Data Loss

Cyber Security: Facebook is a Parent’s Best Friend

To set the stage, I am a cyber-security expert with over 15 years’ experience including engagements in healthcare, aerospace, technology and as a department of defense contractor at an Air Force Base. I know about cyber security not only from a professional standpoint, I am keenly aware from a personal and family perspective as well.

I have four children, ages 13 to 17 covering grades 7 through 12. Three of my kids are female, one is male, and each bring their own challenge, joy, stress, and happiness. Their Facebook involvement goes from the youngest not having an account to the oldest, a female 17 year old in her senior year, that posts constantly.

I quickly learned when the 15 ½ year old daughter created a Facebook account against my wishes, behind my back, at age 12, I needed to understand and follow what was going on. Thanks, in part, to her, I gained the wonderful education that Facebook is a parent’s best friend.

Before going any further, I want to begin with the obligatory security concerns. Parents must set FIVE (5) concrete rules BEFORE allowing any child under 18 to have a Facebook account.

At least one parent must have a Facebook account and the child must be “friends” with any/all parents and any family member up to and including 3^rd cousins twice removed, that ask to “friend” them.
Never, ever, ever, under ANY circumstance, be “friends” with anyone they don’t personally know, with the exception of parental permission based on rule #1.
Parents not only are allowed the password, and the authority to log in as the child, any day, anytime, anywhere; the parent sets the security permissions.
Remind the child that their “digital footprint” lasts forever. What they post at age 14 could come back and haunt them at age 32, be smart, be responsible. This includes talking to their friends about “tagging” them in pictures. Your child’s friends must understand they need permission to tag.
Be aware of “data leakage” and routinely search the Internet for any information that may go from Facebook to other accounts. I once found a picture of myself on another Eric Jeffery, a man in Alabama. I also caution on the amount of personal data placed on the profile, this goes for all Facebook users. For example, don’t use your exact birthdate as some websites use that data as a password security question.

Once these rules are established, implemented, followed, and policed, Facebook away, as the following reasons make Facebook a parent’s best friend.

See who your kids’ friends are. Does your child connect with the suicidal, lonely, drug obsessed Goth chicks? How about the band geeks? Jocks? Nerds? When my daughter was 12 she was friends with a 15 year old boy that “liked” Quagmire. I immediately told her to “unfriend” and never talk to him again. She was, shall we say, perplexed, by my awareness and engagement.
Understand your child’s interests. My oldest adores Cosplay, Dr. Who, and Anime. She posts all the time about these interests and I get to see what her current fancy is and engage her at dinner or, even, shock of all shocks, ask her if she wants to watch the new episode of Sword Art Online.
Observe how they speak/behave in a public forum. Does your child berate friends for their interest? Do they comfort and help friends that are suffering? Do they post happy quotes? My youngest likes to quote books she’s reading and share with her friends. Seeing a child share in a public forum is a great way to see their growth and maturity.
Talk to ALL of their friends at once (or just one). Comment on one of your kids’ post and any/all of their friends can see it. I love engaging the 16 and 17 year olds with conversations about college and what they plan to do in the next year or two. I think the kids kind of get a kick out of seeing a parent engaged, well, at least that’s what I tell myself.
Share, learn, and grow with your child. It’s a wonderful shift when kids start teaching parents. I will admit, I learn a lot from my kids through Facebook. Hearing their concerns and fears, watching when they post their school schedule, comprehending their excitement/devastation when the season of a favorite reality show comes to an end, looking at the pictures they and their friends share. There’s so much benefit and joy that comes from learning and growing with your child from Facebook, only those that engage can understand.

All in all parents can achieve great benefit with Facebook. Rather than shy away due to media hype or fear of technology, the positive results of engaging children with Facebook, in my opinion, far outweigh the potential drawbacks. With a solid understanding of the rules and security, up front, the entire family can, and should, benefit from children utilizing Facebook.

Like Gungon Consulting on Facebook

Eric Jeffery has 20+ years’ experience with Information Technology including stints in the Retail, Aerospace, Defense, Hardware, Entertainment and Healthcare industries. Eric has a Bachelor of Arts degree in Economics from the University of Colorado at Boulder. Mr. Jeffery recently founded Gungon Consulting to help businesses solve the exact problems mentioned in this article. You may contact Eric at eric@gungonconsulting.com.

5 Cyber Security Mistakes Most Companies Make

Cyber security falls under the responsibility of everyone, not just information technology professionals. As with personal security, individuals must pay attention to their surroundings and their actions.

There are a number of areas that businesses and employees fail to pay attention to regarding cyber security. These are in no order of importance as all are critical.

Lack of training for staff

When we raise our children we make sure they know to look both ways before crossing the street, not to take candy from strangers, and never to get in a car with someone they don’t know. To all of us, this is common sense as we received this same education ourselves.

With cyber security, the same principles apply. Don’t open attachments from unknown sources. Don’t go to websites that appear suspicious. Don’t tell anyone your password(s).

Businesses must make sure they have education for all employees regarding these, and other, basic cyber security concepts. The training should occur at new hire orientation and it makes sense to have annual or semi-annual reviews.

Failure to limit/log access

Who has access to what data? What IT Administrator modified the directory structure? Who changed permissions? Do all employees have access to HR files? Does any unnecessary person have access to financial records? Are there logs showing who accessed what data?

Most of the answers to these questions will be “we don’t know” and that’s a problem to acknowledge and address. Companies need to utilize built in tools to log access, and, when necessary, purchase third party software for greater control and granularity. Not only can tracking access prevent a data breach, it enables organizations to find out what happened when data loss does occur.

Caring about corporate data

Most employees simply focus on their day to day job, they are not necessarily concerned with intellectual property at their company. Vast numbers of employees don’t even know what data is critical to the success of their business.

With a myopic focus on what’s in front of us, it’s extremely difficult to protect that which truly matters to an organization. Employees understand financial and human resource records deserve protection, that’s not enough.

Staff must also know about core data critical to the company so they can make sure and take proper action when dealing with that information and when dealing with others who have responsibility for protecting that data.

Understanding cyber threats

Phishing. Spoof. Worm. Trojan horse. Pharming. Hijack attack. All key terms in the cyber security world and, with few exceptions, most people do not know what these expressions mean.

Along with basic education, it makes sense for organizations to make sure staff knows what these attacks are and how to protect against them. There are a number of terms and threats that individuals are familiar with, it’s the responsibility of businesses to help employees understand additional dangers. Common sense goes a long way, and with adding simple communication, businesses can ensure employees know what to look for and how to act when issues arise.

Spending money in the wrong areas, or not at all

Too often businesses focus on revenue generation opportunities and ROI when spending money. Companies must take a defensive posture as well. This doesn’t mean only spending money on networking equipment and edge devices to protect their information assets, they must understand the extent of the threats and spend in numerous areas.

Firewalls, extranets, and intrusion detection systems are all well and good; however, they only protect companies from specific types of attacks. Businesses must take a holistic view of cyber security and invest as necessary. Cyber security is an investment and should be viewed as such through the budgeting process.

Everyone must take ownership for cyber security. In today’s world with major data breaches occurring seemingly weekly, impacting millions of people, it’s imperative to pay attention and share in the responsibility for data protection.

Through education, logging, understanding corporate data, knowledge of threats, and proper cyber security investments, companies will find greater security. When companies have data protection, investors, employees, and consumers receive peace of mind and clarity that they are as secure as possible.

Like Gungon Consulting on Facebook

Gungon Consulting Services Overview

Data: The One Ring to Rule Them All

“My Precious!” The famous statement from The Hobbit where Gollum repeatedly screams for his most precious item, the gold ring, the one ring to rule them all. This massive trilogy is all about protecting this sacred item from the evil onslaught of Sauron and his minions. It’s so important that those in control of the ring decide to destroy it rather than allow it to fall into evil hands. This story, and magical and mystical item, correlates exceedingly well to corporate data. Precious company information: finances, sales numbers, source code, legal documents, personnel files, etc. cannot fall into the wrong hands. Data is the life blood of companies and it’s the responsibility of leadership to protect it.

