Security Tips

2/15/18

Don't Share That!

You're telling the bad guys useful information, and you might not even realize it, or understand the implications.

Isn't social media great? It allows you to interact with long lost friends and family, not to mention your business network. "What's the big deal? I posted my maiden name so my old friends can find me! Oh, and I've also helped my mom set hers up the same way. I even marked her as my mom, I also marked my aunt, cousins, kids, etc. as relatives." Perhaps you took one of those fun surveys that ask you for personal information to share. Now everyone knows your favorite: store to shop, vacation destination, workplace, restaurant, teacher's name, street you grew up on, first telephone number, color, as well as your dog's name. Not to mention, you can easily boast about your excitement before boarding a flight to your awesome vacation and tag yourself when you get there!

Consider the treasure trove of information you've given the bad guys. You've given away a common security question's answer; your mother's maiden name. Additionally, you've also given someone trying to gain access to your personal data a good bit of telltale answers to likely security questions. Does everyone really need to know your favorite teacher's name was Mr. Franklin, or your street was Farmington Ave.? No. Regarding that big trip; most of your friends will 'like' your vacation statuses and photos just as much after you arrive home as well. Do you really want to tack up a big sign on the Internet that basically says: "I'm going to be 1,300 miles from home for the next 5 days…" for thieves to see? No.

It's best to avoid sharing too much personal information with everyone, even if it appears as a harmless survey. Read closely, there's usually something personally identifiable innocuously hidden amongst questions about your favorite food or color. Avoiding that "harmless repost" just might save your bank account from being compromised. Resist that temptation to tell everyone you're just about to head to the Bahamas too. That excitement isn't worth coming home from that vacation to find your personal property stolen, damaged and ransacked.

2/8/18

Log Everything

Device logging can easily be overlooked in an environment, but always proves to be an invaluable tool for troubleshooting, stopping attacks and forensics. There are many log management solutions available (free and paid), that can collect logs from all of your devices.

A common misconception with log management is that once all devices are sending logs to the logging device, no more work needs to be done. However, a little daily log administration can pay big dividends. At a minimum, logs should be reviewed each day for suspicious activity. Log parsing and alerts will expedite this process and take log management to the next level. Once established, admins are alerted to attacks as they are occurring.

Some logging recommendations are below: