The Most Important Cybersecurity Tips Provided by 6 WhiteHawk Insiders: Part I
Terry Roberts | Position: Chief Executive Officer and Founder |
Tip: Everyone is a Target
During our Spring 2018 market research of business executives, it was apparent that the vast majority do not believe that their firm, business, or non-profit are a cyber target. But 2016-2018 statistics do not support this assertion. Everyone who is connected, has something (personal data, financial insights, customer identities, proprietary information, etc.) that is of value singularly or in the aggregate. Like driving, it is not if you are at risk, it is that each of us must take all the basic precautions (know the laws and 21, take the training, lock your windows and doors, be aware, be defensive). That way when it happens - the very real risk to your revenue or reputation is dramatically reduced or mitigated.
Luis Cruz-Rivera | Position: Co-Founder |
Tip: Resilient Cyber Practices
Many companies try to implement iron like fences around solutions, and this is costly in both terms of money and productivity. Do not just focus on security issues but consider about creating something that can weather the storm and can keep you operating.
Companies can pursue a layered approach that builds up security where it is needed. By doing so, it will create a maturity roadmap to improve cybersecurity posture. Cybersecurity is not just an IT problem. It is a business issue. To some, cybersecurity appears daunting and difficult to implement with limited resources and finances. Sometimes it can feel like it's finding the impossible needle in the cyber haystack. To overcome this hurdle and shift your mindset into the cybersecurity sphere, focus on understanding and building behavioral patterns for users and core business data companies. The power is in "knowing." By knowing and keeping informed about better data, application, and asset management, companies can reduce the noise and spot anomalies easier.
Kevin Goodale | Position: Chief Financial Officer |
Tip: Trust, but Verify
Follow the old Russian proverb, "Trust, but Verify" - it is a tad cliche, but still a useful piece of advice. Digital technologies are changing and improving lives, companies' operations, and economies. But they bring risks. Fostering trust in cybersecurity, personnel (internally and externally), applications, or internal development requires a broad understanding of vulnerabilities a healthy dose of skepticism. It is a challenge but being too trusting or too skeptic without checks is a risk. Trust and verification should go hand in hand. Companies should always be checking on their relationships and verifying the cyber proficiency of their employees/contractors/vendors/partners (i.e. test systems and personnel with mock phishing attacks).
Antonio Crespo | Position: Chief Information Officer |
Tip: Cyber Awareness
Remember only 1 password that is not used anywhere else (Everyone needs a Password Manager).
-Go through every account and website you have and set your passwords to Auto Generated (from the Password Manager) with the strongest length possible.
-Organize the accounts within the password manager and respected folder. This will help for retrieving at a later point.
-Run Audit Report within Password Manger for additional guidance.
Review all accounts and privacy settings for each account.
-Know what your public foot print is for each platform. If you are unsure, disable sharing.
Soo Kim | Position: Director of Product Development |
Tip: Personal Behavior Awareness
Speaking from my own experience, I can relate to cybersecurity behavior to the time I lost my wallet and mobile phone at different times in one month. Consequently, this experience reminded me to improve Personal Behavior by knowing where one keeps one's own and others' Personal Identifiable Information (PII), understanding the contingencies put in place, and ensuring backups are in place.
Sarah Messer | Position: Chief Data Scientist |
Tip: Protect your Cyber Footprint
Assume everything you do online is public knowledge, whether or not it's explicitly tied to your real name. Usage patterns, demographic data, interests, and relationships between sites are readily mined to track users from one site to another. There are services which make a business out of tracking down individuals. Other services mine your use of the web to estimate age, gender, address, level of education, hobbies, buying habits, income, and birthplace. Many sites sell some portion of the data they collect. Many sites get hacked and reveal their data accidentally. A relatively small investment of time and money can uncover details of any person's past.
Consequently, you can protect your cyber footprint by marking online data as 'private'. Alternatively, consider putting it under an alias. While educated research can still find it, at best, it won't turn up in a causal search.
At the end of the day though, if you don't want it to be public, don't post it!