Cyber Security Today – New security guidelines for small business, patch older Windows machines and cyber trends

New security guidelines for small business, patch older Windows machines and cyber trends.

Welcome to Cyber Security Today. It’s Monday November 11th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. To hear the podcast click on the arrow below:

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

American small businesses wondering how to make their firms more secure now have a new resource. The federal Cybersecurity and Infrastructure Security Agency has released a Cyber Essentials Guide for business leaders. It’s a two-page document that boils lots of things down to six steps to lower the risk of being successfully attacked. They include ensuring leaders create a cybersecurity strategy, developing security awareness among staff, protecting critical assets, limiting access to those assets to only those who need it, having safe backups and having a disaster plan. There’s some short recommendations on how to do all this. It’s a lot to cram into two pages, but at least it will get you going. The Canadian government’s Centre for Cyber Security has a similar but more extensive document called Baseline Cyber Security Controls for Small and Medium Organizations.

There’s another reminder from Microsoft to consumers and companies using older versions of Windows to keep them patched. That means you who are still using Windows 7 and Windows Server 2008. Somebody out there is trying to exploit vulnerabilities that were discovered earlier this year to secretly install cryptocurrency miners on computers. But the bug could also be used to deliver infections. A patch for this vulnerability was issued in May, so there’s no excuse for your system to not be fixed. And remember, Microsoft support for Windows 7 and Windows Server 2008 ends in January. So think now about replacing those computers, or, if you can, update to Windows 10.

Computers, surveillance cameras and smart speakers aren’t the only devices that plug into the Internet. So do certain machines in hospitals. They, too, sometimes need to be patched. The U.S. has just issued an alert to health centres that two models of Medtronic Valleylab electrical power controllers that connect to surgical tools need to be patched. These devices aren’t supposed to be permanently connected to networks, but sometimes someone forgets. If it connects to the Web it may need to be patched.

Some security companies issue a quarterly analysis of threat trends. Usually I ignore them because the malware criminals use varies every month. Long term trends over a year are much more useful. However, the recent third-quarter report from security vendor Proofpoint makes some points I want to share. First, the favourite way of infecting victims in email, social media or texts is by planting bad URLs, or web page links. About 88 per cent of bad messages studied by researchers had bad links. The rest were bad attachments. Which is why you’ve got to be careful about clicking on links. Second, almost half of infections in Q3 went after bank login usernames and passwords. That’s why it’s important that you use multi-factor authentication for bank logins in case your password gets stolen. If your bank doesn’t offer multi-factor authentication, ask why. Third, sextortion malware is changing. Usually victims get an email with an empty threat that the hacker has video of you doing something untoward. But Proofpoint says it has seen malware that has a “Porn module” that looks for signs infected victims are viewing online porn on their computers. Then it automatically turns on video and audio recording, to be sent to the victim later with a blackmail threat. It’s another reason to a) put something over your video camera and b) stay away from porn sites.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast