The Broadcasters' Desktop Resource

Do Not Make These Dozen IT Mistakes

Image of author Barry Mishkind

[October 2024] Whether you are working alone or with a competent IT department, it is getting harder to stay truly safe when dealing with the Internet. Here, we offer a list of ten mistakes many folks make that puts them in danger of loss of files – or more.   

There was a time when computers were pretty isolated and you could do your work without a lot of worry that something bad could happen.

That changed when the Internet appeared. At first, it was small logic bombs and little viruses could bring computers all over the world to a halt, but mostly your personal data was safe. But as modem speeds increased and the complexity of operating systems like Windows permitted bad actors to access, even control computers from anywhere, users had to take precautions, and anti-virus programs took off,

Norton and McAfee among many others.

But it was not just viruses and trojans that brought worry to users. Hackers started using dictionary attacks, social engineering, and downright fraud to try to break the security of personal, business, and government systems. Many of the problems reported are caused by “bot armies” where hackers take over hundreds or thousands of computers and attack servers.

Several major radio companies (and smaller ones, too) have been hit by ransomware – or worse – and either gone silent or suddenly found their computers wiped … or air signal taken over by porn rap. This week saw another report where a major health insurance company was compromised – 100 million records were stolen. One report says a major ransom was paid.

So, the issue is how to keep safe.

AVOIDING KEY MISTAKES

Many computer publications report both hacker exploits and new ways to protect ourselves from them.

Perhaps one of the efforts that is becoming more and more visible is the multi-factor authentication, where signing in with your username and password triggers test screens, PIN codes sent to your email or your phone, or other methods. We will touch on them, but the purpose of this article is to help identify and avoid key mistakes.

For example, the biggest mistake many users make is (1) simply assuming that the worst will never happen to them. Experience has shown that even the biggest IT departments with the strongest cybersecurity protocols can be hit. We read about them all the time.

Should this make us afraid to go near our computers? Not at all. But, at the same time, we cannot be ignorant of basic protections, or fail to use them.

BASIC SECURITY

A really big mistake is (2) to allow anyone you do not know and trust to access your system.

There is no doubt that a computer left unprotected will be “seen” by someone and can be infected within minutes after going online. One transmitter manufacturer tested this by connecting their transmitter directly to the Internet. It took 17 seconds before someone had accessed the transmitter.

That should make you very cautious.

Protecting yourself against malware should be a high priority. There really is no excuse for not using an effective Internet security program. I have reviewed many of them here, and all are available in free versions.

PASSWORDS ARE THE KEYS

Very few people today do not routinely lock their cars and front doors. This is basic security.

Your password is your key to your programs, data, and confidential information. Yet, survey after survey reveals that the most common password is “password,” with “123456” right behind. Even worse, some use the same password for everything.

It is a big mistake (3) to use common passwords or reusing them for multiple sites.

And here is a big reason why: we mentioned dictionary attacks. Simply stated, hackers will find a username and try every possible password to break in. “This doesn’t affect me” you might say.

But that is not true at all.

HACKED BY PROXY

Once the hackers get in, they seek the files for all the users and passwords on the system.

Yes, they usually are encrypted. But if the bad guys know a username and the password, among the many tools available, they can use software to decrypt the files. If you are on that system, they now know your username and password. And if you use it elsewhere, and they find you, they can take over your email account, your browser, or, your bank account.

This has become especially true with “cloud” service accounts. In one Digital Defense report, data showed that password-based attacks make up over 99% of the 600 million identity attacks that are projected each day. Microsoft alone has reported blocking 7,000 password attacks per second.

Does this make you want to be a bit more protective of your password?

IT IS NOT JUST THE LENGTH OF THE PASSWORD

As you can see, if you reuse a password and some system is hacked, your password is known, even if it is a long one, and you use it elsewhere.

Because of the prevalence of hacks reported, it seems wise to change your passwords from time to time, on any system that has your data. Again, if they managed to decrypt the password file, and your username is on that system and known, they now have your name and password – and will seek other sites where it will work.

So… periodically, as painful as it is … change your password. It does not have to be long, just different.

ICU

Have you ever walked into someone’s office or workspace and noticed a post-it on the screen with the username and password?

That is nothing less that leaving the front door open and your wallet on the table! Would you leave a copy of your keys hanging next to the door? Or would you put your key under the “welcome” mat? Most folks would not.

That is why is it a mistake (4) to post your password on the screen – or anywhere visible.

SECOND LAYER OF PROTECTION

OK, you are careful with your username and password; are you also careful what you click on?

Several times, a “sponsored link,” something that shows at the top of the results in Google, for example, actually are fake sites, made to look like a bank or brokerage account. The only thing is that when you enter your credentials, the result is “wrong username or password” and while you are trying to figure out what is happening, the bad guys are trying to access your account.

That brings us to (5) not using 2FA (Two-factor authorization) on any critical account, especially financial ones.

Even if a bad guy gets your username and password, 2FA will protect you, unless they are able to take over your email or cell phone accounts. At the very least, it gives you time to change the password before they try something, such as social engineering to get into your accounts.

Whether you allow your browser to save passwords (some think this is very bad, especially for machines with multiple users) or not, saving the link to financial sites in your “favorites” will reduce the chance you could be deceived by a scam search result.

WATCHDOGS

My next-door neighbor is proud of his dogs, which make a racket any time someone they do not know (smell) approaches his house.

In computer terms, it is a mistake (6) not to have a watchdog that makes “noise” when someone or something is trying to get into your system.

If you are on a Windows 11 system, for example, Microsoft Windows Security can be set to watch for attempts to change settings, install apps, or access certain files. This is a free program, and if all you do is email and limited browsing, Microsoft Windows Security might be sufficient if it is activated and kept up to date.

There are many other programs available, some free, some fee-based, that you may wish to employ to provide basic protection from intruders. viruses, trojans, rootkits, spyware, keystroke loggers, ransomware and other attack vectors. Which ones and how many of them you need probably rests on how much you use your computer, for what purposes, and how much access other have to your system.

Another way to look at it is, given the area where you live do you trust the lock in your door handle to keep you secure? Perhaps a deadbolt lock, or a digital lock, which will notify you anytime it is activated, would be a smart move. Similarly, different programs can add to your computer security.

DO NOT FAIL TO KEEP PROTECTION UPDATED

A lot of folks are annoyed at the number of updates that some software manufacturers roll out for their OS and applications – sometimes the updates even introduce worse bugs and other issues.

Perhaps you remember in late July when a faulty CloudStrike update shut down 8.5 billion systems around the globe? In addition to all Delta and American Airline flight systems being shut down, banking systems around the world were disrupted, healthcare, business systems, and government offices were crippled as well.

It would be a major mistake (7) to react to CloudStrike-like events by not allowing your system to update when necessary. Yes, you can check computer magazines and web sites to assure yourself the latest updates are clean and function properly.

It is true that sometimes you may return to your PC and discover that an update has closed files on which you were working. Fortunately, most of the time, Windows, for example, will make a protection copy of files that have not be recently saved.

Bottom line: be cautious, but do not disable updates.

PERSONAL DOWNLOADING

Depending upon your personal or corporate firewall, you may wish to download and install new software or update existing programs.

Some sites display a new tactic: a seemingly endless series of “Next” or “OK” buttons. If you do not ready the text carefully, you may end up with software you did not want – and may find hard to remove. The mistake is (8) to just click on the series of “Next” buttons without knowing what they will activate.

Some screens with present you with two “next” buttons, and one may be larger than the other. Do not be fooled by visual tricks.

SCAMMERS IN SHEEP’S CLOTHING

Sometimes, even with security apps in place, you might end up on a web site and suddenly a message pops up saying something like “your system has been attacked. Call us now at Microsoft Support for help to get rid of the problem.”

Support scams are growing. You are directed to an 800 number and the “tech support” person will  commiserate with you over the warning, and offer to help clear it. Sometimes, you will get a call from someone impersonating tech support from Microsoft or Apple, for example. With AI now, such calls are becoming more automated and common.

Do we really have to say that it is a mistake (9) to call any supposed support number and give them access to your machine or credit card? And do not pay any ransomware demands.

No. No matter how sincere and helpful they sound, all they want is to get your credentials and empty your bank account. Generally, finding yourself in this situation is a very good time to close the tab/window, and even reboot, avoiding the URL that gave you the message.

WIRELESS ISSUES

It is so much more convenient when you can open a laptop or tablet and go from location to location, staying connected via Wi-Fi systems.

But it would be a big mistake (10) to fail to set a strong password for Wi-Fi user access.

To be honest, even that might not be enough. Some hackers have tools to “sniff” out Wi-Fi transactions, and often can “see” passwords.

www.henryeng.com

THE IT DEPARTMENT 

Depending upon the size of your operation, you may have a separate IT department.

This can be a blessing or a curse. And many IT people do strive to be part of the “team” and try to facilitate everyone so access and operations are smooth and secure. Some of the best places to work are where IT and Tech are one department, working together.

On the other hand, some IT folks act as the character Mordoc in a popular comic strip. Mordoc actually was the head of IP, or Information Prevention. His mentality was sort of “if I do not let anything happen, no viruses or spam can get in.”

That sort of explains the actions of some IT departments that suddenly decide the best way to reduce spam is by instituting an email whitelist: no one not on the whitelist could send email to that company – not even a new ad agency wishing to place a large order. Even some SBE chapters have been found to whitelist incoming email.

What is the mistake here? (11) Failing to have the IT department communicating and working together with everyone, especially the on-air staff and engineering, as a equal team-member. Hiding behind “trouble tickets” and voicemail that is not often returned hurts the whole enterprise.

Similarly, (12) Failing to cooperate with the IT department as much as possible will damage the efficiency and productivity of the company. 

The takeaway? Everyone should endeavor to understand why policies are as set out – and both sides should endeavor to understand the needs and problems of the other department.

AIR-GAPPED SYSTEMS

Here is an example of why it is essential for everyone to work together and not try to bootleg solutions.

Some IT departments will work hard to keep “mission critical” computers and systems “air-gapped,” with no connection on the LAN or WAN.

The problem is that hackers work just as hard to find ways to breach even air-gapped systems. How? It could be a simple as that USB flash drive you use to bring files in from another computer. We used to call that the “sneaker net” before widespread LANs linked almost every computer in the company.

The mistake is (13) to be overly casual with importing files to air-gapped computers from elsewhere. (Yes, we have managed to list a baker’s dozen of mistakes.)

In broadcast, this can be even more difficult than merely preventing USB connections. Remember, in most facilities, Traffic and Bookkeeping need to access the on-air system. The Production department needs to upload spots, music, and other files. How about the Sales folks who want to know what avails are … available? Each and every one of these could bring malware that could take a station off the air.

If everyone makes it a point to not only understand why certain security policies are in place – and cooperate as much as possible – you will find fewer problems pop up and everyone can give full attention to putting out the best product possible. – BDR

 

– – –

 

Would you like to know when more articles like this are published? It will take only 30 seconds to
click here and add your name to our secure one-time-a-week Newsletter list.
Your address is never given out to anyone.

 

Return to The BDR Menu