Just because it's low-hanging, doesn't mean it gets picked.
Most of my day revolves around security; either by doing assessments or by doing remediation services. This year, recoveries have gone to the top of the list.
In 2020, everything went sideways with a massive increase in worldwide malware. If you throw a bunch of something at a wall, some things stick. With malware up approximately 1000% from 2019 to 2020, you're going to see much more things stick if that wall isn't protected properly simply from the sheer amount of stuff thrown at it. I've been consulted by many private companies as well as county, state and federal government entities and agencies to recover data and review breaches after they've happened. And every single one of them could've been either prevented or significantly reduced. These are some low-hanging fruit that absolutely NEEDS to get done in our community:
- Only share what you must (no root (/) directory shares, nor any shares to /QIBM, /QOpenSys, /QSYS.LIB).
- Properly protect what you share (*public *exclude on any custom directories, and reduce the amount of users with *ALLOBJ special authorities).
- Take regular, comprehensive backups.
This is malware risk reduction 101. We don't need expensive software. We don't need to spend a bunch of money. Just a little elbow grease is all.
------------------------------
Steve Pitcher
------------------------------