“What keeps you awake at night?” That’s a question that seems to come up at many a business networking group when someone begins to offer a solution to a problem they can solve. If you’re a CEO at a major corporation, the answer to that question is: cybersecurity.
Internet systems are more complex, and complexity leads to more risks. It’s become a boardroom issue, and the most concerning part of the problem should be the increased time it takes to find a system intrusion. It now takes 292 days – more than nine months – to discover a breach.
Part of the problem is the size and complexity of large corporate networks. They have thousands of endpoints, and it’s become harder to spot anomalies and deploy patches. While our clients typically don’t have large, sprawling networks, we all interact on the corporate or personal level with large global networks for just about everything we do.
Other parts of the problem are that companies may take too long to investigate the breach, and then they need time to develop a plan to patch it. That time is directly related to the network’s size and complexity. If a company doesn’t have a continuous monitoring plan (yes, it’s hard to believe a large company wouldn’t have one), it also extends the time to discover a breach.
Two other reasons are:
- Hackers have better stealth tools to invade a network. Once they’re in undetected, they can take their time to look at all of their victim’s data to see what’s best to monetize.
- Hackers can steal login credentials and hang around a system for a long time until they’re detected.
Companies that can detect intrusions in less than 100 days can save $1 million in containment costs. But they may not be as motivated as you are to protect your network and the people they serve.
Here are some things you can do right away:
- Make sure you have strong passwords for every account you and your employees and family members have.
- Insist on using passkeys or some other form of two-factor authentication (2FA) wherever possible. A good authenticator should be device-specific and tied to a device that’s always with the user.
- Make sure all your software (operating systems and apps) and firmware (hardware systems) is up to date.
- Have an easily accessible list of your key usernames and passwords for emergency use.
Microsoft is making strides in a couple of areas. The company introduced passkey support across most of its consumer apps a year ago, allowing you to sign into your account without the need for 2FA methods or remembering long passwords. Today, it’s encouraging all new signups to use passkeys as it removes passwords as the default.
Windows Hello allows users to securely sign in to their accounts with their face, fingerprint, or PIN. Today, more than 99 percent of users sign into their Windows devices using Hello. The company reports that 98 percent of passkey attempts to login are successful; passwords are only 32 percent successful.
To help keep all your software up to date, Microsoft is developing an update orchestration platform designed to unify the updating system for all apps, drivers, and system components on Windows systems. Right now, it’s aimed at developers and IT product teams. The goal is to run an update scan tool that will queue downloads and updates at optimal times. We’ll see if they can actually make it work.
That’s in the future. For the here and now, we recommend you contact us for a security audit. It’s something you should do annually to make sure you’ve taken the four steps we enumerated above. At the very least you can strengthen your own systems before the big guys know they were breached. Call us – 973-433-6676 – or email us for an appointment.