SAS 70

Sep 8 2019   10:14AM GMT

Going Past the Basics for Cybersecurity

Keith Harrell Profile: SAS70ExPERT


Data breaches are an all too common occurrence and there is no single measure of their impact. Aside from the adverse impact a data breach has on the affected company, data breaches also have a domino effect on the affected company’s customers. In fact, quite often the breach occurs within companies with which we’ve established much trust.

Unfortunately, many users view security as a passive endeavor that can or should be resolved simply by installing some perceived magic bullet, such as antivirus software. The reality is that antivirus software never has been and never will be a panacea. At best, antivirus software serves as a good pre-filter for a wide range of known threats.

You can bolster your defenses through the use of other technologies, such as firewalls, phishing filters, VPN’s like Surfshark, spam filters, and the like. But even bolstered, you still are left essentially with an arsenal of products adept at pre-filtering known threats.

This isn’t to say you should relax your controls or not use these products. If you can minimize your risk to the biggest majority of threats, you’ve gone a long way towards better security. It does, however, mean that you have to rethink your stance – you have to assess your own risk potential and your own risk tolerance, and then develop your own risk management plan.

For a home user with no business assets to be concerned with, your biggest concerns regarding data theft will probably be things like the risk of having your bank account compromised or becoming a victim of credit card fraud.

Once you’ve identified what your risk potential is, then determine what your risk tolerance is. Many banks, for example, will allow you to setup alerts for a wide range of activities, including things like wire transfers, drops in your balance, and the like. Take advantage of these features and setup a series of alerts that will give you early warning if your account is compromised but won’t be so intrusive that you quickly find yourself ignoring them.

Monitor your credit reports. You can do this manually or via a service such as IDWatchDog. Several free antivirus products come bundled with a free version of IDWatchDog so cost is not a factor here. You should also monitor your credit card expenses. If a breach involving your credit card has occurred, attackers will often start with small sums to check the validity of a card. In other words, don’t just look for big unexpected expenses – look for small unexpected expenses as well.

Good password management is a must-have component of risk management. Don’t share your password among different sites. If a company you do business with is breached and your username and password is stolen as a result, attackers will often try the same username and password combination on different sites. This enables one breach to have far reaching consequences across all your online accounts. To prevent this, having a unique password for each sensitive site is imperative.

Of course, you can share the same password across sites that don’t matter – i.e. sites that don’t require a credit card and which contain no sensitive personal information. But make sure your bank account password is unique and that each credit card account has a unique password as well. Your email account should have yet another unique password. Don’t use the same PIN either. There is a simple trick to making this all easier – write down the passwords.

This goes back to risk tolerance – you can’t protect against every possible scenario. Instead, focus on the most likely scenarios, i.e. someone gaining online access indirectly via the Web. So again, don’t be afraid to write down your passwords if it helps ensure you will use unique passwords on each of your sensitive accounts.

To recap, assume your data will be compromised in some fashion, even because of a company you do business with. Assess your risk by figure out what would be at stake when (not if) that occurs. Then implement smart measures that will give you an early warning of potential signs of compromise of sensitive accounts or data (i.e. credit reports). Understand your risk tolerance so these measures are pertinent but don’t cripple your day to day activities or overwhelm you with noise. And remember, your goal is not to achieve 100% security; that’s impossible. And by all means, use antivirus software – just don’t believe it’s going to stop every threat.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: