Unauthorized bank transfers. Identity theft. Fooled by deep fakes. No one is too old, too young or too poor to escape being targeted by thieves, says cybersecurity expert and regular media guest Greg Schaffer.
Greg Schaffer is the owner and founder of vCISO Services, LLC, an information security consulting business.
How should people respond if they suspect they have been the victim of a cyberattack?
“One of the worst things to do is panic,” cautions Schaffer. “Not thinking clearly may increase the intensity of what’s happening. Don’t feel pressured into action. Call law enforcement. Enlist cybersecurity experts to help.”
In terms of two key areas – how we access computerised systems and with our own home networks – Schaffer presents the following advice.
Multifactor identification fatigue
People are more likely to make errors if they become bored and distracted. Schaffer notes: “Bad guys try to wear people down. They may bombard someone with requests to confirm log-in attempts they didn’t initiate. It’s annoying! It can be tempting to confirm, just to get notifications to stop. Only now, that’s given the bad guys access to their username and password. Maybe a bank account is about to be siphoned. Never accept uninitiated requests.”
Home Wi-Fi network
For this risk, Schaffer looks inward to the home: “Even with doors and windows locked, bad guys can enter homes through devices. “Usually, the place they enter a personal network is not what they’re targeting. They may enter through something as simple as a smart TV. Once they’ve breached the TV, they could jump to a laptop where someone has been working on their taxes.”
Schaffer adds: “There, they may find social security numbers and other sensitive financial information. That’s a big problem! To reduce this risk, keep firewalls and laptops updated. Segment home networks: entertainment, children, home business, appliances, etc. That way, if one gets compromised, the others won’t. And never share passwords across platforms.”
Building business continuity
A third important area is with protecting businesses. This is easier in larger, resource-rich companies and more challenging in smaller sized firms. Schaffer’s latest book is Information Security for Small and Midsized Businesses and this looks at the measures that smaller organisations can take.
The focus of the book is with small businesses. Schaffer maintains that small and midsized businesses (SMBs) have the same information security concerns and needs as large organizations yet are often hampered by resource limitations.
There are alternatives, as Schaffer points out: “Most large companies have a Chief Information Security Officer (CISO) to lead and manage information security programs, initiatives, and risks. However, the cost of retaining a full-time CISO is often prohibitive for SMBs. This gap has led to the rise of the virtual CISO, or vCISO role.”
