Frequently Ask Questions are the basic inquiries we ponder on when trying to figure out how something works. This FAQ will not be static and will evolve because questions are many, so we have to do our best to make sure those questions are answered. Cybersecurity and technology is presented in such an incredibly overly complex manner that its taken on a life of its own like some sort of dysfunctional phantom that took too much ritalin and is confused. Let us demystify the absurd.
What is Malware?
Malware at its core, is software, malicious software, that introduces worms, viruses, trojans, spyware, adware and root-kits, etc., which steal protected data, delete documents or add software not approved by a user. Malware comes in all shapes and forms and like software evolves with the times.
I have a free anti-virus that I downloaded, surely this means I am okay - doesn't it?
No, anti-virus products are signature-based. This means that the infection occurs and the anti-virus company develops a signature that detects for the infection. For the most part the majority of anti-virus companies are quick to deliver signature updates. However this is not effective all the time because many strains of malware like ransomware will not be detected by your anti-virus so this leaves you the user in a delicate sensitive spot.
Whats a good first step for the humble home user?
Get yourself a good anti-virus application and then combine it with Malwarebytes. Do not be cheap, security software is the one piece of software that you should not compromise on because you will need it. Start with something like Symantec, Kaspersky, or Bitdefednder and combine it with Malwarebyes and that is a good first step.
How do I protect myself against data theft?
This is a very broad question and has many answers. We develop a secure ecosystem which will alert you to your data being exfiltrated from your network. We also setup certain procedures and policies in place to literally lock down the network and detect malicious behavior. Most data theft happens from the inside. Go to our contact page and send an email and we can go into a more in-depth discussion on the building blocks in developing your secure eco-system. Catch the malware before it gets to the desktop, catch the person stealing your data before they leave the building. Think like the people who are attacking you to better protect yourself. Auditing and logs are your friends.
I run an office with 5 to 30 people. Why should I worry?
As a small business owner you should worry because your business is most likely to get targeted for attacks and data theft. Due to the fact that you are using stock applications that came with your computer and a cable modem with a little router that someone setup for you, your system can be attacked and you will not even know it. Even a small business owner needs to mind his garden or risk losing his plants to interlopers. We can help you with such a secure eco-system without breaking your bank account or effecting your productivity.
I have good malware software and keep myself updated - why do I need you or anyone for that matter?
All the security in the world is meaningless without basic discipline. A company or a person can update their anti-virus signature, make sure they have the latest software, and even have great equipment. It is meaningless without proper discipline. What may seem like a strict mindset need not be. Functionality and a secure mindset can work hand in hand. Much like a lifestyle choice, you do it a couple of times and it becomes second nature. The best analogy to be used here is you can have the best of alarm systems and wonderful sensors but its worthless if you left window open.
You made mention of behavioral analysis - are you a psychologist? What does that mean and why should I care?
When most people speak of cybersecurity the first issue that comes to mind is malware. This is important for the most obvious of reasons. However it is not often that people speak of the importance of behavioral analysis. As mentioned data theft can be a crippling action upon a company. The probability of a data theft most likely will come from within your company or someone formerly associated with your company. That means this person may even have credentials to remove the data. You - the business owner will have no idea. When data exfiltration occurs it usually happens from within and it is very difficult to detect such things. If I wanted to steal your data, I could go as far as even applying for a job with your small office. I bide my time, make myself useful, quietly remove what I need and then quit and no one would be the wiser. Through training, which means collecting a base line of information about your system we can make sure that these things do not happen. An example of this - your maintenance man logs into his computer everyday to get emails or respond to work orders, all of a sudden for no reason that maintenance man attaches to the Human Resources network share and copies data to a USB drive. This would be behavior that would fall out of the norm.