kennynatiss.net

5 Ways Small Businesses Can Ramp Up Cybersecurity

Kenny Natiss

Cybercriminals don’t rest. They’re among the most prominent online threats and can instantly steal crucial data from companies. 

While businesses of all sizes have fallen victim to cybercrime, small businesses are usually at the top of their lists. They’re often the main targets of cyber-attacks because they don’t always have the resources that large corporations do. 

While they may be vulnerable, there are ways to protect themselves from cyber-attacks. Kenny Natiss discusses 5 ways small businesses can ramp up cybersecurity. 

Assess The Risks 

What’s the company most at risk for? When business owners understand their risks, they can take the right measures and address them. 

This is made possible through a cybersecurity risk assessment. Identifying the areas where the business is vulnerable allows companies to create a plan of action. This can include user training, tips on how to protect business data, ways to secure email platforms, and more.

Train Employees 

Investing in employee training is a simple way to ramp up cybersecurity efforts. Training employees not to click on a suspicious email will help prevent a data breach. 

Here’s what needs to be addressed during a cybersecurity employee seminar:

  • How to spot phishing emails
  • How to use good browsing practices
  • Creating strong passwords
  • How to maintain good cyber hygiene
  • How to protect sensitive company data

Extend These Measures To Smartphones 

Many companies conduct business through their mobile devices and many hackers target mobile devices, adding one more thing to the list of preventative measures. 

It is recommended to require employees to have password protected smartphones, install security applications, and encrypt their data. This will make it difficult for cyber criminals to steal important information while the smartphone is connected on public network. 

Remember that cyberattacks happen on vulnerable devices. Small businesses need to ensure all devices used to access customer information are protected using updated antivirus software.

Kenny Natiss

Make Sure Networks are Secure 

Perhaps the easiest way small businesses can ramp up cybersecurity is by securing their networks. They can do this by using a firewall and encrypting their data. 

All Wi-Fi networks or Service Set Identifiers (SSID) must be secure and hidden. This will prevent any non-employees from accessing the network. If they can access it, cyber criminals will to. 

5. Use Strong Passwords 

One of the most common ways that cybercriminals steal data from a company is by knowing their passwords. If a criminal can guess a password, the password is too weak. 

Unfortunately, passwords like “123456” and “password” continue to be utilized by many CEOs. This opens the door to cyber criminals ready to attack.

Tips to ensure a strong password include: 

  • Use at least one uppercase letter
  • Use at least one lowercase letter
  • Use at least one number
  • Use at least one special character
  • Make sure the password is 10 characters or longer

Final Thoughts

Keeping the five tips above will go a long way in protecting a small business. Business owners need to implement these measures to ramp up cybersecurity and keep the data of their employees, customers, and company safe.

Cybersecurity Considerations with Cryptocurrency

Kenny Natiss

Bitcoin and other cryptocurrencies often get used in scams, such as Ponzi schemes, phishing attacks, and fake ICOs. Crypto’s lack of regulation has led to several high-profile hacks, such as the Mt. Gox hack in 2014, resulting in the loss of over 650,000 bitcoins — a $460 million disaster. 

Unfortunately, these scams often look like legitimate investments, making them challenging to spot. Given the unique cybersecurity risks associated with cryptocurrency, Kenny Natiss says that companies should make sure they have a comprehensive cybersecurity plan in place.

Cryptocurrency

Cryptocurrencies are digital or virtual tokens that use cryptography to secure their transactions and control the creation of new units. Since they are decentralized, neither the government nor financial institutions can manage them.

Bitcoin, the most well-known cryptocurrency, was created in 2009 in response to the global financial crisis. As of October 2022, there are over 19 million bitcoins in circulation, with a total market cap of around $368 billion.

In addition to being used to make purchases of goods and services, cryptocurrencies get exchanged frequently on decentralized exchanges. There are now thousands of different cryptocurrencies, including Ethereum, Litecoin, and Monero, with new ones made regularly, often referred to as altcoins or alternative coins.

The decentralized nature of cryptocurrency and its anonymity has made it a popular choice for investors, consumers, and, sadly, criminals.

Various Forms of Cryptocurrency Fraud That Compromise Cybersecurity

The most sophisticated type of fraud is the ransomware attack. Hackers encrypt a victim’s files and demand payment in cryptocurrency for the decryption key. The Colonial Pipeline attack was an example of this type of scam.

Kenny Natiss

Here are some of the most common cryptocurrency scams to be aware of:

·        Ponzi Schemes

This scam promises investors high returns for little to no risk. The people behind the scheme are simply using new investor money to pay off old investors. Eventually, the project will collapse, and many people will lose their money.

·        Fake ICOs

This scam involves creating a fake Initial Coin Offering (ICO) to raise funds from unsuspecting investors. The people behind the ICO often create a website and whitepaper that looks legitimate, but the project is nothing more than a fraud.

·        Phishing Attacks

In this scam, hackers attempting to steal login credentials or personal information send emails or other messages that seem to be from a reliable source. Be careful when clicking on unknown links within communication channels, as it could unwittingly give hackers access to individual accounts.

·        Malware

This scam involves installing malicious software on a computer that can steal personal information or login credentials. Be very careful when downloading files from the internet, as it could inadvertently install malware on an unsecured system.

·        Pump and Dump Schemes

This type of scam involves artificially inflating the price of a particular cryptocurrency through false and misleading statements. Once the price gets artificially inflated, the people behind the scheme sell their coins for a profit, leaving investors with worthless coins.

Safeguard Digital Assets With Cybersecurity

Cryptocurrency brings unique considerations to cybersecurity because no central authority can be held responsible for safeguarding assets. Instead, it is up to individual users to take measures to protect their investments.

