How Has Cybersecurity Evolved in 2023?

 

How has cybersecurity evolved? What are the future trends in the industry?

The game of cat and mouse “played” by defenders and attackers will continue to drive the evolution of cybersecurity. The game is ongoing, with each side adopting and adapting the strategies and tactics of the other.

In this article, we will explore how cybersecurity has evolved and what we expect to see in the coming years.

How Has Cybersecurity Evolved?

In thinking about how cybersecurity has evolved, a few key trends come to mind

Evolving Cybersecurity Trends

Artificial Intelligence and Machine Learning Security systems powered by AI/ML detect and respond to threats in real time, while cybercriminals use these technologies to launch more sophisticated attacks.
Post-Quantum Encryption Integrating quantum-resistant encryption will be crucial to maintaining secure communications in a post-quantum computing era.
Zero Trust Architecture Perimeter-based security approaches are giving way to a Zero Trust model, where no user or device is inherently trusted.
Blockchain Blockchain, which forms the basis of cryptocurrency, will be used to enhance data integrity and potentially increase the security of transactions.
Internet of Things Security The scale and diversity of IoT devices and Industrial Control Systems (ICS) will pose ongoing challenges for security professionals.
Cloud Security Cloud providers continuously enhance their security offerings, such as data encryption, access control, and threat detection. Conversely, hackers target cloud installations because they are a central repository of the crown jewels in any organization.
Human-Centered Cybersecurity The future of human-centered cybersecurity will be shaped by technology and an increasing understanding of the role of individuals in securing digital systems.

Artificial Intelligence and Machine Learning

Artificial intelligence and machine learning (AI/ML) technologies, such as ChatGPT, are playing an increasing role in our lives. While AI/ML-powered security systems can detect and respond to threats in real time, cybercriminals also use these technologies to launch more sophisticated attacks. We expect to see defensive and offensive advancements in AI/ML, with uncertainty about which side will prevail.

Post-Quantum Cryptography

The quantum computing revolution poses a threat to data encryption. Post-quantum encryption algorithms are being developed so encryption can withstand quantum computer attacks. In the post-quantum era, we’ll need quantum-resistant encryption to keep communications secure.

Internet of Things Security

Internet of Things (IoT) devices are proliferating, so securing them has become increasingly important. Connected devices present new attack surfaces and vulnerabilities. IoT security frameworks and standards are being developed, but the scale and diversity of IT devices pose ongoing challenges for companies and security professionals.

Zero Trust Architecture

Perimeter-based security is giving way to Zero Trust, where no user or device can be trusted. In Zero Trust, identity verification is strict, monitoring is continuous, and the least privilege access applies. With this approach, you’re more protected from insider threats and external attacks.

Blockchain Technology

Blockchain technology, which underpins cryptocurrency, is being explored for security applications. Blockchain can boost data integrity, make transactions more secure, and manage identities better. It holds potential for supply chain security, identity verification, and decentralized authentication.

Cloud Security

Security of cloud-based systems and data is becoming critical as more organizations adopt cloud computing. Cloud providers keep improving their security features, like encryption, access controls, and threat detection. There is likely to be an even greater advancement in cloud security solutions and practices in the future.

Human-Centered Cybersecurity

There’s a growing focus on educating people about cybersecurity and promoting security awareness. The future of human-centered cybersecurity will be shaped by technology and a better understanding of the role of individuals in securing digital systems.

The Future of Human-Centered Security

Let’s think more about human-centered cybersecurity for a moment. Several factors will shape how human-centered cybersecurity evolves, including:

  • User-Centric Design: Cybersecurity solutions will be designed with user experience and usability in mind. This means making user interfaces intuitive, simplifying complex security processes, and providing clear instructions. The goal is to minimize user errors and make security measures more accessible to everyone.
  • Behavioral Biometrics: Passwords and PINs are traditional methods of authentication that can be compromised. But in the future, there will be a shift towards using behavioral biometrics, like keystroke dynamics, mouse movements, and gait patterns, to uniquely identify people. It’s harder for attackers to replicate these characteristics, so it’s more secure.
  • Contextual Awareness: As cybersecurity systems become more contextually aware, they adapt their behavior to the user’s environment, location, and device characteristics. Contextual awareness can help systems adjust security measures, like prompting users for additional authentication when accessing sensitive data from an unfamiliar location or device.
  • Continuous Education: Future cybersecurity approaches will focus on continuous user education and awareness. Organizations will invest in education and security awareness training to ensure their employees know about common threats, best practices, and how to spot and respond to potential attacks. By doing this, they’ll foster a culture of security consciousness and empower people to make informed digital decisions.

Remember that humans are only the weakest link in cybersecurity if you treat them that way. As cybersecurity evolves, educating employees will become more important than ever to ensure they become your greatest defense against cybercrime.

___________________________


John Sileo is an award-winning cybersecurity keynote speaker who educates audiences on how cybersecurity has evolved and how they can remains ahead of trends in cybercrime. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

Cybersecurity: Why Is it Important?

 

With cyberattacks on the rise, more organizations are coming to understand why cybersecurity is important to their bottom line. It is essential for businesses of all sizes to use robust cybersecurity best practices to protect their systems, networks, and data. Let’s dive into why cybersecurity is so important for businesses to prioritize.

Cybersecurity: Why Is it Important to Organizations?

Prevents Financial Losses Implementing strong cybersecurity practices mitigates financial loss risks.
Protects Sensitive Data Robust cybersecurity safeguards sensitive data from unauthorized access, theft, or misuse.
Preserves Reputation, Brand Value, and Customer Trust Taking robust measures to preserve customer data can enhance a company’s reputation for reliability and trustworthiness. Conversely, the loss of data can have disastrous multi-million dollar consequences, including business devaluation, bad press, and high recovery costs.
Complies With Regulations Prioritizing cybersecurity demonstrates an organization’s commitment to data security and privacy.
Safeguards Business Continuity Investing in cybersecurity protects critical systems and infrastructure, minimizing potential disruptions.
Protects Intellectual Property Robust cybersecurity enables an organization to secure its valuable intellectual property from theft.

Cybersecurity is crucial to organizations; it is the moat, the heroic knights, and the armor for your castle all rolled into one.

