What is compliance? Some of you might be acutely aware of this term, and others might have little to no idea. In broad terms, business compliance means following the rules required to secure your business and the people that interact with it. More specifically, compliance is aimed at information security. Business Compliance means you are complying with requirements by a credible organization or government department that promotes the security and protection of sensitive information.
The holidays are just around the corner, and many of us will be purchasing gifts online. This is the time when scammers are out in force, looking to separate you from your gifts and money. In this edition of “The Ping” we will look at several precautions you can take to minimize your risk.
Cybersecurity starts first, and foremost, with people. Even with a secure perimeter, the people using the network can introduce risks to the environment. Teaching your employees what to look out for and where their responsibilities lie are the first steps to closing the security gaps and lessen the chances of your business falling victim to a vicious attack.
Recently we’ve had a few questions from customers regarding upgrades and updates. Let’s dive into the purpose of these updates and upgrades to break down the reason why they are so important.
*Special Alert* – Extortion Email Scam
A worrying new type of phishing email is going around using stolen data from high-profile websites. These emails include a password that has been used with the user’s email address in the past in an attempt to scare that person into sending the scammer money (typically Bitcoin). Since the emails include personalized information, they appear credible in ways typical phishing emails do not. Typically, the scammer is claiming that they have recorded “compromising activity” and blackmailing the user for their silence.
Within the last year, Facebook, MyHeritage, Ticketfly, Under Armour, and several other high-profile services have been compromised.
Once you’ve decided to work remotely, you may find it difficult to stay in sync with the rest of your team back in the office. Digital workforce infrastructure has been engineered for decades to provide a stable foundation for your office, but now that you’re outside of your firewall you may find yourself as frustrated as a hacker would be when trying to access your company’s documents. While you may still be able to email back and forth with your coworkers, you can’t easily update your shared files, see who’s available to receive an incoming call, or update a customer’s order status.
Working remotely may seem rather quick and easy. You head on over to your local coffee shop, order your triple-shot, half-caff, no foam, extra hot latte and sit at your favorite table in the corner. You double check to make sure no one is looking over your shoulder, pop open your laptop and get to work. Right? Well, it’s actually a little more complicated than that. Staying secure in a non-secure work place comes with some much needed extra steps to keep your company data away from prying eyes.
Most of us look at that update notification from our devices and think, “I’ll do that later.” When we finally get around to it, there are multiple updates that have been sitting there for weeks. We continue with this behavior because nothing has happened to me yet. In order to change those behaviors, let’s begin to think of updates like you would your car insurance. If you waited to cover yourself, that fender-bender might have cost you a LOT more in the long run.
Building an Effective Human Firewall
Cyber attacks aren’t just getting more frequent, they are also becoming significantly more vicious and sophisticated. One reason for this is because Cybercrime is easy to do…anyone can find the tools on the dark web and easily start their own cybercrime business. Now, more than ever, is time to take stock of your countermeasures with a focus on your staff as the likeliest entry point for cybercrime attacks.
Cyber criminals count on the fact that busy people perform hundreds, if not thousands, of daily actions on a computer or device connected to the internet and they know that most of those actions are performed automatically and without much thought. As a result, the majority of today’s data breaches result from human error, making cybersecurity a “people problem” as well as a technology issue.
The solution to this people problem goes beyond IT and involves cultivating an entirely new employee mindset around cybersecurity. Our recommendation is to create an expectation of 100% participation…it only takes one person to click on one link to bring the system down.
When fully engaged, these three steps creates a formidable human firewall capable of spotting and preventing even the most sophisticated cybercrime attempts and offers a significant step towards mitigating the human error that is behind 95% of the cyber breaches occurring today.
Ok, I have followed all the steps in last week’s blog post. I have identified my critical functions and reviewed my backups, but I still don’t have a recovery plan in place.
How do I create a plan based on the loss tolerance decisions that have been made?
Now that you’ve done some research and made critical business decisions that best fit your Disaster Recovery needs, let’s document it! You can simultaneously begin to implement some of the changes you will need to engage your plan when disaster strikes, but if there is no user manual then no one will know how to use it. You want to create a write-up that is comprehensive and easy to understand and to follow. At a high level, you want to make sure your plan covers the Who, What, When, Where, Why & How?