October evokes many things: skeletons, ghosts, pumpkins and, of course, Halloween. Yet for anyone wanting their workplace to operate efficiently and safely, October should be known for something else:
#CybersecurityAwarenessMonth!
This 31-day period is a perfect reminder for businesses to review and, if needed, revise their cybersecurity strategy for the year ahead. Let’s learn more about this awareness month and how you can seize the moment to fortify your company’s cyber approach.
Where it All Began
Cybersecurity Awareness Month started in 2004 when the U.S. Congress gave October that official designation. Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative, public-private effort to raise cybersecurity awareness nationally and internationally.
Each year, Cybersecurity Awareness Month initiatives are organized under a different theme, with 2022’s being “See Yourself in Cyber” – an urgently important message. It advocates for people to stop seeing cybersecurity as an inaccessible topic for the select few and instead view it as something in which everyone can play a role.
Four Main Pillars
According to CISA, beginning to “See Yourself in Cyber” involves acting on four key priorities, some of which we’ve already discussed on this blog:
By taking these basic steps to protect your information and privacy, everyone can gain more ownership over their online life and prevent costly incidents.
Become a Cybersecurity Paragon
The silver lining when talking about cybercrime is that more attention is being paid to cybersecurity these days. A trickledown benefit of this enhanced awareness is that more resources are now available that can help even those unfamiliar with cybersecurity improve their firm’s digital defenses.
One such example are the efforts of the CISA. Each year during Cybersecurity Awareness Month, CISA invites interested parties to join them as “cybersecurity partners.” Those that do receive a toolkit with everything they need to audit their own security posture and raise awareness within their company and industry. Elements of the toolkit include cybersecurity 101 presentations, tip sheets, content assets and much more.
Visit CISA’s website for more information and to sign up as a cybersecurity partner.
You Can Prevent Cybercrime
Do you remember seeing those U.S. Forest Service ads where the iconic Smokey the Bear would proclaim, “Only you can prevent forest fires”? You don’t have to be a marketing whiz to see the beauty of that campaign. Simple, direct and powerful, it outlines the essential role we all play in preventing a widespread problem that can carry a terrible cost if it goes unchecked.
The same message holds true for cybercrime. A ubiquitous problem that can lay waste to individuals, businesses and even entire communities, cybercrime is nothing to joke about. If you’re a small business owner, for example, one bad attack can threaten your longevity as an enterprise.
But instead of becoming intimidated and reactive, events like Cybersecurity Awareness Month can inspire us to become empowered and proactive. We can all choose to “See Ourselves in Cyber” and take action to create a safer digital community.
Cybersecurity was a major topic during the past 12 months. Here are a few of the top trends.
2021 was another whirlwind year – full of both difficult challenges and encouraging developments. Naturally, this extends to the cybersecurity field as well. Let’s look forward to some of the biggest cybersecurity developments and what they mean for the workplace.
Malware in the News
Most people these days have a basic understanding of malware. At the very least, they’ve heard the term before, as well as its many variations like computer viruses, worms, Trojan horses, ransomware, spyware or adware. However, 2021 was definitely the moment where cybersecurity awareness went fully mainstream. Whether it be the Colonial Pipeline and SolarWinds attacks to the explosion in phishing related to COVID-19, cybersecurity issues dominated the headlines this year like never before.
Business Responses
Unsurprisingly, this explosion in malware activity has brought a wide range of responses – many of which are quite good and include elements I’ve previously advocated for on this blog. For example, during 2021 it became abundantly clear that cybersecurity should not solely fall under the purview of IT. A secure organization requires everyone to practice safe online behavior, but to do that, employees need guidance on identifying potential threats and acting accordingly when they encounter one. Additionally, end-users often require instruction and training on proper password management.
Remote Work Security
Of course, this is only one piece of the puzzle, particularly as remote work has skyrocketed over the past year. IT professionals have had to push themselves to their limits to support their organizations through such a profound paradigm shift. They have had to contend with employees potentially using unsecured personal devices and networks; the prospect of corporate devices being stolen, lost or misused; and cybersecurity knowledge gaps amongst dispersed workforces. To compensate, businesses have adopted a wide range of approaches, including advocating for multi-factor authentication, conducting extensive WFH (work from home) security training or deploying new solutions such as virtual desktops or DaaS.
Here’s to a Successful 2022
As one year ends and another begins, it’s important to look back in addition to looking ahead. 2021 has been a difficult period for cybersecurity, affecting both IT professionals and end-users. However, by practicing due diligence, ensuring that staff is trained on best practices and making investments where necessary, firms can face the new year with a sense of optimism, knowing that they’re well-positioned to operate safely and effectively in our digital-first economy.
Digital file-sharing is a normal part of business, but don’t let down your guard
Today you can send almost any type of file through the internet. Digital repositories to receive or send data are a standardized feature of many office-based workplaces. In each one of our pockets, there is a cloud-connected device continually backing up our files, notes, pictures and texts.
While this technology is incredibly convenient, offering a streamlined way to share personal or professional information, it can still carry a security risk. If you don’t protect your files, there is the possibility someone could access or hack your business’s personal details. In this blog, we will discuss different ways to stay safe while sharing your files.
P2P File Sharing: What Are the Risks?
Whenever you engage in peer-to-peer (P2P) file sharing, you are opening yourself to potential security risks. From difficulties in tracking what becomes of your files to the elevated threat of malware, you can’t be too careful when sharing sensitive information. Downloading files also often results in significant traffic over a network, potentially reducing the availability of select programs on your computer or access to the internet itself.
Reasonable Precautions
With the inherent risk to P2P systems, how can you protect yourself? While nothing can completely eliminate risk, there are several strategies for more securely sharing files. First and foremost, there is anti-virus software, a type of software specifically designed to recognize, sequester and eliminate threats. Keep in mind that bad actors are constantly creating new viruses, so you can’t have a set-it-and-forget-it attitude. Use due-diligence and keep your anti-virus program current to maximize the amount of security it offers.
It is possible to apply an additional level of security by adding password protection to your files. Modern software programs make this easy to implement. For instance, Microsoft Word offers a step-by-step guide for how to attach an encrypted password to your documents.
The next method is to use encryption. By encrypting your files, you will always be able to keep your folders safe. Typically, encryption is accomplished with algorithms such as ECDH. You will want to ensure that encryption is part of any file sharing service you pursue for business purposes. And luckily, there is a wealth of information out there to help you vet potential providers.
Email is another common way that files get transferred, and it is highly important to secure these electronic communications. A frequent technique of email hacking is phishing. Stay alert when exchanging emails with anyone you don’t know. There are also specific email settings to keep the attachment of an email completely protected. Finally, many anti-virus software programs will scan all your emails and check whether they are infected or not.
You Can Never Be Too Careful With it becoming ever easier for people to connect, communicate and collaborate, one can occasionally forget that safety must be prioritized to the same level as productivity and convenience. Yet there are plenty of easy steps one can take to bolster their security when sharing files. By implementing these best practices, you will fortify your data and files, and be able to safely leverage these technologies for greater business growth.
Ransomware attacks are on the rise. Don’t let yourself become a victim.
For anyone with a passing awareness of IT trends, ransomware is the hot topic of the day. From the Colonial Pipeline attack to the JBS Holdings attack, ransomware attacks are becoming more brazen, more destructive and more frequent. According to recent data, this cybercrime is expected to grow by a staggering 15 percent per year, until it reaches 10.5 trillion dollars in 2025.[1] For comparison’s sake, the entire GDP of the United States in 2019 was 21.43 trillion dollars.[2]
Of course, independent title insurance agencies are much smaller than a gigantic oil pipeline system or food processing company. But that doesn’t mean they are immune from being targeted by bad actors or that they will stay under the radar of cybercriminals by default. Smaller companies are also at risk and need to take steps to protect themselves and their operations from ransomware.
Here is what you need to know about this particularly destructive cybercrime.
What is Ransomware?
Ransomware is a type of malware. True to its name, it blocks access to systems, devices, files or data until a ransom is paid. It’s important to note, however, that there are many different variations of ransomware. There is crypto ransomware, where malware encrypts a system’s files; wiper ransomware, where it threatens to erase files; or locker ransomware, where it blocks access to a system entirely. Ransomware also often includes communication from the criminal, a demand for financial payment – typically in the form of Bitcoin.
How Do Ransomware Attacks Occur?
Ransomware is delivered in a variety of ways. Some of its delivery mechanisms can include malicious attachments or links sent in an email; a network intrusion; being dropped by another malware infection; or by being wormable, where it spreads laterally via flash drives or Windows shortcut (LNK) files.
Why Be Aware of Ransomware?
Ransomware is a chronic and escalating problem. Not only do attacks appear to be happening more frequently, but their impact is also growing. In 2019, for instance, ransomware tore through 750 government computers in Texas. Earlier in 2021, the Colonial Pipeline got shaken down for nearly $5 million in ransom. Also this year, the computer giant Acer was attacked, with the threat of actors demanding a $50 million payment – the largest known ransom to date.
