When it comes to network security and data protection, lava lamps are more than an amusing gizmo. Did you just roll your eyes? It may seem impossible, but Cloudflare, a company that provides security and domain name services for millions of websites, has actually turned this play toy into a secondary source of randomness for its production servers.
Here’s a fascinating look at the company’s lava lamp strategy—and a few other measures that’ll help your business fend off cybercriminals.
How lava lamps underpin cryptology
If you walk into the lobby of Cloudflare’s San Francisco office, you’ll find an actively recorded wall of lava lamps. The video feed is delivered into cryptographically secure pseudorandom number generators (CSPRNGs), which are algorithms that produce a much larger stream of unpredictable output. Computers store images as huge numbers—so the images can be entered into a CSPRNG just like any other number.
The unpredictable flow of the lava makes the recordings the perfect way to obtain secure randomness—and that unpredictability is crucial to keeping security high and hackers out. Ultimately, the random “blobbiness” of a lava lamp is the perfect heartbeat for their cryptography, which banks on the ability to generate random numbers both unpredictable and hidden from adversaries.
Keep hackers off your back with better passwords
For those of you without a wall of lava lamps to bolster your IT security, there are a number of measures you can put in place to better protect your network. For starters, you may frequently ask users to create passwords using a combination of upper- and lowercase letters, numbers, and special characters, but that formula is a gift to hackers.
Randall Munroe, creator of webcomic xkcd, points out the error of this method: He calculated the amount of time required to crack two passwords. The first, using the previously mentioned strategy, could be cracked in three days. The second, using nonsense phrases like “correcthorsebatterystaple,” would take 550 years. According to Munroe, “It’s time you upgraded to password management that actually works.”
Invest in printers with built-in security features
Your network likely comprises a multitude of endpoint devices—and it’s up to IT to make sure every single one of those devices is secure. You may think you’ve nailed down security protocols on all your employees’ computers and phones, but did you think about the office printers?
Printers often go overlooked in cybersecurity strategies. If you make that mistake, you’ll leave an entry point wide open for attack. Luckily, you can minimize your threat risk by incorporating printers with unique security features into your office. They can stop an attack the moment it starts, shutting down your compromised endpoints and self-healing as they boot up. These embedded features will keep your devices and network safer from hackers—giving your IT team peace of mind and extra time to tackle other tech issues.
Develop a clear communication plan for cyber attacks
When a cyber attack hits, do your employees panic and come running to IT? If you’re slouching down behind your computer monitor, you’re not alone: MIT Technology Review discovered 44 percent of 225 business and IT leaders polled did not have cybersecurity crisis-communication plans in place. Even worse, 15 percent didn’t even know whether their businesses had such plans or not.
During a cybercrisis, it’s important to communicate continuously—starting from the top. Here’s how to establish a crisis-communication framework in your company:
- Create a cross-functional communication team: Depending on your organization, you might include an HR employee, someone from legal, and an IT team member. Bring in other applicable experts as necessary throughout the crisis for their advice.
- Establish a clear leadership structure: Identify a crisis owner who’s comfortable taking charge and ready to find answers to any questions thrown at them.
- Speak with one voice: Ensure everyone who’s empowered to speak with the company’s stakeholders shares the same message.
- Have communication platforms ready to go: If the breach becomes public, put a dedicated website online as quickly as possible. Set up multiple two-way channels, so stakeholders—including your employees, customers, partners, and media—can contact the company with information or questions.
- Practice, practice, practice: Run through rehearsals once every quarter with your team to prepare for different types of cyber attacks.
Prime your defenses
In 2018, Trend Micro predicts business email compromise scams will incur global losses of over $9 billion—and that’s just one threat vector. Innovative thinking, as seen in Cloudflare’s lava lamp strategy—combined with better password protection, printers with built-in security features, and an effective communication plan—will help ensure network security and optimize data protection at your company. Is your team prepared?