By John Stephens
For the Oregon Beer Growler
A looming threat that seems nearly impossible to escape today a cyberattack. How many of you have received a notice stating that your personal information has been stolen, a major retailer was hacked or a credit bureau was compromised? This problem extends to small businesses as well, including breweries. In this article, you’ll find five easy tips to enhance cybersecurity, and since I’m a homebrewer, I thought it would be more relatable to talk about it in beer-making terms. While the world of cybersecurity is far different from the world of brewing, there are some close analogies we can use to describe the process:
· Inspecting and maintaining your equipment
· Adequate cleaning and sanitization
· Limiting those who can influence the process
· Process control
· Recurring quality checks
Inspection and Maintenance — Just like faulty equipment can result in less-than-desirable beer, the same can be said of cybersecurity. We call this “vulnerability management” and it includes all of the software patching and updating necessary to keep your computer and software secure along with the periodic checks to verify that. Software on a computer (or tablet, or laptop or smartphone), requires constant patching to ensure it’s not susceptible to exploit. Once the patches are applied, it’s necessary to validate they’ve been successfully installed. Think of this like an inspection of your equipment to make sure there are no cracks, splits or leaks that could lead to unexpected “stuff” mixing with your brew.
Cleaning and Sanitization — Another common downfall in brewing is a lack of adequate cleaning and sanitization, and it’s the same for cybersecurity — except instead of the resulting funky, undrinkable beer we’re talking about viruses and malware. Even a well-planned and well-maintained computer network can be ruined if it’s not properly cleaned and the virus removed. So just as you must scrub away the gooey remnant of the last batch clinging to your equipment, it’s important to have antivirus and antimalware systems in place to get rid of that stuff on your computer.
Process Influence — When brewing beer, who does what depends on a variety of things, including scale of operations, levels of expertise and so on. Let’s face it, regardless of the method in place, it’s not likely that you let the intern tweak the brewing process. It’s like that in cybersecurity as well, although it’s necessary to have a system in place for this. But because it’s all handled electronically, it’s not as easy as recognizing your coworkers’ faces when they arrive. Instead, people log on to their accounts with passwords, which aren’t particularly foolproof anymore. It’s important to strengthen this process by using multi-factor authentication. That simply means adding another element to validating who you say you are. This ensures only legitimate users are able to do things on your network where critical information is stored. Think of this as preventing the intern from customizing the batch!
Process Control — When you’re making beer, it’s important to control the process — whether it be the mix of ingredients or the temperature at which the beer is stored. This is true in cybersecurity as well; it’s all about control. Control involves user permissions and the ability to make changes. Consider how a batch of beer might be affected if it were fermenting in an open room with no restrictions on who could enter and make changes. Maybe someone might stop by and decide they need the airlock from this batch for their own project. If everyone can make changes, there is no consistency or control. Would you brew beer this way? If not, think about applying the same principles to your network.
Quality Checks — Brewing good beer requires a dedication to quality. And a dedication to quality means a dedication to quality control in the form of inspection and, especially, tasting. It’s like that in cybersecurity too, although not as much fun. Continual checks ensure things are running securely. Security monitoring is like quality control in brewing. If you don’t do it, you might end up with a bad batch. Even worse, you might not realize you’ve got a bad batch until you’ve taken a big swig. It’s like that in cybersecurity too, except a bad swig may be something like identity theft, encrypted files or worse.
There is far more to making good beer than the five the things I’ve talked about as there is far more to cybersecurity. If you think about the items we’ve addressed as being just as vital to cybersecurity as their counterparts are to good beer, neither of us will run into a bad batch.
John Stephens, CISSP, CEHv8, Security+, CHPSE, ITIL Foundation, is managing partner at Luminant Digital Security. He specializes in cybersecurity and compliance for SMBs.