe: 17 Information Security Insights from Tech Bytes II
IT professionals from the Twin Cities and surrounding communities gathered for an afternoon devoted to information security at the new Twin Cities Orthopedics Performance Center, the Minnesota Vikings' shiny, new team headquarters in Eagan, on Wednesday, July 11.
Whether you were unable to attend, or just need a refresher, we’ve compiled top insights and full-length videos from the event.
1. IT security is always changing. Cyberattacks evolve and businesses need to adapt in order to keep their information secure. This is why we need an ongoing conversation about IT security.
2. Despite the changing landscape, basic security controls exist to help your organization stay on top of information security. Controls mentioned include keeping track of your hardware and software assets, managing vulnerability, controlling administrative privileges, secure device configuration and ongoing maintenance, monitoring and analysis of audit logs.
Speak a Common Security Language with FISASCORE
3. We’re not speaking the same language. What is information security? Ask five information security experts, and you’ll receive five different answers. It’s hard to find agreement on one answer. Ultimately, when it comes to information security, businesses, security engineers, end users, etc. are not speaking the same language.
4. There are four things every business leader should know about their information security: 1) their current state, 2) what an acceptable future state would look like, 3) when that can be achieved and 4) how much that’s going to cost. This can be achieved with a FISASCORE.
5. Information security ignorance is not defensible. If and when you become the victim of a data breach, simply saying “I didn’t know the risk” will do nothing to restore your systems or your credibility among customers, partners or the community.
6. True information security requires a broad, long-term strategy. To achieve real progress, you need a two- to three-year roadmap, but progress is trackable and attainable over time. What improvements can you make now to get started down the path? Processes need to be built. People who maintain your infrastructure need to get up to speed.
Watch SecurityStudio CEO Evan Francen’s full presentation, “Speak a Common Security Language with FISASCORE”, below to learn what information security improvements you can make now (or within one quarter).
The Overlooked Security Risk: Office Printers
7. End points are growing. How secure are you? By 2020, 95% of what we own will be part of the IoT (Internet of Things), and therefore hackable if left unsecured. The IoT includes devices connected to the internet, such as smart phones, smart thermostats – basically anything smart.
8. You need to consider the security of your copiers and printers as you would any other endpoint. It’s easy for hackers to break into unsecured printers and attack your entire network (they first ping the network for unprotected printers).
9. Security features come built into many newer printers. You just have to know what security specifications to look for when you’re shopping.
Watch the full presentation, “The Overlooked Security Risk: Office Printers,” below from Steve Decker, HP Print Technical Consultant, to learn what security features come standard on HP models and what you can do to secure your printers.
The 2018 Threat Landscape: Defensive Tips from a Hacker
10. Data breaches are an old trend, but they’re still increasing. Unfortunately, hackers keep getting smarter and more agile.
11. Linux attacks will double in 2018. (You can blame the IoT.)
12. Wi-Fi hacking is commoditized. Tools start at $99, and there are 3.3M videos on YouTube for “Wi-Fi Hacking.” Anyone can go out there and copy/mimic your Wi-Fi. It’s illegal, but easy to do. There are ways to protect yourself.
13. There is no silver bullet when it comes to information security. No one thing will keep you safe. You have to have a layered approach consisting of:
- Defense in Depth
- Multifactor Authentication
Marc Laliberte, senior security analyst at WatchGuard Technologies, shares the top 7 trends in IT security, and 5 hacks to watch out for in 2018 in the video “The 2018 Threat Landscape: Defensive Tips from a Hacker” below.
Targeted Attacks: How to Recognize Them from the Defender's Point of View
14. If you have computers, you have something people want to hack. Don’t fool yourself into thinking that you have nothing of interest to a hacker on your computer. Beyond any passwords or credit card information your machine may store, it could also be an easy entry point into your network, where sensitive business data and employee records are stored.
15. Prevention is not enough. Big companies are building security operation centers (SOCs) to detect and respond to threats, and limit detection and response time. Everyone wants to be there, but it takes people, time and resources.
16. If you don’t have the people to maintain your security systems, you’ve got nothing. Even the newest, most expensive security precautions fall flat when your team isn’t prepared to support them.
17. Right now, we’re seeing an information security hiring gap. People with real security experience are expensive to employ and hard to find, especially for an SMB (small or midsized business).
See more about defending your business with the presentation, “Targeted Attacks: How to Recognize Them from the Defender’s Point of View,” from Ben Bitterman and Bryan Van Den Heuvel from Arctic Wolf Networks, which includes several real-life stories of data breaches and cyberattacks:
Contact an expert at Loffler if you'd like more information on any of the insights or presentations above.
Loffler Companies is the largest privately owned business technology and services organization in the Upper Midwest. We are dedicated to providing innovative solutions and managed services to drive business for organizations of all sizes. Our offerings include IT Professional and Managed Services, Multi-Functional Copiers and Printers, Managed Print Services, Unified Communications, Software and Workflow Technologies, and Onsite People-Based Services.