Are You Ready For Internet Disruption?

Are You Ready For Internet Disruption?

A recent Internet Disruption research study revealed that a vast majority of companies had experienced some form of Internet disruption over the past year.

An Internet disruption can mean different things to different people. For some, it’s merely a slight inconvenience; something you deal with until the connection is restored. For others, it can mean the end of business as they know it. It can cripple both what the customer experiences and the productivity of the employees within the company at such extreme levels, business can cease, and reputations can be destroyed beyond repair.

Of course, most Internet disruptions fall somewhere in between.

What is considered “a long time” in today’s world? How long do you wait for a search result before you click on another option? Five seconds? Ten?

The Internet Disruption study found that the average mean time to resolution took an entire business day. And if the issue was outside of the businesses control (which is the majority of such issues,) the mean resolution time took up to 17 percent longer.

Digital resilience means having the capacity to deal effectively with changes and threats that present them in the digital world, with the ability to quickly recover from challenges or difficulties, and even withstand stress and catastrophe. Yet very few companies have a strong digital resilience program in place.

A digital resilience program is designed to give senior management teams the opportunity to set and clarify expectations for how employees will help to identify and protect the most important information assets they own.

What needs securing in your organization? Have you taken the time to clearly define what you are trying to protect? An attacker looks for weaknesses. They look for backdoors that give them ins for creating the most damage possible.

It’s easy to believe security is in place because you have one platform blocked off from the world. But if you haven’t taken the time to prioritize your business risks and establish mechanisms to step up security, you could be at risk. Business process controls, IT controls, and cybersecurity controls all work together, and are no longer an option.

If you focus on one while leaving weaknesses with another, you may find yourself under attack.

Why Security Questions Can Be Your Biggest Threat

Passwords. We all use them every single day.

Studies consistently show that people become lazy when it comes to creating a password, with the top spots going to things like “password” and “123456”. But with a little education, you can bring your employees around to changing their habits and creating a more encrypted password choice.

But what about security questions?

Security questions are used on almost every site in which you login to an account. They are used for the “just in case” you forget your password, and have to retrieve it by some other means.

In most cases they provide you with a list of security questions to choose from, with most of them asking fairly standard things.  Top 10 lists put these at the top:

·      What is your mother’s maiden name?
·      Who is your favorite author?
·      Who is your favorite actor?
·      What is your favorite movie?
·      What is your favorite book?
·      What was your favorite pet’s name?
·      Who was your childhood friend?

You’ve probably used one or more of these yourself, over and over again. Yet how secure are they? All are simple questions that can easily be answered with a little bit of research, something a detailed profile on Facebook could make readily available with five minutes of browsing through your page.

While these questions make it relatively easy for an external hacker to gain access to an account, studies also show that its not always an external hacker that will be your biggest threat. In some cases, it may be an internal risk. If a co-worker wants to access company data through someone else’s account, what better way than to do so then through an account from someone they know? And who’s going to question a co-worker when you stand around the water cooler and ask, “what’s your favorite movie”? Its just idle chit chat that we talk about all the time.

So what makes a good security question? A good security question typically will have the following characteristics:

Be safe from guessing or research
This is the most important characteristic of a great security question. It should be something that cannot be easily found out by visiting a social media profile page, or that someone could guess simply by being around a person for a short amount of time. After all, walking your dog and calling him by name can release information to everyone at the dog park.

Won’t change over time
If a security question is vague and can have many meanings, it can be easily forgotten as time goes by. Avoid questions that ask for your “favorite” thing, such as “what is your favorite food?” And avoid questions that can fluctuate as you age, change and grow, “where do you want to retire?”

Be memorable to you
We all have things we talk about and share because it’s a part of our culture. Which is what most security questions are designed around. I’m sure you’ve had conversations with friends, even co-workers, over your very first crush in school, or the first person you ever kissed. But what about the second?

These things are memorable to you, yet they aren’t something we share on a regular basis. They are part of your past, yet don’t come up in regular conversation.

There is one other factor that should be part of online security. When someone forgets a password, having them login with a security question is an important step, but it should always be a part of a two step process. The second half of authentication should be using a code that is sent via email or text to the information used to set up the account. This will further ensure that only the correct person will be gaining access to the system.