It’s funny to see someone post on social media, “let’s make this go viral.” Why? Because that concept was only cool before it became a mainstream phrase. Using that phrase today only shows how out of touch someone really is.
Most phrases that end up on social media carry no more dangerous payload other than identifying an individual as out-of-touch. There are other phrases, though, that can have a significant impact on a personal or business level. When people do not understand a new phrase or concept around it, most default to ignoring the subject. In terms of securing your business on a digital front, ignoring it comes at your peril.
Here are three mainstream security concepts every business owner or anyone tasked with business security should know:
Multi-factor Authentication (MFA):
This beautiful technology can protect you from over 90% of digital threats. MFA (and its earlier cousin, 2FA – two-factor authentication) is simple in concept and extremely powerful in practice. Passwords are porous and blatantly insecure. MFA simply requires a user to provide the password AND a code, either texted to them or generated by an authenticator app, to complete the login.
At first, it will feel inconvenient.
- It will grow on you to the point you will be suspect of any environment that doesn’t require it. (Hint – if you want cybersecurity insurance coverage, chances are this will be required)
“Zero Day:”
Zero day is not a concept most users are familiar with, but it impacts nearly everyone. You will often hear threats described as a “zero-day vulnerability.” Simply put, a zero-day problem is one that the manufacturer did NOT know about before it being exploited (the vulnerability has been known for zero days). There are armies of cyber criminals hunting for zero-day exploits in nearly everything you use, such as Windows 10, Windows 11, macOS, your connected thermostat, etc.
- Once an exploit is found, it is typically used….quietly. The goal is to keep the manufacturer from knowing about it as long as possible because once it is found out, the “day” ticker starts and patches get issued to close the vulnerability. How do you address this? You can only react by keeping your systems updated and patched.
Social Engineering:
This concept is starting to have a broad range of meanings. Social engineering aims to get other people to think as you want or do as you want. We see a lot of social engineering posts (originally called “fake news” years ago) coming out of eastern Europe. These often aim to stir up unrest or anger across large groups of people. Social engineering is not just about changing attitudes – it can be used to attack your security as well. There seems to be a trending uptick in social engineering attacks on helpdesks. These involve a person calling the company helpdesk in a tirade acting as the CEO of that business. They state that they are locked out of their account, “and I want my password reset RIGHT NOW.” If YOU are a younger person sitting in that chair at the helpdesk and YOU have the company CEO on the line wanting their password reset
RIGHT NOW, what is your first inclination? You guessed it. These attacks succeed, and before you know it, the bad actor has full access to the CEO’s inbox. More importantly, they have control of their outbox and the ability to send instructions to subordinates – such as “wire this payment here.” Social engineering attacks are real and are coming more frequently. How do you prepare your workforce? In the example above, simply having everyone trained to address any such situation with “I’ll call you back on your number we have on file to finish resetting your password” is a verbal form of multi-factor authentication that would avoid a mess.
Understanding and planning for these three simple phrases can help you secure your business, so “let’s make this go viral.”
