10 Security Tips for CEOs and SysAdmins

General, Security , , , , 3 Comments

There was a huge surge in ransomware attacks in 2021, with a reportedly 105% surge in known attacks. According to the 2022 Cyber Threat Report, governments worldwide saw a 1,885% increase in ransomware attacks. That is a crazy threat to public resources.

It’s likely that you’ve noticed this stuff is in the news a lot these days. One very public case was the world’s largest meat supplier, JBS US, who was attacked in May 2021 and allegedly had to pay a $11 million ransom in Bitcoin to get out of it.

They won’t target me… right?

Think again. No one is immune to these attacks. Yet most small business owners don’t seem worried enough about being attacked. Maybe they think that they’re too small, and won’t look juicy enough for cyber pirates to target. The CNBN Small Business Survey revealed that 56% of small business owners weren’t concerned about being attacked in the next 12 months. Hackers must love this ambivalence; as their prey is unconcerned and underprepared.

Luckily, small businesses don’t need to spend huge $ to protect themselves. They just need to be smart about their security by doing a few simple things.

How to help prevent Cyber attacks

So, how do you protect yourself and your business from ransomware attacks?

I’ve put together a few of the most important tips for both CEOs and SysAdmins that I’ve learned over the years to help safeguard your business from sneaky cyber pirates. Hopefully, they will help save you some pain!

In my video above, l cover 10 of the most important things that will help keep you safe and hopefully save you from a ransomware attack.

5 Tips for End-Users

#1 – Use strong passwords & a password manager – you can also use tools like Security.org to see how secure your password is.

If you want proof that even 4 random words work well – I just checked a random combination, and it came back showing that it would take 400 billion years to crack.  It was all lowercase, with no numbers, or symbols!

Figure: I used 4 random words, all lowercase and it still took 400 billion years to crack! 🤣
Hive Systems password table showing how quickly they can brute force your passwords
Figure: The Hive Systems password table shows how long it takes to crack passwords of various lengths – you need a secure, ugly password
KeePass password manager shows how good your passwords are collectively
Figure: In LastPass you can quickly scan through problematic passwords and update them. In this case most of them are localhost passwords with no impact if they ever get compromised

#2 – Use Multi-Factor Authentication (MFA)
#3 – Don’t use a private password for work
#4 – Personal breaches should be resolved by SysAdmins

5 More Tips for SysAdmins

#6 – No admin access for users on servers
#7 – SysAdmins should understand the risk of LSASS.EXE
#8 – VPN access should be MFA enabled
#9 – SysAdmins need 2 accounts: 1 for doing everyday work, and 1 for SysAdmin work
#10 – Upgrade to Windows 11 for TPM enhanced security

To safeguard you business, there’s a lot more than 10 things you can do, see more Rules at Rules to better Security

Have you been through this pain? Would like to share a tip? Leave a message for me in the comments! I’d love to hear from you.