Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

February 23, 2021

Good morning, everyone!

Good grief! I take off one week and EVERYONE releases patches!

Patch all the things!!



The Importance of Good Backups

This story has lots of lessons, but I’m focusing on just one today: the importance of good backups:

A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.

Write this down: If you store your data locally, keep backups offsite. If you store your data offsite (in the cloud), keep local backups. You cannot rely on a third-party to be the sole responsible party for your data – any of your data! This is not the first time I’ve talked about a cloud service provider simply shutting down after an attack. You must take personal responsibility for your data. Diversify. Cover your bases. Don’t put all your eggs in one basket!

Talk about Lucky!

This story is pretty horrifying:

A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders.

Apparently an actual human being, paying attention on the job, saved the day:

A supervisor monitoring a plant console about 1:30 p.m. saw a cursor move across the screen and change settings

How did this happen?

the intruder entered through a remote-access program called TeamViewer. It was loaded on all computers used by plant personnel, all of which were connected to the plant’s control system, the advisory said, adding that all users shared the same password — ignoring cybersecurity best practices. Further, those computers “appeared to be connected directly to the Internet without any type of firewall protection installed.”

(emphasis added)

Okay, let’s break this down:

  • No shared passwords! Each user should have a unique password. Passwords should not be reused across accounts, services, networks, etc.
  • Enable two-factor authentication whenever it is available. (You’ve heard me say this before) Even a shared password cannot easily be used to access an account with 2FA enabled.
  • Do not connect any devices directly to the Internet. Always have a firewall between your devices and the bad guys.

What’s the best firewall?

People ask me this question all the time, and my response is always the same: the one your IT people know how to properly configure. Seriously! Most commercial firewalls have roughly the same features and standards. The important thing is to configure it properly, and that requires experience and skill. Knowing how to properly configure one brand doesn’t necessarily mean you can properly configure a different brand.


Malware for Macs

Yes, it’s a thing. It is still far less common than malware for Windows, but it is out there. Recently, two new strains of malware have been identified that attack Apple’s New M1 Processor. The usual rules apply: Think Before You Click! Don’t just say “ok” to those popup boxes. Beware of installing software from unknown vendors. Don’t grant excessive permissions. Slow down, read what is on the screen, and make a conscious decision whether to proceed with the installation or not.

I think that's enough for this week. Go forth and apply your patches, enable 2FA and think before you click!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2021 The Net Effect, L.L.C. All rights reserved. Read our privacy policy