Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
The war between Russia and Ukraine shows no signs of de-escalation, and things in cyber space are a mixed bag. There is no question that cybercrime incidents aimed at the USA from Russia have risen sharply (regrettably including a ransomware event that TCE Strategy is actively working to remediate). That being said, there has not been a massive, coordinated attack that many in the West feared would occur. There are a few theories around this. First, it could be that the difficulty Russia is having of advancing on Ukraine in their kinetic war has them more occupied than they anticipated. Second, stealthy, targeted attacks (such as Stuxnet) are more difficult to pull off in the general chaos that a kinetic war causes. Third, it could be that the number of groups targeting Russia with offensive cyberattacks has Russia’s cyber teams on the defensive. No matter what the cause, I would strongly encourage anyone reading this to double-down on cybersecurity basics.
Pick good passwords and don’t reuse them for multiple purposes. Use a password keeper such as Dashlane, 1Password or Lastpass to help you with this.
Use Multi-Factor Authentication (MFA) for your email accounts and any other account you care about (financial institutions especially). If you don’t know how to set it up, do a Google search for things like “Facebook MFA” or “Gmail MFA” and you will find the steps to do so.
Patch your computers. Desktops, laptops, tablets and smartphones. Set them to auto-update themselves. Do a Google search on how to do this if you are unsure.
Retire end-of-life computers. Windows 7 or XP PCs, MacOS 10.14 “Mojave” or older, Android 9 “Pistachio Ice Cream” or older, or iPhone 5 or older. Those all have to go. They can’t be kept secure. They are the asbestos brake pads of computers. Get rid of them.
Get a good antivirus program. I’ve gained much more respect for Windows Defender in recent years (but only for Windows 10 or 11). Macs do not come with built-in Antivirus – you need to add it.
1) I like this legislation, as it will bring a LOT of breaches into the public eye that would otherwise be covered up. 2) What will the penalties for breaking this law be? Laws do not change behavior. Laws + penalties + enforcement of those penalties will change behavior.
This is genuinely bad, as some of the vulnerabilities mentioned have active exploits against them and are critical issues. I often complain that articles like these make a mountain out of a mole hill. This one appears to honestly be a mountain.
Cybersecurity Tip of the Month
Spring Cleaning: Safely Disposing of External Hard Drives and USB Drives
With the first day of Spring finally arriving this past weekend, many of us will surely have the "spring cleaning" bug very soon. If you come across old USBs or hard drives that you decide to get rid of, please keep these things in mind before you do.
When selling, donating, or disposing of old USB drives or hard drives, many people think they can simply delete the files and they will be safe. This is not true, however. Third-party data recovery software programs can often restore these files, meaning that any sensitive documents or data on these drives could be exposed or fall into the wrong hands.
There are several different ways you can securely wipe these devices:
-Formatting an external device: Windows and Mac operating systems come with built-in format options for erasing hard drive data. You can follow a few simple steps to initiate this method which performs a write-zero pass, filling the storage space with zeros. To see more detailed step-by-steps for Windows and MacOS, visit this article.
-Erasing data on external drives using an app: There is no shortages of apps, paid and free, that will perform a data erasure service for you. Some of these are described more in depth here and include:
-Android: Secure Eraser, Shreddit
-Windows: CCleaner, Eassos PartitionGuru, MiniTool Drive Wipe
-MacOS: StellarWipe Mac, Mac Washing Machine Secure X9
-Windows and MacOS: AweEraser, Super Eraser
-Windows, MacOS, and Linux: WipeDrive
-Erase hard drives using Darik’s Boot-and-Nuke (DBAN) software: DBAN is a free data destruction program used to completely erase all the files on a hard drive. This is a great free program but will erase EVERYTHING on the hard drive, including applications, personal files, and operating systems, so it needs to be used carefully and intentionally. These articles give some very helpful tips and steps for using DBAN:
If you are disposing of a USB or external hard drive for any reason, be sure to do your due diligence. Double check what data is on the drive, determine how sensitive it is, and decide on the best way to ensure it is erased from the drive. And if in doubt, a good old fashioned hammer will always get the job done.