The movies like to make us think that computer hacking is a skilled stratagem that lies solely within the provinces of evil villains and nerdy geniuses. Although much maligned, the one movie that comes closest to genuine depiction of hacking is Independence Day, in which Jeff Goldblum’s character brings down a fleet of alien spaceships by simply inserting a virus into the mother ship’s master computer.
That movie would have ended differently if the aliens had taken a few simple (and boring) steps to stop Goldblum from accessing their hard drives. For example, the aliens’ control systems were all centralized into one master unit. Had they relied on a decentralized structure, the virus would not have propagated through their systems.
Cybersecurity teams that do not otherwise need to worry about alien invasions might turn their attention to artificial intelligence and other complex mechanisms to protect their networks from cyberattacks. From a simpler and more tedious perspective, they can also decentralize the controls in those networks and rely on a handful of uncomplicated security steps to keep malware away from them.
First, if the organization does not use spam filter, it needs to give employees regular reminders not to open attachments that accompany email from unknown or suspicious sources. Through the end of 2015, spear-phishing emails that target individual users in an organization were a primary mode of cyberattacks. If employees are trained to simply not take the bait, those cyberattacks will not be successful.
Second, update all software on desktops, laptops, and mobile devices. Software updates do more than add functionality and correct bugs. They also patch security holes that software vendors and hackers have discovered. Neglecting to do so could lead to greater problems when a hacker exploits a hole that has not been patched. Mobile devices are a growing gateway for cyberattacks, and an organization should devote close attention to those devices, particularly if it has a “bring your own device” policy.
Third, require strong passwords and multi-factor authentication for network logins. Employees who cannot remember strong or complex passwords can use a password vault that creates and stores strong passwords, but requires the employee to recall only a single set of login credentials. Two-factor authentication adds another barrier for hackers to circumvent in order to access an organization’s network. Hackers that are looking for easy systems to infiltrate will be quickly dissuaded from a network that utilizes multi-factor authentication.
Fourth, adopt a good backup strategy to thwart ransomware threats. A good strategy requires an organization to do more than just make spare copies of data. The organization needs to enact redundancies for both data and software that remain separate and wholly disconnected from its main network. It also needs a plan that can be quickly and easily implemented to bring the backup online when a ransomware attack shuts down the organization’s primary network.
For those times when these cyberdefenses fail to hold, an equally simple end game strategy is to procure cybercrime insurance that can provide a source of funds to reimburse losses and liabilities that an organization incurs when it is successfully targeted by a cyberattack. Neither simple nor complex cyberdefense strategies will deflect every cyberattack from a determined hacker. Cybercrime insurance is ultimately the last simple line of defense that can keep a business in operation while it recovers from the attack and re-establishes relationships with its clients.
These and other simple, boring cyberdefenses will create a barrier around a computer network that will encourage many hackers to turn their attention to easier targets. Unlike complex cyberdefense network monitors and software systems, these simple defenses are easy to install and administer. So what are you waiting for? The best time to protect your organization, is now!