Pub. 7 2017 Issue 3

15 ISSUE 3. 2017 download files or click on links when we aren’t 100 percent sure of their origin, but there is a simpler way to defeat ransom- ware’s impact on your organization: make sure you’re backing up your files remotely to a place not connected to the internet. This is something everyone can do to contribute to lessening the impact. If you have a recent, clean backup of all your critical systems, you can avoid having to pay ransomware. Backing up your own workstation or laptop regularly is also very important. Enter into the holiday season with a plan to keep your patches up to date. Update your software, phones, tablets and com - puters, both business and personal. As a rule, don’t use Windows XP, as Microsoft is no longer providing security updates. This seems like simple common sense but the latest ransomware viruses mentioned above exploited vulnerabilities that were well known and documented. Updating ensures that known vulnerabilities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cybersecurity exper - tise of experts in the field and dramatically reduce your exposure. Update and confirm your inventory of all assets attached to your network. This again should include phones, tablets and other mobile devices. It should also include your ecosystem of partners and contractors that have access to your network. We are all familiar with the Target hack a few holiday seasons ago. Access was gained through an HVAC contractor. Proper asset hygiene helps an organization confirm only authorized assets are accessing your network. It can also assist in identifying unusual activity by assets that are authorized. Review your Passwords and connect to a gra - dient trust model. All it takes is one mistake for the gate to be opened but designing a series of privileges into your system will ensure that only the right device using the right connection by the right person will verify users can only use what they are meant to. In many cases it just requires a simple content filter on access so the content isn’t opened when someone may accidentally click on malware. The final step in gradient trust is building permissions from the bottom up using concepts like application whitelisting. We also highly recommend the use of Two Factor Authentication for access to on - line banking applications, mobile banking applications and any online accounts that have PII or financial information. Two step verification is an extra layer of security that is also known as "multi factor authentica - tion" that requires not only a password and username but also something that only that user has or would know. Using a username and password together with a Two Factor Authentication makes it harder for potential nefarious actors to gain access and steal that person's personal data or identity. Finally, validate that your security is work - ing to the level you expect it to. @RISK Technologies provides a no cost measure - ment of all your systems that goes beyond traditional penetration testing by using machine learning and artificial intelligence. @RISK’s own unconventional tactics are em - bedded in the Cloud within a next generation Cognitive Computing Platform. IBMWatson Artificial Intelligence technology enables con - stant tuning and training. @RISK’s "Network Consensus" technology transforms costly “post” incident Digital Forensic Investigation (DFI) into “pre”-incident enterprise vulnera - bility discovery, resulting in “Left of Bang” Cyber Situational Awareness. Talk to members of the @RISK team today and learn how measurement and constant im - provement is important for your organization to plug the holes in your network before an attacker has the opportunity to exploit them. w