  • Financial loss prevention: A successful cyber attack can result in substantial financial losses from theft of funds, disruption of operations, legal liabilities, regulatory fines, customer attrition, brand damage, and costs associated with incident response and recovery. Implementing robust cybersecurity measures mitigates this potential financial harm.
  • Sensitive data protection: Organizations handle a vast amount of sensitive and confidential information, including customer data, health information, financial records, intellectual property, and trade secrets. Cybersecurity practices safeguard this information from unauthorized access, theft, or misuse, helping to maintain the trust of customers, partners, and stakeholders.
  • Business continuity: Ransomware, distributed denial-of-service, and other types of cyber attacks can disrupt business operations, leading to downtime, productivity loss, and damage to an organization’s reputation. By investing in cybersecurity, businesses can protect their critical systems and infrastructure, minimizing the impact of potential disruptions.
  • Compliance with regulations: Many industries have specific regulations and compliance requirements related to data security and privacy. Noncompliance can lead to severe consequences, including legal penalties and reputational damage. By prioritizing cybersecurity, organizations can meet these regulatory obligations and demonstrate their commitment to protecting customer information and maintaining data privacy.
  • Preservation of reputation and customer trust: In today’s interconnected world, news of a data breach or security incident can spread rapidly, potentially damaging reputations and eroding customer trust. Investing in cybersecurity demonstrates a commitment to protecting customer data and can enhance a company’s reputation for reliability and trustworthiness. On the other hand, the loss of sensitive information will have costly consequences, including business devaluation, bad press, and high recovery and remediation costs.
  • Protection against intellectual property theft: Intellectual property (IP) is a valuable asset for businesses, including patents, trademarks, copyrights, and trade secrets. Cyber attacks can target valuable IP assets, leading to their theft or unauthorized disclosure, which can significantly affect a company’s competitiveness and market position. Robust cybersecurity measures help safeguard against such threats and protect intellectual property.

By investing in cybersecurity, businesses can mitigate risks, enhance resilience, and maintain a solid competitive position in today’s digital landscape.

Cybersecurity Best Practices for Organizations

Implementing strong cybersecurity practices can help protect sensitive data, prevent cyber attacks, and ensure the overall integrity of business operations. Your data is worth protecting, so suit up and grab a sword. Here are some best practices for companies to consider:

  • Develop a robust cybersecurity policy: Policy is how we map vulnerabilities, pathways, and roles in the case of enemy infiltration. Create a comprehensive cybersecurity policy that outlines the company’s security objectives, procedures, and guidelines. The policy should address data protection, access controls, incident response, and employee responsibilities.
  • Conduct regular employee training: Knights without training are as useful as decorative garden gnomes. Train all employees on security awareness and best practices. Educate them about phishing attacks, social engineering tactics, password hygiene, and keeping software and systems current. Don’t leave your castle in the hands of garden gnomes.
  • Use strong passwords and MFA: Empower employees to create strong passwords that are unique and complex with tools like password management software and multi-factor authentication. It is critical that work logins be long, strong, and random (and no, adding “123” or “!” does not, in fact, make it stronger, but nice try!). Implementing multi-factor authentication (MFA) for all relevant systems and applications to add an extra layer of security is one of the most effective steps you can take in case passwords are breached elsewhere. If it seems like overkill, it’s actually just smart.
  • Update and patch software regularly: Keep all software, including operating systems, applications, and security solutions, updated with the latest patches and updates. Attackers often exploit vulnerabilities in outdated software. Armor is only effective if you know where the gaps are and how to compensate for the weakened areas.
  • Secure network infrastructure: Ensure network devices, such as routers and firewalls, are correctly configured and updated with the latest security patches. Implement network segmentation to isolate sensitive data and limit access to critical systems. These are the moats, mazes, walls, and barbed wire fences around your data.
  • Back up data regularly: Every good castle has an escape route. Implement a regular backup strategy to ensure that critical data is securely backed up and can be restored in the event of data loss or a ransomware attack. Test the restoration process periodically to ensure backups are reliable.
  • Use data encryption: Implement encryption for sensitive data at rest and in transit. This includes using encryption protocols such as SSL/TLS for website communication and encrypting files and databases that contain sensitive information. And while this may not seem as cool as breaking ancient codes with a cypher, it is just as important.
  • Implement strong access controls: Not everyone should be allowed access into the castle. Grant employees access privileges based on the principle of least privilege. Regularly review and revoke access permissions for former employees or those who no longer require access to specific resources. You’d be surprised how easy it is to mistake a trespasser for an ally. Don’t be the one that opens the drawbridge for the enemy.
  • Monitor and log all activities: Implement a robust logging and monitoring system to detect and respond to potential security incidents. Technology allows us to have a thousand watchwomen at our fingertips. Monitor network traffic, system logs, and user activities to identify suspicious or unauthorized behavior.
  • Develop an incident response plan: When the alarms are sounded that the Keep has been breached, what will you do? Create a well-defined incident response plan that outlines the steps to be taken during a cybersecurity incident. This plan should cover reporting the incident, containing the damage, public relations moves, alerting those affected, investigating the incident, and restoring normal operations.
  • Conduct security assessments periodically: Security assessments are the roaming guards on the lookout for abnormalities around the fortress. Perform regular security assessments, such as penetration testing and vulnerability scanning, to identify potential weaknesses in your systems and applications. Address any vulnerabilities discovered promptly.
  • Ensure security of third-party vendors: When working with third-party vendors or outsourcing services, ensure they adhere to robust cybersecurity practices. Perform due diligence to assess their security measures and ensure data protection. Be sure you are only letting trusted allies into your kingdom (and remember, trust must be earned).
  • Proactively hunt insider threats: One of the most damaging types of breaches happens when data is exfiltrated, damaged, or deleted by an insider you thought you could trust. There are a host of tools to help discourage and detect such malicious behavior.

Cybersecurity is an ongoing effort; the castle will always be desired by outside forces. Regularly review and update your security practices as new threats emerge and technology evolves. It is by setting up multiple lines of defense that we are able to protect what matters most: you and your people, your customers, performance, profits, and reputation.

Employees Are Crucial to Your Cybersecurity Defenses

As the preceding list highlights, employees are a crucial component of your cybersecurity strategy. While technological solutions and protocols are important, human actions and behaviors can significantly impact your overall security posture.

Think of employees as the heroes who keep the castle secure. Employees should be educated about cybersecurity best practices, policies, and procedures in an entertaining way that keeps them engaged. Regular training sessions can help them understand the potential risks, such as phishing, social engineering, and malware, and learn how to identify and respond to such threats appropriately.

