Wednesday, February 13, 2013

Cybersecurity

All sorts of companies are getting hacked these days. Latest victims to fess up are newspapers, the NY Times, the Journal, and WashPost.  Congress has ignored prodding to pass a cybersecurity law.  So Obama is calling a "voluntary"  meeting to OK some "voluntary" standards and then promise to implement them.  I don't know just what Uncle Sam is gonna propose, so here are my recommendations.

1.  Everyone has to use long and strong passwords, and all passwords are changed every couple of months. 
2.  Signals to control machinery shall never go over the public internet.  No remote controlled machine shall ever accept commands from the public internet.
3.  Private networks never accept login from off the premises, from the public internet, or from a dial up connection. 
4.  All laptops must have full disc encryption to protect contents and passwords should the laptop fall into hostile hands..
5.  Autorun must be disabled on all computers to prevent malicious programming from automatically uploading and executing off CDs and flashdrives..
6.  Use nothing but secure email clients and browsers.  Secure means never executing any sort of programming received over the internet or as an attachment.  Secure email clients and browsers will only display mail and websites, they will never execute programming of any sort.  To my knowledge no commercial email or browser programs are secure, they will all download and execute malicious programming with no assistance on the part of the user, or notification that they are doing so. 

Companies need to understand that poor security will give competitors access to their bids, customer lists, their designs and trade secrets, their books, their employee lists, and  any other intellectual property they own.  No company can win a bid when the competitor knows just how much they bid for a job.  The risks ought to be obvious to even the stupidest of suits. 


No comments: