The Datamax Thinking Blog

Educating, collaborating, and sparking ideas for maximizing the technology that matters.

Lessons from the Big Bend: Achieve Balance in Your Cybersecurity Approach


The risks associated with traveling the vast cybersecurity landscape unprepared? It’s bound to be overwhelming. Achieving balance is essential. 

Traversing a national park bigger than the state of Rhode Island? It can be awe-inspiring, if not a bit overwhelming.

Rugged yet beautiful landscapes greeted us everywhere we turned, including, notably, Balanced Rock in Big Bend National Park. The trail leading to to the rock formation was filled with scarce,  dusty desert floor surrounded by piles of boulders; the path was difficult to follow if you weren’t paying attention. But the rewards are worth the careful navigation – a huge boulder balanced and suspended overhead by two others, but also, just underneath it, a beautifully framed window into the distant mountains.

Finding balance isn’t easy. The path can be riddled with obstacles and uncertain navigational turns. But the rewards are undeniable as you continue to journey ahead.

October is Cybersecurity Awareness Month. As employees traverse the Internet to perform their daily jobs – sharing information, hopping from site to site, interacting with those in and outside of your business - it’s incumbent on organizations to structure a solid plan, and create a heightened sense of awareness for employees to navigate confidently as they interact online.

The risks associated with traveling the vast cybersecurity landscape unprepared? It’s bound to be overwhelming. Achieving balance is essential.

3 Lessons from the Big Bend: Finding Balance in Your Cybersecurity Approach: 

1. Educate Yourself on the Rugged Landscape. 

Need proof that the cybersecurity terrain is rugged? The 2019 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 11 seconds by 2021 (up from every 40 in 2016).

Before guarding against attacks, one must first understand them. A leading attack today socially engineering – the art of tricking people into giving their confidential information or manipulating them to do something. Below is a briefing on common methods:

  • Phishing: It's the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.
  • Baiting: Similar to phishing, baiting involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
  • Quid Pro Quo: Similar to baiting, quid pro quo involves a request for the exchange of private data but for a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.
  • Pretexting: It's when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

2. Navigate Your Journey.

While cybersecurity strategies will vary for each organization, there are a few basic building blocks that apply to any business, any size.

Start with a Network Assessment.

Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

Include these Essential Cybersecurity Solutions.

  • Antivirus Software: Cybersecurity technology starts with antivirus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern antivirus software can protect against ransomware, keyloggers, backdoors, rootkits,  trojan horses, worms, adware, and spyware.
  • Firewalls: A network firewall is also essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules—separating your secure internal network from the Internet, which is not considered secure.
  • Patch Management: Patch management is an important consideration as well. Cyber criminals design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them.
  • Password Management: Recent studies have reported that weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. To mitigate this risk, businesses should adopt password management solutions for all employees. Many people have a document that contains all of their password information in one easily accessible file — this is unsafe and unnecessary.

3. Anticipate Potential Hazards.

The Chisos Mountains are readily marked as bear country.  So we carried a bear bell, ringing it without hesitation at every sharp turn up toward the peak, anticipating a possible interaction.

Social engineering often comes down to attacking the weakest link in your organization.

A sense of awareness - anticipation for what may be lurking - for end users is a powerful defense. Employee training is a top component of a successful cybersecurity program and the best way to ensure social engineering doesn’t penetrate your organization’s sensitive information. Speak with your technology partner about a proactive and ongoing training program – one that’s beyond the monthly Powerpoint Presentation that digs deep into the nature of socially engineered attacks.

On our final afternoon at the park, as we crossed the final switchback of the Lost Mine trail, and climbed the last steeply-graded rock incline to the summit, we were gifted with our greatest glimpse yet of the vast, deeply diverse earth surrounding us. It was like seeing another world, one more rugged and unrefined than the one we were accustomed to.

Our natural earth's beauty and awe inspiring potential was right in front of us.  But not before heeding a few lessons learned on the trail.

Traversing your cybersecurity landscape aimlessly?  Is it time to discover balance in your approach? Start your journey by scheduling your network assessment today!

Schedule A Datamax Network Risk Assessment Today! ›

Topics: Information Technology Managed Network Services IT Consulting Cybersecurity