By taking cybersecurity measures to protect assets and being aware of the risks, individuals and businesses can help safeguard their investments and personal information.

The Threat of Deepfakes in the Cybersecurity Sphere

The technology necessary to make deepfakes has been available since the mid-1990s. First seen in The Crow following the death of Brandon Lee, it was as realistic as the time allowed. So, why all the fuss now?

The main issue is the readily available technology. Before now, people needed specialist knowledge in high-tech, expensive CGI software to produce natural-looking people. But these days, deepfakes use AI, letting anyone with computer access make fake videos starring whoever they like.

They only need a few images or videos of the subject, and Kenny Natiss says a terribly realistic deepfake is formed. 

Kenny Natiss

The Rise of Deepfakes

Late 2017 saw the emergence of deepfakes. And while they may appear to be some clever technology developed by an intelligence agency, it was the creation of an unnamed Reddit user. That said, they didn’t invent it from thin air. It’s constructed on Google’s open-source TensorFlow learning library. 

Deepfakes use artificial intelligence to superimpose one face with a different one. How does it work? By evaluating movement positions and substituting replacements frame-by-frame to ensure the new face matches the original dimensions and conditions of the video.

In April 2018, Jordan Peele used deepfake technology to release a PSA starring Barack Obama. The video shows the former president saying various ridiculous things before discussing fake news. 

Not only does the video present a visual deepfake, but it also demonstrates audio faking! Peele used Adobe’s VoCo audio tool to create an overwhelmingly convincing output. 

Deepfakes: Are They Disinformation

Despite the somewhat-scary implications of deepfakes, they’re still (thankfully) far from perfect.

Of course, throughout deepfaked videos, they’ll look terrifyingly real at times, but the overall animation will contain minor glitches and imperfect matches, signposting itself as fake. 

Currently, the technology isn’t good enough to present disinformation. In fact, most deepfake enthusiasts have used it for making pornographic content — much to the relief of security professionals around the world. And even though some political videos have emerged, they’re too easily spotted to cause a problem.

Kenny Natiss

Evaluating the Risks of Deepfakes as Cybersecurity Threats

As the above-mentioned suggests, any untrained eye can spy a deepfake, meaning they aren’t a significant security threat. But technology is constantly improving. Presently, the greatest concern for deepfake technology is its use by state-paid actors who have the ability to craft ultra-convincing content.

The genuine threat begins when anybody with a computer can create the same level of deepfakes as those with plentiful resources!

Projections suggest these videos could be a national security problem, affecting everyone from businesses to end users. But thankfully, cybersecurity pros are already developing countermeasures. 

The Fake News Megaphone

At the end of the day, deepfakes don’t really present new problems. Instead, they potentially act as a megaphone for a current one — fake news.

Most of the population fails to establish whether a news source is credible. It’s this uncritical thinking that spurs the problem. Even near perfect deepfakes would be less of a threat if people weren’t so quick to accept anything they hear or read online.

The Future of Cybersecurity is Open Security

Kenny Natiss

The cybersecurity field is mired in secrecy. Security vendors tend to guard their threat detection and response protocols like the crown jewels, keeping them well and truly under wraps.

But Kenny Natiss says there are dire consequences to this level of secrecy. Black-box products, less-than-stellar integrations, and an overall lack of transparency are all symptoms of the detrimental subculture unwittingly created by cybersecurity professionals. Vendors continue prioritizing competition over collaboration, taking the industry further down the attacker-advantage path.

Something needs to change — and open security may well be the answer to providing better cyber safety for users, customers, and organizations. 

Open Security, Not Open Access

Closed security may be excellent for vendors in the short term. Still, leading Chief Information Security Officers say open security (i.e., widely available detection rules and open code and artifacts) is the way forward. 

Consider it a way of doing business — a methodology of sorts — that changes the archaic, secret way of conducting cybersecurity into a transparent, honest relationship with the company and its users.

The term “open” can incite fear in digital security professionals. However, this type of cyber protection isn’t about allowing access. Instead, it’s about encouraging across-the-board engagement to strengthen the security of users, customers, and vendors.

Crafting protection measures in the open landscape allows security professionals to see a product’s underlying code and test it before implementation. This doesn’t just save money; it deepens understanding of threat detection, security technology, and process simplification.

But perhaps most importantly, open security permits professionals to identify gaps or blind spots in a system’s code. It ensures companies can focus on removing holes in their security tech wall and develop risk profiles for emerging threats quicker. 

Kenny Natiss

Closing the Cyber Skills Gap

While the security silo-caused data breaches are dreadful, the constantly widening cyber skills gaps they create are just as terrible. Closed, proprietary security shuts doors in the faces of new-to-the-industry professionals. 

Security has shrouded itself in a cloak, reducing its talent pool’s diversity, deterring graduates, and encouraging hard-to-understand tools. New cyber protection employees struggle to break into the industry without the ability to play with on-the-market tools. 

Lowering the barrier to entry rests in the hands of open security. Accessible code encourages learning since they can develop a better understanding of how the technology works.

Transparency — The Key to Cybersecurity Maturity

The adage “security through obscurity” simply won’t cut it anymore. Cybersecurity professionals must break down their long-erected walls if they wish to achieve long-term protection. 

Over the past ten years, the industry has changed drastically — and now it’s time for the next phase. Implementing open security creates opportunities, unlocks education, and empowers users. 

Providers might be skeptical about opening security’s black box due to the ever-present questionable codes and bypasses within the industry. But forward-thinking professionals understand that open security can start righting this wrong. After all, it’s only a matter of time before consumers begin demanding transparency, forcing vendors to oblige. 

In a phrase, open security is the future of cybersecurity.