To help turn your employees into cybersecurity heroes, award-winning cybersecurity keynote speaker John Sileo uses potent lessons learned from losing his business to cybercrime as well as a humorous live-hacking demonstration to connect with your employees and drive home why cybersecurity is so important.

___________________________


John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

The Best Cybersecurity Training for Employees

 

 

There’s a saying among cybersecurity professionals that humans are the weakest link. Luckily, this is only true if you treat them that way. If you train your people effectively, they become the vanguard in your cybersecurity defenses. To achieve this, you need the best security training for employees.

The Best Cybersecurity Training for Employees Includes Interactive Learning

Types of Cybersecurity Training
Training Type Pros Cons
Keynote Speeches and Seminars ➕Connects with employees so they take security personally
➕Highlights real-world examples
➕Follow-up questions can be asked
➕ Most current threats are discussed
➖Can be expensive to hire a speaker and gather employees at the conference/offsite location
Simulated Phishing Exercises ➕Raises awareness about phishing techniques
➕Encourages a cautious approach to online communication
➖Exercises alone can’t prevent human error
➖Not engaging
➖ One step behind cyber criminals
Gamified Learning Platforms ➕Engages employees through game-like elements
➕Can cover a range of cybersecurity topics
➖Costly to update so games can become outdated quickly
➖Game is one-and-done with little follow-up
eLearning Modules and Online Courses ➕ Employees can train at their convenience
➕Can be customized for a particular company or topic
➖Requires employee self-discipline
➖Can be prone to technical issues
➖Little follow-up
➖Becomes outdated quickly
Security Awareness Programs ➕Keeps employees informed of the latest cybersecurity threats
➕Conveniently done at the workplace
➖Quality might not be the best
➖Can become a “check the box” exercise for employees
Role-Based Training ➕Is tailored to specific employee roles
➕Improves on-the-job problem-solving skills
➖ Time-consuming to set up
➖ Costly to operate
Red Team/Blue Team Exercises ➕ Hands-on training in incident response
➕Fosters proactive security among employees
➖Time and resource intensive
➖Tests a limited range of vulnerabilities and response options

Keynote Speakers and Seminars

Hiring a cybersecurity keynote speaker allows employees to actively engage with the speaker and buy into what they’re learning. Depending on your organization’s requirements, these speeches and seminars can cover various topics, such as:

The interactive nature of these sessions encourages participation, facilitates knowledge retention, and allows for real-time clarification of questions. The speaker can share real-world examples and lessons learned and keep the content up to date with the latest threats.

At the same time, hiring a speaker takes a committed investment, and sending employees to conferences and offsite locations requires the expenditure of time and resources.  However, when measured against the cost of a breach, which can reach into the millions, the expense of prevention  is rather small by comparison.

Simulated Phishing Exercises

Phishing attacks remain one of the most common and successful methods employed by cybercriminals. Simulated phishing exercises involve sending mock emails to your employees to test their ability to identify and report suspicious messages.

These exercises help raise awareness about phishing techniques, educate employees on warning signs, and encourage a cautious approach when interacting with emails and other online communications.

Unfortunately, these exercises don’t necessarily engage employees, and the content is often a step or two behind the latest phishing techniques used by cybercriminals.

Gamified Learning Platforms

Considering we never truly outgrow the thrill of recess and Legos, gamification is an effective way to make cybersecurity engaging and memorable. What is fun is sustainable (yes, even cybersecurity!), and we can leverage this in the professional world by incorporating:

  • Challenges
  • Badges
  • Progress bars
  • Rewards
  • Leaderboards

Gamified learning platforms can cover various topics, from basic security awareness to more advanced concepts like network security, secure coding, and incident response.

On the other hand, these platforms can be costly to develop and update, so they can become outdated quickly. And, once the game is over, the training is over as well.

eLearning Modules and Online Courses

eLearning modules and online courses provide employees with flexible and self-paced learning opportunities. These modules can be designed to address specific cybersecurity topics, allowing employees to access training materials at their convenience.

Online courses can also offer certifications or badges upon completion, further incentivizing employees to participate and enhance their cybersecurity knowledge and skills actively.

On the negative side, eLearning requires self-discipline from your employees, it can be disrupted by technical issues, and there is little follow-up. Because–let’s face it–assignments without accountability measures are bound to end up at the bottom of the to-do list. Employees tend to view eLearning as something they have to do to fulfill organizational requirements, not as a way to learn valuable cybersecurity skills.

Security Awareness Programs

Cybersecurity threats and trends evolve rapidly, making continuous training and security awareness programs essential. It is through learning that we stay one step ahead. Regularly scheduled training sessions, newsletters, and awareness campaigns can keep employees informed about the latest threats, emerging attack techniques, and security best practices in the comfort of their office.

But the quality and effectiveness of security awareness programs developed by organizations can vary. Managers and employees often see security awareness training as a “check the box” exercise rather than a meaningful learning experience.

Role-Based Training

Different organizational job roles may have varying cybersecurity requirements. Tailoring training programs to specific roles and responsibilities ensures that employees receive targeted and relevant instruction.

For example, IT staff might require more technical training, while non-technical employees may benefit from cybersecurity basics and secure remote work practices.

Unfortunately, role-based training can be time-consuming to develop and implement and costly to conduct. In addition, the training can become outdated quickly as cyber threats evolve and employees change jobs.

Red Team/Blue Team Exercises

Red team/blue team exercises divide employees into two groups: the “red team” simulates attackers, while the “blue team” defends against their attacks. This is the adult world’s version of gym class dodgeball. It is through such exercises that we learn how to make defensive moves into offensive and proactive play.

These exercises provide hands-on experience in:

  • Identifying vulnerabilities
  • Improving incident response capabilities
  • Fostering a proactive security mindset

Red team/blue team exercises can be time-consuming and resource intensive. They often test only a limited range of vulnerabilities and response options in their attack scenarios.

Regular assessments, feedback mechanisms, and opportunities for employees to apply their learning in real-world scenarios are crucial for long-term cybersecurity readiness. Finding the best training method for your employees can transform them from your weakest link to your first line of defense against cyber threats.

To help you on your journey, John Sileo leverages potent lessons learned from losing his business to cybercrime as well as a humorous live-hacking demonstration to connect with your employees and drive home cybersecurity training that will stick.  He is eager to provide the best cybersecurity training for employees tailored to your organization’s requirements.

___________________________

John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s. 

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

2023 Trends in Cybersecurity

Cybersecurity is a never-ending game of chess in which players constantly try to outsmart each other. The cybersecurity chessboard is constantly shifting, and new threats emerge every day. To stay one move ahead of cybercriminals, you need to understand the fast-moving trends in cybersecurity.

Trends in Cybersecurity to Watch For in 2023 and Beyond

Trends in Cybersecurity
Trend Problem Solution
Artificial Intelligence Cyberattackers can employ AI to:

– analyze vulnerabilities, study network structures, and identify potential targets

– automate and optimize their attack methods

– develop polymorphic malware

– boost social engineering scams

Cybersecurity pros can use AI to:

analyze attack methods, detect anomalies, and predict potential threats

develop effective strategies to stay ahead of cybercriminals

predict and stop malware attacks

automate scanning for vulnerabilities in software, systems, and networks

Supply Chain Attacks Cyberattackers can exploit supply chain vulnerabilities to:

– gain unauthorized access
– disrupt operations
– steal data
– gather intelligence

Cybersecurity pros should:

conduct risk assessments of supply chains

add security mandates to contracts

monitor supply chain partners’ security

verify the integrity of software

Ransomware Cyberattackers can launch double-extortion attacks by:

– stealing sensitive data
– encrypting data and systems
– demanding ransom for encryption keys and return of data

Cybersecurity pros should:

back up data at different locations or use cloud-based storage

keep software up to date

conduct anti-phishing training for employees

– implement multifactor authentication

IoT Security Cyberattackers can target industrial control systems to:

– cause physical damage
– disrupt services
– pose safety hazards
– cause financial losses

Cybersecurity pros should:

conduct risk assessments of ICS and other IoT devices
– implement strong network security

update software regularly
implement strong access control
– conduct security awareness training

Artificial Intelligence: Attacker

ChatGPT is the new kid on the block and is primed to take on any chess opponent while raising the stakes of the game in the process. While the impact of artificial intelligence is mostly positive, bad actors can also use it to evade cyber defenses and boost cyberattacks.

Just like chess players strategize their moves, cyberattackers use AI to devise sophisticated attack strategies, analyze vulnerabilities, study network structures, and identify potential targets. Attackers can use AI to automate and optimize their attack methods, increasing their chances of success while minimizing detection and response times.

Cybercriminals also use AI to enhance their social engineering scams. With AI, they are able to create fake emails, texts, and social media posts that look like they’re from legitimate sources. Scams have become less “click here to win a free Bahama vacation” and more subtle and personalized (and therefore easily clickable). They trick the victim into clicking on malicious links or downloading malware-laden files, resulting in an infection that spreads throughout the network and steals sensitive data. Attackers can even use AI to develop polymorphic malware that constantly changes its identifiable features to evade detection.

Artificial Intelligence: Defender

At the same time, cybersecurity professionals are using AI to develop effective defensive strategies to stay ahead of cybercriminals. In a time of exponential and rapid change, cybersecurity professionals have learned the truth to the saying “if you can’t beat them, join them.” These defensive strategies are comparable to the “castling” chess move where the king is moved with the knight to a safer position, protecting it from potential attacks. Oftentimes, protecting the king isn’t about moving the king away from danger, but rather putting barriers in place between the king and such dangers. AI can be that knight in shining armor as long as we know its abilities, rules, and limitations.

Cybersecurity pros can develop AI-powered antivirus and intrusion detection systems to detect and block sophisticated malware, including zero-day attacks. AI can also be used to analyze network traffic, system logs, and user behavior to identify patterns and anomalies indicative of cyber threats. And AI can automate scanning and assessing vulnerabilities in software, systems, and networks.

Supply Chain Attacks

Nation-state actors and cybercriminals are exploiting vulnerabilities in the supply chain to gain unauthorized access, gather intelligence, disrupt operations, and compromise data of target organizations. These attacks compromise the integrity, confidentiality, or availability of products and services.

To protect against supply chain attacks, organizations should:

  • Conduct a comprehensive risk assessment of the supply chain to identify potential vulnerabilities and weak points
  • Establish security requirements and include them in contracts and agreements with suppliers
  • Clearly communicate expectations regarding security measures, controls, and incident response procedures
  • Monitor and audit supply chain partners to ensure compliance with security standards
  • Verify the integrity of software and firmware used in the supply chain to ensure they come from trusted sources and are regularly updated with security patches

Both supply chain security and chess require strategic thinking, proactive approaches, consideration of interdependencies, long-term planning, and the ability to adapt to changing circumstances.

Double-Extortion Ransomware

From multinational corporations to local school districts, ransomware attacks continue to threaten organizations of all sizes. Ransomware encrypts a victim’s files, making them unusable. A ransom payment is then demanded for the decryption key.

In recent years, ransomware attacks have evolved to include the threat of exposing sensitive information if the ransom is not paid—a so-called double-extortion attack. The attackers steal the data before encrypting it so they can add the return of data to their ransom demands. It’s like a chess move called a “fork,” in which a player attacks two or more pieces at once.

To prevent ransomware attacks from succeeding, organizations should:

  • Back up their data at a remote location
  • Ensure data backups are not directly accessible from the network
  • Keep software updated and apply security patches immediately
  • Conduct anti-phishing training for employees, because phishing emails and text are often the entry point for ransomware attacks
  • Implement multifactor authentication to ensure attackers can’t use stolen passwords to deploy ransomware

Internet of Things Security

With more and more devices connected to the internet, the attack surface for cybercriminals is expanding rapidly. In Internet of Things (IoT) attacks, cybercriminals target vulnerable devices, such as smart thermostats and security cameras, to launch more significant attacks.

Industrial control systems (ICS), which control infrastructure, are particularly vulnerable to IoT attacks because of their age and criticality. Successful ICS attacks can result in physical damage, disruption of services, safety hazards, financial losses, and economic impacts.

The best way to protect these systems is with a multilayered defense, which includes:

  • rk segmentation
  • Regular ICS patching and updates
  • Security awareness training
  • Intrusion detection systems
  • Robust cyber security policies

Chess players assess the risks and potential consequences of each move before acting. Similarly, IoT security requires risk assessments at several levels, including device security, data privacy, network integrity, and communication protocols.

IoT ecosystems can be protected by implementing strong network security measures, updating software regularly, deploying robust access controls, and conducting security awareness training for employees.

These trends, from AI and supply chain security to ransomware attacks and IoT security, illustrate just a few examples of the moves being made by attackers and defenders. By staying ahead of trends in cybersecurity and adopting new strategies and technologies, organizations can protect themselves from cyberattacks and emerge victorious in the ongoing game of cybersecurity chess.

