Got Antivirus? Next Step: IRP

Leverage An IRP to Protect Your Assets

IRP announcer

Congratulations for your proactive focus on protecting yourself against cyber threats! You've already taken the first steps by joining us to learn about and discuss cybersecurity.

With fundamental awareness and by taking the simplest steps you'll be major strides ahead of most. Just recognizing that obscurity is not security, and that hackers are happy to infect and use ANY computer they can find is huge.

But today's focus is on what happens when you recognize something fishy seems to be going on in your system. How do you react? What are your first steps, and how do you control the damage that occurs when symptoms turn into a full-fledged infection?

Let's begin with the understanding that—in terms of risk—operating a computer system is much like driving a car on a busy road. I'm sure we're all aware that being distracted behind the wheel greatly increases our chances of a crash. Whether tuning the radio or texting, taking our eyes off the road isn't good for safety.

So what's the opposite of distracted driving? It's defensive driving. Defensive driving is anticipating what could happen next and being ready for it. If that car in front of you hits the brakes suddenly, you'll be much less likely to rear-end it if you're anticipating their stop.

The same sort of preparedness in your computer system operation can save you hours of grief and BIG money when things go south. Seconds count!

Being prepared for the appearance of symptoms of hacking starts with preparation of an Incident Response Plan (IRP). Once completed, it's important to refresh your memory on the IRP every six months or at least annually.

A good IRP anticipates seven categories of activities:

  1. Preparation and Planning
  2. Detection and Analysis
  3. Containment and Mitigation
  4. Eradication and Recovery
  5. Post-Incident Analysis
  6. Communication and Collaboration
  7. Continuous Improvement

Of course, these parts of an IRP change in size commensurate with the number of people and systems it protects. Preparation of an IRP for a large organization can involve cross-functional teams of people and end up consisting of multiple volumes of information, whereas an IRP for an entrepreneur can be as short as a few pages. Individuals may have just one summary page of instructions they tack up on their bulletin board.

Regardless of size of the official IRP, having a concise one- or two-page set of instructions means you can act quickly to control the impact of a malware attack.

Don't forget—it's important to print out the IRP because an incident can often bring down computer systems from which you'd ordinarily read!

When It Happens

In simplest terms, isolation of the threat should be your primary concern. Disconnect the affected computer from your network immediately.

The next step depends on whether you're interested in forensic analysis of the issue—determining the source and nature of the infection—or not. For individuals and small businesses, this is normally less of a concern simply because the funds to hire a forensic specialist aren't there. In this case, the next step would be to simply do an orderly shut down of the computer, followed by taking whatever steps are possible to reinstate normal operation with recovered files. This is where a good backup can make all the difference.

Isolating the affected computer from the rest of the network can prevent the spread of malware and greatly reduce the effort required to return to normal.

More about preparing an IRP in coming articles.

Cyber Security 101

Take Care of the Basics

Let's cover some fundamentals of cyber security. By understanding a few concepts and taking a few simple steps, you can make your system much more secure.

Here, the 80/20 rule applies in a big way. By expending 20% of the total effort to make your system ultra-secure, you can improve your security by approximately 80%. That's to say it only takes a little time and effort to make huge strides in security!

The rank and file PC/tablet/phone user isn't protecting national security, so these first simple steps go a long way towards making you the kind of target a hacker will pass up to move on to easier systems.

First you should understand one fundamental principle that applies to all cyber security efforts.

The Cyber Security Triangle

There is a long-standing precept in cyber security illustrated by this image. The triangle represents a continuum with three points: security, functionality, and convenience (or ease of use). Any given computer system designed with security in mind falls somewhere on this continuum. The red ball represents where on the continuum the system lies.

Consider making a system more secure, represented by the red ball moving toward security. When you do that, you're forced to lose some convenience and/or functionality. An example of this would be to make your password more complex. This makes your login less prone to cracking (more secure), but makes it harder to remember and enter (less convenient).

On the other hand, if you make the system more capable by adding more programs, you move the ball toward functionality, but security and ease of use are affected. Security is diminished because you've created more opportunities for a hacker to find a vulnerability, known as increasing the attack surface. More programs also mean the system is more complex, and therefore more difficult to use and master.

Why is this important?

