October 2021 News & Tips | Facebook & Instagram Down, Patch Tuesday

*|MC:SUBJECT|*
View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
Subscribe
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review

Cyber Security Must-Haves

Happy October! This month we welcome the beauty of fall as we embrace cooler weather, warmer attire, and urgent patches to zero-day vulnerabilities that are being exploited in the wild. Not sure what that is? Keep reading to find out. 

For this month’s newsletter, I want to share a few key cyber security “must-haves,” if you will. These tips are shared in light of breaches that TCE Strategy is currently helping to mitigate in the hope that you learn from and potentially prevent them for yourself and your business: 

  1. Patching. Patch your firewalls. Check every month for new firewall patches. Don’t allow administrator accounts to VPN (Virtual Private Network) directly into your environment. Only everyday (non-administrator) accounts should be able to do that. Change your passwords occasionally, even if it’s only once a year.
  2. Employ Microsoft’s Local Administrator Password Solution (LAPS) to randomize the local admin accounts on your company’s PCs.
  3. Avoid logging in to computers with Domain Administrator Credentials. If you have to promote or demote domain controllers and do certain other things that require a login as a domain admin, change your passwords after every time you do so. For all other admin functions, log in as a normal user and perform a “run as” command to use admin privileges on the applications that you need them for.
  4. Check your websites for SQL injection issues and other serious vulnerabilities. Run external vulnerability scans on your websites. Have a full penetration test done on your websites if you really care about them (this is a service that TCE Strategy provides).

As always, my goal is to simply be a conduit of valuable information that will help you stay secure and avoid cyber criminals at all cost. 

Cyber News In Review

On the cyber news front, hardly anyone escaped the virtual craze that was the widespread, six hour outages of Facebook, Instagram and WhatsApp on Monday, October 4th. While many speculated that cybercriminals were involved, it turned out that cybersecurity wasn’t a factor. The reason Facebook and its entities crashed essentially had everything to do with a service on the internet called DNS and just how easy it is to accidentally remove DNS entries for a company. Oops… Who knew you didn’t even need Facebook to spread rumors and misinformation? 

Microsoft’s Patch Tuesday for the month happened this past Tuesday, October 12 with a shocking number of zero-day vulnerabilities: four. Three of these are being actively exploited in the wild. This is an urgent call to why patching matters, and how the frequency at which it is done is essential. All patching is necessary and encouraged, if not highly persuaded. Patching this month, however, is one that Windows users cannot afford to delay. Patch early, patch often.

Regarding “zero-day” vulnerabilities, here is a layperson’s definition: I found a way to take over your computer using a flaw in some software you have installed. No one else knows about it. I start using it until someone catches me doing something bad on your computer. Up until the point that I’m caught, my way of taking over your computer is a “zero-day” vulnerability. Soon after I’m caught, the software vendor normally develops and releases a patch. The day the patch comes out is “day one,” as it’s easy to reverse engineer a patch and see what it fixed. Now the race begins: people using the software need to patch it, and cybercriminals want to weaponize the vulnerability so that they can start using my “zero-day” vulnerability on computers that haven’t been patched. You want to be in the camp that patches their computers. The cybercriminals want you to be in the camp that doesn’t.

October is Cybersecurity Awareness Month. The Cybersecurity & Infrastructure Security Agency is releasing weekly reminders throughout the month with various ways we can stay on top of protecting ourselves from cyber crime with their #beCyberSmart campaign. Click here to learn more!  

Until next month, stay safe!

Upcoming Speaking Events

If I am coming to your town, state or country and you are interested in a speaking event for your company or organization, please let me know! There are a number of terrific cities on my 2021 schedule already.

October 5th, Viewpoint ProContractor Summit

October 12-14th, 2021, Vistage presentation and workshop, Minneapolis, MN

November 2nd-5th, 2021, Vistage presentation and workshop, Louisville, KY

November 18th, private webinars, UK, Italy, France, Germany, China, Japan and the USA

December 15th, 2021, Vistage presentation and workshop, San Diego, CA

March 22nd, 2022, Vistage presentation and workshop, Minneapolis, MN

May 17th-19th, 2022, Vistage presentation and workshop, Huntsville, AL

TCE Strategy in the News

Thank you Lisa Ryan for the opportunity to speak on The Manufacturers’ Network Podcast on Protecting You and Your Manufacturing Business from Cybercrime. Tune in here!

Interesting Articles

The risk of cyber security looks like it is second only to the risk of global climate change according to this news source. "The percentage of experts ranking it among their top five risks increased significantly from 51% last year to 61% in 2021, with only a quarter (26%) believing that governments are prepared for cybersecurity risks — a figure unchanged since 2019."
Why would the USA do this for a Russian cybercriminal? I don't get it. He was sentenced to 9 years. "Since no extradition treaty exists between the United States and Russia, Burkov's deportation is surprising."
If accurate, this is a noticeable black eye to Apple's bug bounty program. The article states that the issues aren't super-critical though. I'm guessing this will fall into the bucket of "Apple could stand to do better" regarding their bug bounty program.
Is the insurance industry getting into the cybersecurity-as-a-service industry? "Coalition offers businesses cybersecurity tools and insurance to help manage and mitigate cyber risk to more than 50,000 customers, doubling its customer base in the past year."
Cybersecurity Tip of the Month

MFA On, then Log Off

What can we learn from the Facebook and Instagram outages? Perhaps from this infrastructure vulnerability, we who aim to be more cyber aware can take into account how much stock we have put in our lives being on the internet, and take into consideration that there is more to life than what the internet has to offer.

There is no question that the internet is necessary and vital for everyday life and business. Securing our devices, being aware of what we click on, and getting a jump on security updates are all critical to living responsibly and safely online. 

So for this month’s tip, secure your passwords, use Multi-Factor Authentication wherever possible, update and patch your devices often. 

And then, maybe for a time, give yourself permission to log off, and be a little more present with the people and the world around you. 

LinkedIn
Twitter
Facebook
Website
Forward Forward
We want your feedback!
*|POLL:RATING:x|*
< On a scale of 10, how helpful was this newsletter?>
*|END:POLL|*

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.
*|IFNOT:ARCHIVE_PAGE|* *|LIST:DESCRIPTION|*

Our mailing address is:
*|HTML:LIST_ADDRESS_HTML|* *|END:IF|*

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at bryce@bryceaustin.com

*|IF:REWARDS|* *|HTML:REWARDS|* *|END:IF|*
Subscribe to Newsletter

Browse newsletter archives: