Update: 1/7/2020 – And this comes through my twitter feed.  Almost like someone trying to prove my point:  https://twitter.com/joetidy/status/1214534032756748288

Seems like we have some exciting times coming from a security perspective.  With the US killing of an Iranian General, cyber attacks are incoming.  This is nothing to take lightly now or ever but it always seems there are companies that don’t take security seriously until they are hacked and the public finds out.  The problem, unfortunately, seems to stem from the fact that it takes money to put in real security and maintain that security.  It’s sad because if they had just put the money into security to begin with, many times they would’ve saved more money than having to pay fines, get people on ID services, etc.

To be honest, it reminds me a lot of disaster recovery planning.  Tons of planning and figuring out what is critical, tier 1, tier 2, etc but when it comes time to implement the DR plan, well, many times shortcuts are taken to save money.  Those shortcuts rarely, if ever, lead to a good recovery if it needs to happen.

I think the high school saying sums it up best:  Lots of kids are talking about having sex but no one really is.  Maybe a bit extreme because there are companies putting the time, effort and money into security but alas many must learn the lesson the hard way.

On an individual level, use multi-factor authentication when available.  I use an app called Authy that does a wonderful job.  I also use company specific app authenticators like Microsoft, Google and Blizzard’s (yes that’s the gamer in me).  I can personally attest that MFA has saved me a couple of times already.  It’s not hard to set up and it will save you a ton of hassle and pain in the long run.

So get to it and get secure!