If you make changes which improve your security, you can expect to make your system a little less convenient, and sometimes a little less capable. This is the price we pay for better security.

Most Common Exposures

So what are the ways we commonly expose ourselves to hackers?

Phishing (pronounced fishing)

Estimates vary, but somewhere around 90% of successful cyber attacks on personal or corporate systems are by phishing.

What is phishing? It's including a link in email that leads to an exploit if clicked. When you click on the exploit link, it takes you to a website location where malware is instantaneously downloaded to your computer. Once this has been done the malware executes, completing the infection and giving the hacker access to your system.

The perpetrator will do everything he can to make the infection invisible to you. Often, the infecting page won't display anything, but will quickly redirect you to a legitimate page. All you would see is a brief flash of the infecting page URL in the address bar before the legitimate page is loaded.

Solution: Don't click the link.

The best protection against phishing is prevention. Just don't click links which lead to the infection.

How do you avoid the bad links? The simplest way is to never click links included in emails at all. Of course, this is hardly a workable solution. We rely on email links to get things done--to see a friend's Facebook post, correct account details, make payments, etc.

So what can you do to avoid trouble?

  • Hover over the link. All common email programs show the destination URL when you hover:
    Hover to see the URL Examine the link closely, especially the spelling of the domain. If the link isn't a domain you recognize as appropriate, don't click it. In this example, since the link is to, you shouldn't have to worry about it, but if the domain were, for example, (notice the extra 'o'), you'd avoid it.

    Special note: Phishing schemes are becoming much more sophisticated. The email often looks legitimate based on theme colors and images. The perpetrator may even conduct some research on you via online searches to make the email appear to be coming from a friend.

Secure Your Passwords

You've heard it before. There's a reason it's important. Passwords are often cracked by use of brute force algorithm. A program is run which repeatedly tries common password variations and word combinations to break into a system.

Generally, the classic guidelines for passwords still apply. They are more secure if they:

  • Are long - the longer the better, but practically speaking, around 10-16 characters will suffice when the other characteristics listed here are employed.
  • Use combinations of upper- and lowercase letters.
  • Include numbers.
  • Include random punctuation marks.
  • Include special characters, like ']' and '@'.
  • Are changed regularly.

But these types of passwords are beginning to fall out of vogue in favor of pass phrases that are easier to remember. Such a password can often be brought to mind without using a cheat sheet.

An example would be: camel-antlers,Aren't>c0mm0n.

Test your password creativity by using a website like How Secure Is My Password. Enter a password like the ones you like to use, and it will tell you how long it would take to crack using a brute force attack. (Note: don't enter actual passwords you use, only passwords similar to the ones you like to use.)

Because passwords should be changed regularly and should be unique for each login, employing these guidelines can still be daunting unless you use a password database like Keepass.

For more information about things you can do to protect yourself online, check out this list of top 10 things you can do to harden your systems!

Being Online Is Risk, Highness

You've read the headlines. Heard the talk. The US used cyber warfare to destroy equipment being used by Iran to purify Uranium for bombs. Russia hacked systems in the US to get information that could be used to influence the 2016 election.

Those are the big guys. Their goals are political and defense oriented. But we all know there are a ton of operations out there - petty thieves and syndicates out there who just want to steal money.

"Some 15.4 million consumers were victims of identity theft or fraud last year, according to a new report from Javelin Strategy & Research. That's up 16 percent from 2015, and the highest figure recorded since the firm began tracking fraud instances in 2004."
- CNBC, 2017

The highest increase is in card not present transactions - those in which anyone with credit card information can make a purchase without presenting a card. These crimes increased by 40% from the prior year.

Are you playing a numbers game? Hoping to be obscure and safe by hiding among the millions online?

Of course we can't. The hackers use very effective scanning and searching tools to find vulnerable systems. It's no longer a matter of not being discovered, it's about being able to be invisible as well as hardening our systems.

Are you and your systems up to the challenge? Take a look at this quick quiz to see if you're up-to-date on some of today's threats.
  • What's phishing?
  • Can you be hacked if you use antivirus software?
  • What's an IPS?
  • Can you name 5 characteristics of safe password practice?
  • Would your systems pass a port scan?
  • What's a credential dump?
  • Are you protected against ransomware?
  • Have an automated backup for each of your systems?