The ransoms that follow these types of attacks are not the only losses these companies experience. Ransomware also results in significant downtime for a company, which can cause havoc for an organization’s bottom line, not to mention their brand and reputation.
How Do You Protect Yourself?
As with many cyber initiatives, developing an effective and robust defense against ransomware requires an all-hands-on-deck approach and strong organizational buy-in. It is imperative for companies to develop, implement and enforce cybersecurity policies across all departments. Such policies should include guidance and training for how to spot malicious emails and report suspicious activity. In addition, businesses can change default passwords at network access points, routinely apply software patches to keep systems current and segment networks to make it harder for a criminal to roam across your entire digital ecosystem.
Now is the Time for Action
With the prevalence of breaches and cyber-attacks, conducting business online can feel like the Wild West: you just never know what is going to happen. But there is truth in the adage that the best defense is a good offense.
With ransomware attacks growing in both size and scope, now is the time to take proactive, preventative action to discourage bad actors or make your enterprise more resistant to cybercrime. Nobody can eliminate the prospect of ransomware attacks. But by taking strong action before a problem arises, you will greatly reduce the possibility of being attacked and keep your operations running as smoothly as ever.
Extend your security bubble further than your business’s front door.
Managing cybersecurity risk is an arduous task for any organization, one that becomes even more challenging when trying to extend your security to vendor relationships. However, it has never been more important. Not only are cyber threats on the rise, but the U.S. Securities and Exchange Commission (SEC) made ensuring operational resiliency and information security one of its 2021 priorities.
Thankfully, last year the agency published a report on the due diligence companies should practice when dealing with vendor relationships. Covering the monitoring of vendors, contracts, customer information policies and other issues, the guidance provides much-needed advice for these complex business partnerships. Let’s explore some of its main tips, takeaways and findings for addressing security concerns with your vendors.
Why Does Information Security and Operational Resiliency Matter?
According to the SEC’s 2021 Examination Priorities report, breaches in information security can in fact “have consequences that extend well beyond [a] firm,” adversely impacting “other market participants.” The report further explains that, due to the radical increase in remote operations in response to the COVID-19 pandemic, cybersecurity concerns have been elevated further, requiring closer scrutiny of endpoint security, data loss, remote access, use of third-party communication systems and, of course, vendor management.
Understand Your Liability
It is a common misconception that if your vendor experiences a data leak, the onus is on them. Not true. State laws typically lay responsibility at the feet of the entity that collected the customer information in the first place. They usually limit vendor requirements to informing you that a data breach or hack has occurred. To safeguard yourself and your business, ensure that your vendor contracts explicitly detail how your customers’ data needs to be handled, what to do in the event of a breach and the expected timeline for dealing with any disruptions.
Vendor Management Programs
You likely already have some experience working with vendors, as well as an understanding of how time consuming such relationships can be. Unsurprisingly, adding cybersecurity concerns into the mix creates an additional set of concerns that need to be managed. Establishing a program that addresses security concerns and expectations at the beginning of the working relationship can help. This program should cover safeguards, how to evaluate vendors, independent audits and processes for terminating and/or replacing vendors.
Understanding and Monitoring Vendor Relationships
One positive finding from the SEC is that many advisers and their personnel already demonstrate a clear understanding of privacy and cybersecurity contract terms. Furthermore, these advisers display an awareness of the risks inherent to outsourcing work to vendors and best practices for limiting such risks. One way that companies accomplish this is through continuous monitoring of vendor relationships, making sure to stay apprised of any changes in the vendor’s services or personnel.
Ongoing Work
Despite this good news, firms cannot simply assume that their data protection policies are fully up to snuff or even rest on their laurels. Instead, they must treat vendor security as an ongoing, habitual process.
As the SEC noted, designing a vendor management program is a great place to start. Then, be sure to implement it. Build security requirements into your initial vendor contracts and make them as specific as possible. Run regular security audits, using questionnaires if necessary to rigorously evaluate your vendor’s security practices. You can also demand system and organization controls (SOC) for any vendor you choose to work with, requiring them to conduct a SOC for cybersecurity audit on an annual basis. Lastly, you and your company should be performing access and security reviews daily, always staying vigilant for unusual activity.
The hard truth is that, in our digital-first world, we all must work a bit harder to stay safe online and protect the integrity of our customers’ data. But by doing so, you will have a more resilient organization and satisfied client base.
