For the busy executive that doesn’t have time to read lengthy articles but wants to stay on top of Cybersecurity strategies and thought leadership, Family-Driven Awareness Inc. proudly introduces our easily digestible bites of Cybersecurity knowledge. If you like what you see, please keep checking for new updates.
Amazon’s Key door-unlocking system has been hacked again. A Bay Area security researcher posted a proof of concept video on twitter this past Sunday showing how an unknown device placed near a Key-compatible smart lock can interfere with the lock’s locking mechanism, letting anyone into a Key-enabled home. Amazon is a clear leader when it comes to innovation for it’s clients, however innovation without proper security will have serious consequences.
The digital world gives us access to a wealth of knowledge, allowing us to carry entire libraries in the palms of our hands, but it also gives us access to criminals, spammers, fake news makers, trolls, haters, frenemies, enemies and a wide range of people looking to deceive us. When the age of information becomes an onslaught of misinformation, it’s up to us to be aware of what is real and what is fake. Take your time, do your research, think with logic instead of emotion, stay informed, stay aware and stay safe.
Looking closely at the digital forensics of many breaches, the acquired evidence often points to a similar root cause — people are getting tricked into doing things they shouldn’t be doing. Year after year, millions of people simply can’t resist the temptation of clicking on those interesting phishing emails, not to mention a wide range of other cyber no-nos. It is clear that hackers are hacking people and not technology. People’s tendency to leave personal information on social media that hackers can use against them can make spear phishing attacks worse.
The increased spotlight on cybersecurity has required CEOs, boards of directors, and the entire C-suite to establish proper corporate governance to manage cyber security risks. This includes developing comprehensive policies, procedures, and reporting structures. Regulators expect organizations to develop and implement proper oversight and risk ownership protocols. To regulators, cybersecurity is no longer a function of an organization’s information security department but a principle responsibility of executive management and the board of directors. Cyber threats are expensive and damaging to companies’ reputations and can have far-reaching consequences. Engage your C-suite to gain a clearer perspective of your data security plans and how you can improve them. Cybersecurity is not just an information technology problem. Commit to understanding the basics of cyber threats, educating the entire organization on next-generation vulnerabilities, and embracing key considerations for strengthening your organizations risk posture.
In the digital world we live in, information is the new currency, and that currency needs to be protected. Good cybersecurity awareness is not just for organizations and not just for governments — it’s for individuals everywhere. In a connected world, we each have a responsibility to protect ourselves and the people we interact with.
Focus on managing third party service providers and the potential risks those relationships pose. From a regulatory perspective, understand the cyber maturity of your vendor partners, what data they have access to, and where they might be vulnerable to cybersecurity threats. Weak vendor security controls translate to a weak cybersecurity environment.
Here are some cybersecurity questions to think about that will make your life easier when the seemingly unthinkable (yet highly probable) happens.
- How will the business run if there is a data breach? Who needs to be in the room to make decisions in the event of a breach & where is that room?
- Spend time with all your departments who use systems with data – you need to know what data is where. Knowing how those systems work & the potential risks to all aspects of your organization will need to be done before anything goes wrong.
- Do you need to set up a separate triage service that covers both internal & external queries specific to the breach – who is the point of contact in your organization for employees & the media, are they media trained? Who will speak to clients? Suppliers? Partners?
- Are there opportunities to create awareness or engagement by supporting employees with their queries & concerns around their personal data away from work?
- What is your plan for communicating with individual employees in the event of a cyber security crisis? We rarely consider our world without electronics — do you have a paper back-up system?
Ransomware has become the most popular form of malware in data security breaches, according to the 2018 Verizon Data Breach Investigation Report. The report is based on 53,308 security incidents, 2,216 data breaches, and 67 contributors globally. Ransomware started to appear in 2013 and has become the top variety of malicious software and found in 39 percent of cases where malware was identified. In addition, attacks are moving to more business critical systems that encrypt file servers and databases. Meanwhile, ransom demands are increasing. Why has ransomware become so commonplace? Because it’s easy to deploy and can be very effective–you don’t have to be a master criminal; off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There’s little risk or cost involved and there’s no need to monetize stolen data. What is your plan for Ransomware, do you have one?
For most organizations figuring a cybersecurity budget is often a mix of emotion and guesswork. A recent Gartner report shows most companies spend between 1% and 13% of their IT budget on cybersecurity, with the average at 5.6%. However, calculating cybersecurity budget as a proportion of the IT budget is a flawed approach, because the risk doesn’t necessarily rise if you buy more expensive equipment. A $1,200 laptop can very well be a $7 million security-risk issue. Not too mention, often, spending more on cybersecurity simply means getting more data about threats and more data about what’s going on in your system. To use a medical analogy, it can be like going to the doctor’s office 12 times a day: It really won’t make you any healthier. In order to get the most out of their cybersecurity budget, business leaders need to quantify cyber risk in simple economic terms and they need to understand how their cybersecurity spending impacts business objectives.
You may think that your startup is all but invisible to criminals due to its small size. However, according to the 2018 Data Breach Investigations Report shared by Verizon, these kinds of attacks are opportunistic. Criminals targeting startups may be banking on the fact that security measures haven’t yet been put into place. By not protecting your startup you’re making it an easy target for cyber criminals. That being said, here are four cybersecurity tips for your startup:
- Educate Staff: One in five cyberattacks start with employee errors.
- Identify at Risk Information: Make lists of who has access to what data. This includes financial information, customer data, employee records, and any other data that could be used for ill gains.
- Put Policies in Place: Establish clear cybersecurity policies and procedures regarding computer usage, passwords, back ups, virus and malware protection, encryption and so on.
- Create Data Recovery Processes: This may include talking to your business insurance agent as you create policies and procedures.