___________________________

John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He can help your organization understand and stay ahead of trends in cybersecurity. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

The Importance of Cybersecurity in Business

In today’s interconnected age, the importance of cybersecurity in business can’t be overestimated. A business with inadequate cybersecurity is like a car without seat belts, airbags, and a well-trained driver. It may run accident-free for a while, but it will ultimately lead to a devastating and costly crash. Without proper cybersecurity measures, a business can be left vulnerable to a range of cyber threats such as phishing scams, malware attacks, and ransomware.

5 Reasons for the Importance of Cybersecurity in Business
Data Protection Cybersecurity protects sensitive information, including customer data, financial records, and intellectual property, from unauthorized access, theft, and misuse.
Customer Trust Implementing strong cybersecurity measures demonstrates that a business takes data protection seriously and can be trusted with sensitive customer, employee, and financial information.
Legal Compliance Robust cybersecurity helps businesses comply with data security and privacy regulations and avoid costly penalties and increasingly expensive cyber liability insurance.
Business Continuity A dynamic, proactive cybersecurity plan prevents costly disruptions caused by cyberattacks and ensures business continuity.
Financial Loss Prevention Strong cybersecurity tools, policies, and best practices can help prevent financial losses by reducing the risk of a successful attack.

Tuning Up Your Cybersecurity Program

Like a seat belt, cybersecurity is a preventative measure that can help minimize the harm caused by a cyberattack. Even personal cybersecurity hygiene steps, such as deploying password protection software and implementing two-factor authentication, can help prevent corporate cyberattacks from occurring.

Just as seat belts and other vehicle safety equipment need to be adequately maintained and used correctly to provide maximum protection, cybersecurity tools must be regularly updated and implemented correctly to be effective. Cybercriminals are constantly developing new ways to target vulnerabilities, and businesses must stay up-to-date with the latest cybersecurity best practices to remain ahead of these threats.

Ways to Tune Up Your Cybersecurity
Employee Education and Training Educate and train your employees regularly on the importance of cybersecurity and best practices to protect your systems and data.
Regular Software Updates and Patches Update software and applications with the latest security patches to address vulnerabilities and reduce the risk of cyber attacks.
Two-Factor Authentication Implement two-factor authentication for all accounts, including banking, investment, email and cloud services.
End Point Software A dynamic, proactive cybersecurity plan prevents costly disruptions caused by cyberattacks and ensures business continuity.
Data Backup and Recovery Back up important data regularly and store it securely in case of a cyberattack or disaster. 3-2-1 Backup Plans are the best.
Data Encryption Encrypt sensitive data to ensure it remains secure during storage and transmission, especially when operating in the cloud.
Network Segmentation Segment your network to limit the spread of malware and minimize damage in case of a breach.
Security Audits Conduct periodic security audits to identify and address vulnerabilities before cybercriminals exploit them.

Cybersecurity Best Practices for Employees

  • Use strong, unique passwords at least 12 characters long that include a mix of upper and lowercase letters, numbers, and special characters.
  • Enable two-factor authentication to boost security for account access.
  • Be wary of phishing scams, such as emails, texts, or phone calls that ask for personal information or seem suspicious.
  • Keep software, including operating systems, web browsers, and applications, updated with the latest security patches.
  • Avoid public Wi-Fi whenever possible or use a virtual private network (VPN) to encrypt traffic when accessing a corporate network remotely.
  • Handle sensitive data carefully. Don’t share it with unauthorized people or leave it on unsecured devices.
  • Report suspicious activity or potential security incidents to the IT department or security team immediately.

The importance of cybersecurity in business comes down to profitability, reputation and business valuation – and a front page cybercrime headline can disrupt all three. Educating employees on cybersecurity best practices will help build a culture of security that will enable your company to avoid accidents and incidents along the road to corporate success. John Sileo leverages decades of experience as a cybersecurity keynote speaker to help organizations learn to defend their privacy, performance, and profits from ever-evolving cyber threats.

___________________________

John Sileo is an award-winning keynote speaker who has entertained and informed audiences about the importance of cybersecurity in business for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.


Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

Cybersecurity Awareness Month 2023

We like to think of Cybersecurity Awareness Month almost like a yearly booster shot; just like we need boosters to protect ourselves from the changing threat posed by viruses, we need Cybersecurity Awareness Month 2023 to reinoculate ourselves and our employees against ever-evolving cyber threats.

What Is Cybersecurity Awareness Month?


Held every October since 2004, Cybersecurity Awareness Month is a collaborative effort between government and private industry to raise awareness about digital security and empower everyone to protect their data from cybercrime.

A combination of intense work during Cybersecurity Awareness Monthkeynote speeches, security awareness training, and attack simulations, among other things—and preventative education throughout the year makes cybersecurity digestible, applicable, and, dare we say it, even fun for your employees.

Cybersecurity Awareness Month 2023 Is a Booster for Your Cyber Defenses

Here are a few ways cybersecurity awareness training can act as a booster against nasty cyber infections:

How Cybersecurity Awareness Training Can Boost Your Cyber Defenses
Prevention Empowers your people to take proactive measures to secure digital assets and prevent attacks from occurring.
Early Detection Equips your employees with the knowledge and skills required to detect and respond to cyberattacks early.
Containment and Eradication Educates your staff on the need to develop and practice a robust incident response plan.
Continuous Improvement Helps employees identify vulnerabilities, deploy fixes, and stay current on the latest threats.

Prevention

Preventing cyberattacks from happening in the first place is the best way to protect against the financial and reputational damage they cause. This means taking proactive measures, almost like a vaccine, to protect your digital assets and sensitive organizational information, including robust security awareness training, using strong passwords, enabling two-factor authentication, keeping software up to date, and avoiding suspicious emails and links.

Early Detection

Just as vaccines work best when administered before a virus takes hold, cybersecurity is most effective when threats are detected early. Continuous monitoring of your digital assets and networks for unusual activity or suspicious behavior is crucial for early detection. Then, you can take swift action to mitigate the impact of an attack when it is detected.

Containment and Eradication

Cybersecurity awareness means you are as prepared as you can be in the case of a nasty cyber infection. Often, this looks like a robust incident response plan with a clear outline of the steps that need to be taken during an attack. The plan should include isolating infected systems, restoring data from backups, leveraging cyber liability insurance, and implementing additional security measures to boost your organization’s protection against future attacks.

