He starts off with talking about learning it the hard way. Trusting your bank is important, but did you ever consider on what that trust has been based? And what about opting in for credit card payment for your customers? Can that be exploited in any way? And if it does, how easy can you be compensated for any (financial) damages? After the second hack on the company of Scott, he decided to answer those questions and move to another bank.
Website security is another topic he addresses. Your business is likely to be run through a website, therefore, its security needs to be validated and continuously be improved. Failing to do so can (or will) lead to breaches which will impact your reputation and eventually your financial situation. Besides that, he also warns about the dangers of not being careful on how to utilize the great benefits of social media.
But how to protect yourself and your business? To answer this question Scott starts off with social engineering. Why? Because most often the human proves to be the weakest link and we tend to give more information than we would like to admit. Disconnect your credentials from any personal information, directly and indirectly. This way it is more difficult to utilize social data into means to breach your accounts. Because, who likes to be grabbed by a hacker's hook in their attempt with phishing?
Malware also comes to stage in his book. A good deal of pages are used to deal with this subject (rightfully!), and it all comes down to this. Patch everything, use a malware-scanner, and do not click on links or attachments of unknown or untrustworthy sources.
Strong passwords trump lazy hackers! And I could not agree more. There is much debate on what a strong password is, but in any case, a lengthy one is a good starting point. Password re-use and password guessing are one of the core ingredients in successful breaches.
Wireless Networks, or so called Wifi, is another big threat. Especially public ones. There are many means in which they can be exploited and one should always be careful before connecting to one. In the case you build your own Wifi-network, embrace the best practices for security such as strong Wifi-passwords and obscure SIDN. It’s by no means a foolproof system, but at least make it hard.
Scott ends his suggestions with topics like layered security, meaning do have a multitude on security controls anywhere in your network. Do not rely on just one or two controls. Make sure one steps in when the other one fails. But also the fact that Security is everyone’s business. We cannot lean on the government for protection. The Internet is decentralized and therefore comes with its weaknesses in that regard also. Meaning that the defense also has been centralized.
The book ends with notable hacks and breaches, such as the Target Breach, JP Morgen Chase Breach, iCloud Cyberhack, the Sony Cyberbreaches and the hacks at the Office of Personnel Management (OPM).
All in all, a nice read. Especially for business owners, CEOs, Presidents of some Board of any organization and so on. Read it, listen to your Security experts, and prevent financial losses your company cannot pay!
First released: March 2016