Colonial Pipeline has just shown us all how bad things can get for a company that doesn’t take care of its computer security. Colonial has just admitted to paying the hacker[s] $5 mil to get their files back. They didn’t say if they had recovered their files, the hackers may have just kept the $5 mil and split.
This is aimed at suits, those fairly clueless senior business people.
First off, your company has valuable information on its computers. Information that will do you great harm if it falls into the hands of competitors. Things like your payroll, your sales contacts, the plans, schematics, parts lists, and source code for your product[s]. If you don’t believe me, have a chat with the Colonial Pipeline people. They will tell you.
Know that Windows computers are totally insecure. High school kids can break into them. Windows is like Swiss cheese, hole of holes. Connect a Windows computer to the public internet, and you have exposed every thing on that computer to every passing internet hacker. You should not use Windows computers to monitor or control generators, pumps, pipelines, or anything that controls physical product. Use Apple, use Linux, use a workstation, anything but Windows.
Important and confidential paperwork can be kept on Windows machines if and only if, that machine is not connected to the public internet. Keep these machines in a locked room. Snip off all their USB ports. Windows computers will silently load and execute any code, malware, they find on flash drives inserted in the USB ports. That is how we spread Stuxnet on the Iranian uranium enrichment centrifuges. Back them up weekly to DVD disks. Store the backup disks off site, in case of fire or flood in your office. In 40 years in the business I never had a fire. I did have a flood once, right in the computer room, made an awful mess.
Separate the stuff that makes the business run, the generators spin, the pipelines pump, the trucks get dispatched, the product to come off your production line, from your paper work. If the hackers get to your paper work it should not shut down your business. You ought to be able to operate with out your paper work for a few days. Billing may be delayed a bit but you can survive that.
Make sure every computer in the company needs a password to access. Use strong passwords, some upper case, some lower case, some numbers, and some punctuation. Change the passwords every 90 days. Take care to close out the computer accounts of departing employees. Do it on the day they leave.
No comments:
Post a Comment