Continuous Improvement

Just as booster shots are needed to keep up with new strains of viruses, cybersecurity methods must evolve to keep up with new cyber threats. This requires ongoing efforts to identify vulnerabilities, update security protocols, and stay current on the latest cyber trends and techniques

Cybersecurity Awareness Month 2023 Goals
Education and Awareness Promote education and awareness. Teach your people about the latest threats and best practices for protecting the organization’s data, devices, and software.
Collaboration Strengthen your defenses and reduce the risk of cyber attacks by sharing information and encouraging collaboration.
Employee Empowerment Enable your people to be cybersecurity superheroes and the first line of digital defense through training and empowerment.
Cyber Hygiene Encourage friends and co-workers to update their software, avoid suspicious links, and use strong passwords.

Planning Ideas for Cybersecurity Awareness Month 2023

Here are some planning ideas for Cybersecurity Awareness Month 2023:

  • Invite a cybersecurity expert to give a keynote speech or conduct a training session for your employees. The kickoff should be high-energy, interactive, and fun.
  • Host a webinar, workshop, or panel discussion on cybersecurity best practices, such as password management, phishing scams, safe browsing habits, or identity theft protection.
  • Carry out simulated phishing attacks on your employees to help them understand how easy it is for attackers to trick them into clicking on malicious links.
  • Organize a cybersecurity challenge or game, such as a capture-the-flag event, to engage your employees and encourage them to learn more about cybersecurity.
  • Conduct a security audit or risk assessment of your organization’s systems and infrastructure. Use the results to identify areas of improvement and develop a plan for addressing vulnerabilities.
  • Launch a campaign on social media to increase awareness about cybersecurity issues and to promote the importance of cybersecurity best practices.
  • Offer incentives or rewards for employees who complete cybersecurity training or demonstrate good cybersecurity habits.

By working together, sharing knowledge, and proactively protecting ourselves, we can prevent the spread of computer viruses, ransomware, and other malicious activities by cybercriminals. Cybersecurity Awareness Month 2023 is a great way to get your organization thinking about its cybersecurity best practices and strategy. It’s time to take action.

___________________________

John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.
Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

 

ChatGPT: What is Generative AI & Why Does it Matter? (As Explained by a Bot)

ChatGPT Expert Sileo

ChatGPT is a Type of Generative AI (and this post is an example)

(The best way to understand ChatGPT and Generative AI is to show what it can do. So, everything below this line was written by ChatGPT based on the prompt “Write an article about Generative AI and ChatGPT that explains what it is and how it can be used for good or evil”. I added the subtitles and a sentence on the cybersecurity implications of ChatGPT (using RED text) that we are already witnessing. Other than that, everything was written by a bot. – John )

Artificial Intelligence (AI) is a rapidly growing field that has the potential to revolutionize the way businesses operate. From automating repetitive tasks to making complex decisions, AI is already being used in various industries to improve efficiency, reduce costs, and enhance the customer experience. However, one area of AI that has gained particular attention in recent years is Generative AI. This technology, which allows AI systems to create new content, has the potential to change the way businesses work in ways that we can’t yet fully anticipate.

One of the most significant changes that generative AI will bring to businesses is the ability to automate the creation of content. For example, a generative AI system can be trained to write news articles, create social media posts, or even compose music. This will save businesses time and money while also allowing them to create more content than ever before.

An Example of Generative AI

ChatGPT is an example of generative AI applied to content creation and is a type of language model developed by OpenAI. It is based on a technology called “transformer” which allows it to understand and generate human language. Essentially, ChatGPT is a program that can understand and respond to natural language text input, it can answer questions, summarize information, generate text and even complete a text given some initial context.

For example, if you ask ChatGPT to write a news article on a specific topic, it can use the information it has learned from a large dataset of text and write an article on that topic. Similarly, it can answer a question that you might ask, such as “What is the capital of France?” or “What is the definition of AI?”. Additionally, it can generate text such as poetry, song lyrics, story, and so on.

It is used in various applications such as chatbots, virtual assistants, automated content generation, language translation, and more. It can be fine-tuned for specific tasks by training it on a smaller dataset of text that is related to that task.

It is a powerful tool for natural language processing, it is capable of understanding and generating human-like text and can be useful in various industries. However, like any AI technology, it has its limitations and it’s important to keep in mind that it’s not always going to produce perfect results.

Other Uses of Generative AI

In addition to creating content, generative AI also has the potential to improve the decision-making process. This is because it can analyze large amounts of data and identify patterns that humans may not be able to see. For example, a generative AI system can be used to predict future market trends, identify potential fraud, or even recommend personalized products to customers.

The Risks of ChatGPT and Generative AI

However, with any new technology comes risk. One of the main risks of generative AI is the potential for it to produce fake or biased content. For example, a generative AI system that is trained on biased data could produce content that is racist, sexist, or just plain inaccurate. This could lead to serious damage to a company’s reputation and credibility.

Another risk of generative AI is the potential for it to be used for malicious purposes. For example, a generative AI system could be used to create deepfake videos or fake news articles that spread misinformation and cause chaos. This could have serious consequences, not just for businesses but for society as a whole. It can also create phishing emails for cybercriminals who don’t speak English, can write malicious software code for malware, ransomware and other tools used by cybercriminals, and it can do it all for free and in a matter of minutes.

In conclusion, Generative AI is a powerful technology that has the potential to change the way businesses work in many ways. However, as with any new technology, it also poses risks that need to be carefully considered. Businesses should be aware of these risks and work to mitigate them in order to fully harness the power of Generative AI.

___________________________

Cybersecurity keynote speaker John Sileo’s newest keynote speech, Hacking A.I. – Cybersecurity in the Age of Artificial Intelligence, explores the changing landscape of technology and cyber threats due to tectonic shifts fostered by ChatGPT, Generative AI, cloud computing, deep fakes, and adaptive ransomware. For every good use of technology, there is a corresponding evil intention exploited by cybercriminals, corporate spies and rogue nation-states. Your awareness, response and resilience has become even more vital to your organization’s performance and reputation. John is offering a limited number of 24 Hacking A.I. keynotes this year due to advanced bookings of his other keynote speeches. Bring him in for this business-oriented, non-technical, cutting-edge cybersecurity update by calling us directly on 303.777.3221 or filling out our Contact Us form.

Lastpass Breach: What to Do About It

LastPass Breach What to Do

How to Protect Yourself & Your Wealth from the LastPass Hack 

You may have already heard about the LastPass breach, victimizing one of the leading password management programs, not once, but twice in the past few months. LastPass recently updated information about the two breaches in a letter to users on the LastPass website.

