Assume that you have just bought an apartment. Ground floor with a small garden. Top location. Near a lovely park. Tram stop not too far away. Quiet, but still in reach of supermarkets and restaurants. Perfect, if it wasn’t for the daily and nightly flow of people around your building. Most of them seem nice, but some of them look nasty or even malicious.
So, you have properly equipped your entrance door with a modern lock and dimple keys; protected it additionally with a crossbar and installed a reinforced frame with multiple deadbolts. Your windows and terrace doors are also all reinforced and secured by locks so that nobody from the outside can easily open them, even if they are tilted. Automatic blinds roll down during the night for further protection. Inside your apartment, all your really important belongings are locked away in a small safe attached to the wall in your wardrobe: jewellery, watches, passports, banking codes and some important family documents. And you consulted a local security company who installed some motion sensors and external cameras to monitor abnormal activities when you are not at home. Of course, all that costs money and time to implement, but you feel secure now, properly protected and safe, since, at home, you are the number one person responsible for security. Your household insurance and the local police might help you and provide some valuable advice, but it is up to you to protect yourself and your family.
Enter your laptop. Smartphone. Tablet. PC. eBook Reader. Smart TV. Livebox. Stereo. Playstation. Wii. Internet-connected thingy. Just as within the privacy of your four walls and the valuables you have at home, such digital devices contain lots of information about your private life and that of your family. With some devices, you are even living in tight symbiosis. But have you consciously thought of protecting your devices as thoroughly as your apartment? Deploying all the necessary dedication, money and time?
For the protection of your digital assets, photos, films, documents, banking access, social media, etc., make sure that you apply cyber-security best practices: have all your connected devices configured so that they update themselves regularly. Note that the less “computer-like” your device is, the harder that will be to do (and you might decide to accept the risk of not patching such devices or just not put them online). Make sure that the entry point in your home network (usually your wireless access point, a “Livebox” or similar) is kept up-to-date and configured in a manner that any connection initiated from the outside is blocked. In fact, that should be the default setting. Only deliberately open incoming connections if you have a good understanding of what you are doing. Educate your family. Tell your kids and partner to watch out when browsing the web. Not everything is what it seems, and one wrong click can compromise your home network and all your digital assets. Once more, you are the number one person responsible for the security of your home devices. It is in your personal interest to keep them secured. The Microsofts, Apples, Googles and Swisscoms of this world might help you with that, but still it is up to you to protect you and your family.
But what about at CERN? Internet-wise, CERN is also in a dubious neighbourhood. Computer attacks against the Organization are happening all the time. Phishing. Ransomware. CEO-fraud. Brute-forcing. Defacements. Abuse. Attackers try hard to succeed. CERN’s reputation and its flawless operation of accelerators, experiments and computing services is at risk.
So it is in all of our interests to protect the Organization. Just like at home, at CERN you are the person primarily responsible for the cyber-security of your digital assets. It is you in the first instance who is supposed to apply the same cyber-security measures you deploy at home to all the devices registered to you at CERN. Your laptop. Smartphone. Tablet. PC. Server. Virtual machine. Container. Website. Database. Control system. Software. Computing account. Keep them up-to-date. Tightly control any remote, virtual or physical access to them. Have monitoring capabilities in place. Provide additional protective measures if the device is just weak and not really secure. The CERN Computer Security Team can help you with that. Training. Auditing. Consulting. We also provide additional monitoring, detection and protective means. And in the event of damage, we do incident response and close-out. Whatever cyber-security issue you have, just drop us a line: Computer.Security@cern.ch. We are here to make your professional life more cyber-secure.
______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.