One of the most famous stories of technology intellectual property theft is that of Steve Jobs and the mouse from Xerox PARC. Steve Jobs toured the Xerox Palo Alto Research Center and saw a prototype mouse and was in awe. After he saw what it could do, he went back to Apple and directed his developer to recreate what he saw in a much less expensive fashion with greater longevity. This breakthrough helped propel the launch of Apple Macintosh. The irony of this intellectual property “theft” is that the researchers at PARC did not agree to the tour, it was a business decision. In exchange for money or stock in Apple, Steve Jobs and others were allowed to look around at whatever was “cool.” What would have become of Xerox and their PC unit had they perfected the mouse and proceeded to target the PC market more aggressively? Steve Jobs believed Xerox could have been as big as IBM, Microsoft, and Xerox combined.

The NSA data breach by Edward Snowden is another famous example. While one can debate whether this act was heroism or treason, the fact remains that precious information was taken from the US Government and exposed to the world. When organizations lose data, there’s not only the potential for economic damage, there’s probability for political and reputation damage as well. Businesses are not immune to this impact as shown when Reputation.com experienced a hack and lost user passwords, emails and addresses. Pretty ironic that a business focused on protecting online reputation for customers experiences a data breach itself.

The ailment inflicted upon businesses through data breach and information loss cannot be overestimated. While researching this article I came across numerous statistics regarding outcomes when data loss or theft occur. While validating sources, I found they are not reliable hence I have not republished that information. Saying that the data published is not necessarily true also does not make it false. Common sense dictates that when a company loses data and/or experiences theft there is a financial impact. That damage most certainly can, and does, lead to major financial impact and even bankruptcy.

The scariest data loss and/or theft to most individuals revolves around healthcare and financial services. Kim Kardashian led to the termination of six individuals when the temptation to view her medical records was too great to pass up. While this may seem harmless to the individuals improperly accessing her records, this breach exposed a well-respected medical facility to suffer reputation damage as well as a potential lawsuit, not to mention government punishment due to the HIPAA violation. TD Bank misplaced backup tapes and exposed nearly 270,000 individuals’ data. This data loss should cause great concern to most business as, like themselves, the information was backed up to tape and unencrypted. During my time in the healthcare industry I saw this happen to two of the largest medical entities in the United States. In one instance the tapes were stolen from the driver delivering the backups to storage. The other situation had unencrypted backup tapes lost in the mail. This type of data loss is all too common, impacts large swaths of patients and clients, and most companies have no policies or procedures in place to prevent it.

Organizations should know that they are not alone in the pursuit of data protection. A number of businesses and technologies cater to this need. Whether looking for inventory tracking systems, performing background checks on employees, or having an audit or assessment performed to understand the current state of affairs, numerous companies and products exist to help mitigate risks. Knowing is half the battle, and leadership owes it to themselves, their investors, and their employees to see the risk and take protective action.

A few suggestions:

Know who has access to what data and prohibit access to any resource that does not have a need for such access.
Encrypt data in transit.
Consider encrypting data at rest, especially intellectual property and other fundamental business information.
Do not let employees take backups home, no matter their position with the company.
Be aware of who comes into the business, what they see, and what they take away, physically and intellectually.

Just as Bilbo, and then later Frodo and the Fellowship protected their “precious,” leadership in organizations must do all they can to protect their data. Management needs to understand the risks are not solely from the nebulous hacker in the Cloud trying to steal information. Data theft and destruction comes from innocent curiosity to nefarious intent. No matter the reason, businesses are at extreme risk, financially, reputation wise, and potential legal liability, and management must mitigate as much risk as is reasonable.

Contact Gungon Consulting for your free consultation today!

Make sure to “Like” Gungon Consulting on Facebook for up to date technology and security information.

Eric Jeffery has 20+ years’ experience with Information Technology including stints in the Retail, Aerospace, Defense, Hardware, Entertainment and Healthcare industries. Eric has a Bachelor of Arts degree in Economics from the University of Colorado at Boulder. Mr. Jeffery recently founded Gungon Consulting to help businesses solve problems mentioned in this and his other published articles. Please contact Eric at eric@gungonconsulting.com.