The First LastPass Breach Leads to the Second

In the first LastPass breach, dating back to August of last year, an unidentified threat actor gained access through a compromised developer account and stole portions of source code and proprietary technical information. At that time, LastPass said the breach was limited to its development system, which doesn’t hold personal data, and considered the breach “contained”. I’ve yet to meet the breached organization that, at least early in the cybercrime PR cycle, has actually determined (let alone contained) the extent of the breach.

To compound their troubles, this past December an “unknown threat actor accessed a cloud-based storage environment leveraging the information obtained in August” and was able to use some of the information taken in August to target an employee with much deeper access. This is one more excellent example of how most cyber breaches come down to the human element of cybersecurity. The hackers accessed decryption keys, stole critical backups and accessed somewhere between 10 million and 30 million customer password vaults. Which means that if they manage to crack your master password, they have access to every financial, health, investment and online account stored in your LastPass. I hope for your sake that you and your employees master LastPass passwords are 20+ alpha-numeric-symbol-based strings of characters, which drastically reduces your risk.

Your Risks, Even if Your Master Password is Strong

  1. The cybercriminals may attempt to use brute force attacks, enhanced by artificial intelligence, to guess your master password and decrypt the copies of vault data they took.
  2. More likely, they will target customers with phishing attacks in an attempt to socially engineer your master password out of you.
  3. Finally, since your phone number was also compromised, be on alert for phone calls attempting to gain your master password. LastPass does not know your master password, nor do they (or anyone) need to in order to repair this situation.

Regardless of how strong your master password is, I consider every password in your vault to be compromised. Here are steps I would take to fully protect your online accounts in the wake of the LastPass hack.

Steps to Further Protect Your LastPass Vault & Logins

  • I recommend that you immediately change all of the passwords for your critical accounts, including banking, investment, health, email, etc.
  • It is significant that the URLs of your stored sites were not encrypted, meaning that hackers know where you have accounts. In addition to changing the critical passwords, it is also important to turn on two factor authentication on each account, whether or not it was stored in your password vault. This essentially makes your password unique every minute, making it nearly impossible to crack.
  • Change your master password and make it longer and stronger. When considering a new master password, remember to never reuse the master password for your password manager in any other context, especially online.
  • Make sure that the master password is impossible to guess. For a complex, easy to remember master password, base it on the chorus of your favorite song. For example, if you are a fan of the Eagles, you might choose “Welcome to the Hotel California, such a lovely place (such a lovely place), such a lovely face” which could equal WttHC,$@lp($@lp),s@lf, where you replace all S’s with $ signs and all A’s with @ signs. It’s 21 easy-to-remember characters of security and songwriting brilliance!
  • And whether you’re part of the LastPass breach or not, you should create an account on the hacking alert website Have I Been Pwned? which will send you updates on any breaches affecting you as soon as possible. I use and trust this site to protect your privacy and security.
  • Make sure you understand the risks of storing anything in the cloud. Your data in the cloud is only as secure as the cloud provider itself.

And most importantly, educate your organization and coworkers about the risks posed by the LastPass breach, and at a minimum, forward this article on to them. If a hacker leverages the LastPass breach to penetrate your organizational data, it will be the people, not the technology, that are held to account.

________________________

John Sileo, award-winning author, cybersecurity expert and keynote speaker, has appeared for the Pentagon, Amazon and on shows like 60 Minutes and Anderson Cooper. Contact us for more details on 303.777.3221 or using our contact form.

Election Meddling by Cyber Intrusion Limited by Cybersecurity Experts

Cyber Expert on Election Meddling

Bad day for nation-state election meddling is a good day for voters

Regardless of your political bent, today is a good day for democratic elections. No significant cyberattacks on the U.S. midterm elections materialized. Cybersecurity experts, government officials and local and national election offices were well prepared to defend the vote from cyber intrusions in the 2022 midterms. As a resident of Colorado, I have personally witnessed and have been involved in definitive measures to lock down the integrity of the voting system to combat election meddling; a process that has been dramatically advanced by moving to paper-based, mail-in balloting. Take it from my colleagues at the CISA:

“We continue to see no specific or credible threat to disrupt election infrastructure, or election day operations,” a senior official at the Cybersecurity and Infrastructure Security Agency said during an election-day press briefing. The agency created a cyber-ops warroom and was in contact with other federal agencies and private-sector companies involved in election infrastructure throughout the day.

This is an excellent example of cyber preparation paying off. Prevention works. Security is possible. But it takes attention and a dedicated cybersecurity budget to make it work. A few DDoS, or distributed denial-of-service attacks against a “handful” of election-related websites materialized, but most were unsuccessful. DDoS attacks flood websites with massive amounts of traffic to “gum up the system” for legitimate users. But we should not let down our guard.

Election Cybersecurity Cautionary Note 1: CISA official observed increased efforts by more countries than in the past to influence the elections, including China. Google researchers have claimed that China has contributed to political division more than in the past, contrary to Beijing’s denials.

Election Cybersecurity Cautionary Note 2: Sen. Rob Portman (R-Ohio) and Rep. John Katko (R-N.Y.), who serve as the leaders of the GOP House and Senate Homeland Security panels, have earned reputations for collaborating with Democrats to pass cybersecurity legislation. Both are retiring, which endangers the momentum of cybersecurity policy and legislation. Compounding losses is the retirement of Rep. Jim Langevin (D-R.I.), a bipartisan dealmaker with longtime cyber policymaking expertise. Rep. Langevin, who’s office I met with last year, helped usher through some of the more significant cyber measures in recent sessions.

Tom Kellermann, a cyber-industry expert I highly respect, and who served on an influential cybersecurity commission with Langevin and now works as senior vice president for Contrast Security, told The Washington Post:

“It’s definitely going to hurt our proactive public policy as it relates to cyber… All three of those representatives and senators have been leaders in cyber. … They really see cyber as a national security and economic imperative, and they treated it in a bipartisan fashion — what might be the only bipartisan issue on the Hill.”

Regardless, today’s news is a win for all U.S. voters, and a victory for the cybersecurity experts who have worked around the clock to secure the voting infrastructure of this county.

_________________________

If you are looking for a dynamic cyber-duo to keynote your next conference, meeting or event, get in touch about bringing John Sileo and Tom Kellermann to help your audience defend their profits, information and reputation against the latest cyber attacks. 303.777.3221

John Sileo Cybersecurity Expert Top Tips

I get asked at almost every keynote speech how the audience members can protect themselves, their families and their wealth personally. So I put together a series of videos to take you through some of the first steps. I hope this gets you started, and that I am lucky enough to meet you in person at a future speech!

