The big takeaway from XChange 2016 (it’s a bit frightening)
XChange 2016 was full of information, but there was one presentation that really stuck
I always look forward to their conferences. It’s full of industry experts, sharing their thought-provoking insights. And, they also know how to throw a party (but this is a serious post, so we won’t focus on that today). Well, XChange 2016 was no different. In fact, this may have been my best experience to date. There were lots of hot topics covered (and I’m not just saying that because we were in San Antonio) and I was given the opportunity to lead one of the groups at the event.
While the entire lineup was pretty impressive, this year, there was one particular presentation that really resonated for me: as a business owner, a business continuity specialist and as a private citizen. The topic was security. The presenter was a leader of the FBI Cybercrime unit–and what he shared blew my mind. That said, since most of our clients have mobile users (phones, laptops, tablets), in addition to their own personal devices, I thought it would be worth to share the key takeaways of the presentation more broadly.
Keep in mind, there were about 40 of the nation’s leading tech companies in attendance for this presentation. The FBI starts by setting up 2 routers, one with a SSID of ‘attwifi’ and the other was a southwest SSID (not sure about the exact details). Of the 40 attendees, about 25 of them automatically registered on his $20 routers and the FBI had full access to their systems–and proved it by pulling them up on the big screens for all to see. Once he had access, he could have put anything on there, including the latest malware, which would in turn wreak havoc and bring disaster to their network and systems. That’s fairly frightening.
Mitigating the risk
It’s pretty terrifying how easy it is to have a security breach. However, there are a few things you can do to minimize risk. Here are some points to consider:
* If you have mobile users, be sure that they don’t auto-connect to any wifi systems. Or set the wifi to disable after a certain distance from the office or their homes (there are some apps for this).
* In airports (or anywhere in public), how do you really know what SSID or network is the real one? Your mobile device will connect to the closest or strongest AP (unfortunately, that could be the guy sitting right across from you). Perhaps it is best to institute a policy to connect only via your mobile phone carrier or 4G hotspot.
Ransomware is seemingly everywhere
Another big discussion of XChange 2016 was the proliferation of ransomware. These attacks are being led by advanced tech organizations, using big data and analytics that rival some of our best companies here in the US. The social engineering techniques used are quite convincing to the users of your organization. As the FBI pointed out, it just takes 1 user to click on a link to infect an entire company. That said, there are a couple of things to do in an effect to protect your business.
* Backup & recovery is key. It is truly one of your best defenses against ransomware. Even with the strongest security, it seems you’re never able to stop 100% of all attacks. For our clients, I strongly suggest they look at their agents on their Datto, and for the most critical servers (with client or financial data), setup a short backup interval (for example, 15 or 30 minutes). Also, they should look at the backup schedule for those agents. Rather than an 8am to 5pm schedule, fill in some of the evening and morning gaps. If you need any help with this, contact Invenio IT.
* Encryption was also mentioned as a defense against ransomware. Something for clients to think about and to possibly look at implementing locally. The Datto device can also encrypt the agents locally. That said, of course, there are some pros and cons to consider before taking this approach.
Security is an important topic today–and it doesn’t just impact large corporations. Cybercriminals target everyone–including small and medium-sized businesses as well as individuals. Please take the threat seriously, consider these tips and let us know if you have any questions.