Freeze Your Credit

A freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

Two-Step Logins

There are three basic ways to find out whether or not your provider makes two-step logins available:

  • Call them directly and ask them how to set it up. I especially like this method when working with financial institutions, as you want to make sure that you set it up correctly and they should be more than happy to help (as it protects them, too).
  • Visit the provider’s website (e.g. Amazon.com) and type in the words “two-factor authentication” or “multi-factor authentication” or “security tokens”.
  • Google the name of the website (e.g., Schwab.com) along with the words “two-factor authentication” or “multi-factor authentication” or “security tokens”.
  • Visit this helpful listing (https://twofactorauth.org/) to see if your desired website appears on the list of two-factor providers.

Online Backups (for Ransomware)

You need to have an offsite backup like in the cloud or elsewhere that is well-protected that happens daily on your data. That way, if ransomware is installed on your system, you have a copy from which to restore your good data. You have the ransomware cleaned off before it enacts and you’re back up and running. Make sure it:

  1. Is updated whenever a change is made or a new file is added.
  2. Is stored somewhere different than your computer.
  3. Actually works when you try to restore a file.

My personal recommendation and the one I use is iDrive online backup (iDrive.com).  I recommend buying twice the hard disk space of the data you need to back up.

Personal VPNs

A Virtual Private Network (VPN) extends access to a private network across a public network, so a user can send and receive data across a public network as if their personal device was directly connected to the private network. In layman’s terms, it’s like having a private tunnel between your device and your destination. If you haven’t already, research the term “VPN Reviews” to get the latest research and then install a VPN on every device to cyber secure your virtual office and smartphone.

Free Credit Reports

Go to annualcreditreport.com to see your three credit reports from the three credit reporting bureaus.  Periodically request a report from one of the bureaus and cycle through each of them every three months or so.

Identity Monitoring

Ask four questions as you research your options:

  1. Does the service have a simple dashboard and a mobile app that graphically alert you to the highest risk items?
  2. Does it include robust recovery services? (How long does it take to reach a live human being in the restoration department?)
  3. Does the service monitor your credit profile with all three credit reporting bureaus?
  4. Do you have faith this company be in business three years from now?

Password Managers

A password manager is a software application that helps a user store and organize passwords. Password managers store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password that grants the user access to their entire password database.

Research Password Management services such as Dashlane, LastPass, or the one I personally use, 1Password. Google the term “Password Manager Reviews” and look for articles in a magazine you trust to find the one right for you.

Junk Mail

To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 888-5-OPT-OUT (888-567-8688) or visit www.OptOutPreScreen.com.

Phone Scams

If you receive a call that triggers your scam alert reflex, HANG UP!  If you receive a call from someone supposedly from a financial institution, utility company or a government agency and they ask for personal information like your Social Security number, HANG UP! Or if someone calls from “Apple” or “Microsoft” promising to help with a computer issue, HANG UP!  You get the idea.  If you think it is a legitimate call, tell them you will call them back from a published number.  If they start making excuses, HANG UP!!!

Google Maps

  1. Go to www.google.com/maps
  2. Locate your house by typing its address into the search box and pressing Enter.
  3. Click on the small picture of your house that says Street View.
  4. Adjust Google Maps Street View by clicking the left and right arrows on the Street View image until you see your house.
  5. Click the Report a Problem link at the bottom-right corner of the Street View image or, depending on the device you are using, click on the three dots in the upper right-hand corner.
  6.  It will take you to a page to Report Inappropriate Street View.  Here you can ask to have any number of things blurred, including the picture of your house.
  7.  You will need to provide your email address and submit a CAPTCHA.

Smart Speakers

Ask yourself how comfortable you are having a corporation like Amazon or Google eventually hearing, analyzing and sharing your private conversations. Many people will say they don’t care, and this really is their choice. We are all allowed to make our own choices when it comes to privacy. But the vitally important distinction here is that you make a choice, an educated, informed choice, and intentionally invite Alexa or Google into your private conversations.

Account Alerts

To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. If you spend even a dollar at a store, you receive an email or text notifying you of the purchase.

  1. Go to the bank or credit card company website.
  2. Search for “Account Alerts” in their search window.
  3. Set up your alerts for a dollar threshold that makes sense for you.

Internet of Things

  1. Understand your exposure.  What do you currently connect to the internet?
  2. Make a list of the devices you have that connect to apps on your smart device.
  3. At a minimum, make sure you have CHANGED THE DEFAULT PASSWORD!!!
  4. Also consider disabling location services, muting any microphones and blocking any webcams.
  5. Finally, update the firmware regularly.

Tax Return Scams

If you suspect tax fraud, call 877-438-4338 or go to consumer.ftc.gov to alert them.  (They will not EVER call you or reach out via text or email!)

If you had a fraudulent deposit made directly to a bank account, contact your bank’s automated clearing house department to have it returned.  And close that bank account and open a new one while you are at it!

Safe Online Shopping Habits – Episodes 1, 2 & 3

  1. Stick to websites you know and trust. Beware of imposter websites that have a URL nearly identical to the one you mean to use.
  2. Always look for the lock icon in the browser and and “https” in the URL.
  3. Use long strong passwords.
  4. Never shop with a debit card online. It’s even better to use a dedicated credit card just for online purchases.
  5. Set up automatic account alerts on your bank account.
  6. Request a new credit card number once a year (after the busy shopping season).
  7. Set up two-factor authentication on your bank, credit card and retail accounts.
  8. Use a Personal Virtual Private Network (VPN).
  9. Download the apps for your favorite retail sites onto your smart devices and shop directly from them using your cellular connection.  This will assure you are not on a fraudulent site, you are protected by at least two passwords and your internet connection is encrypted.

Phishing Scams

  1. Mistrust every link in an email unless you know who it is coming from and you were expecting that link.
  2. If you’re suspicious about a link in an email, type the URL directly into the address bar of your browser to make sure it takes you to the legitimate website.
  3. Use the hover technique to see if you’re going to the real site or the site of the cyber criminals.

John Sileo, cybersecurity expert and identity theft speaker, has appeared for the Pentagon, Amazon and on shows like 60 Minutes and Anderson Cooper. Contact us for more details on 303.777.3221 or using our contact form.