Cybersecurity continues to be a hot topic around the water cooler among IT professionals. It’s a major issue facing the IT department in every company. A common factor these departments face, regardless of size, is reporting and talking about cybersecurity issues with their manager or director. As an IT professional, it’s your responsibility, and more often than not, you’re the only one in your company who truly understands what it’s all about! It’s up to you to “sell” the situation and get your manager or director’s support.
The SSL Store’s blog Hashed Out offers five effective tips to help you talk with your boss about cybersecurity. They suggest that before you approach your boss that you be completely prepared; know the costs, time and other pertinent information, and have a clear and concise objective.
Their five tips are:
- Present the basic facts
- Present a cost/benefit analysis
- Discuss compliance issues
- Identify the biggest gap in your current security
- Make sure you’ve explained all of the above understandably
Click HERE to read the full blog. And remember these words of wisdom that wrap up the Hashed Out blog: “You are literally all that stands between your organization and a breach or attack. According to the National Cyber Security Alliance, 60% of SMBs that are the victim of a cyber-attack go out of business within six months of the incident. Larger companies tend to fare a little better, but they do take a hit to their reputations and are oftentimes fined or penalized.”
The Dark Web
You’ve most likely heard references of the Dark Web, Deep Web and Hidden Internet, but do you really know what they are? The Hacker News published a great article about it. It explains that the Deep Web is a huge section of the Internet that’s hidden and, according to the article, “is about 500 times the size of the Web that we know.” The Dark Web is a specific part of the hidden Deep Web.
Confused? Here are some facts:
- The Deep Web consists of data that isn’t indexed by standard search engines
- The Dark Web is completely different from the Deep Web – it’s merely a section of the Deep Web where you can maintain total anonymity
- The Dark Web consists of websites that sell illicit items and services
- The Dark Web can be accessed with special free software called The Onion Browser or TOR.
Recently a Dark Web item hit the news – an airport security system was available for sale for a mere $10. That’s alarming, isn’t it? Click HERE to read more about this “sale”.
IoT Bugs and the Damage They Can Do
Many hackers have moved on from their old tricks of phishing emails to grab information to the more lucrative use of the Internet of Things (IoT) to gain access to networks. Internet connected items are known for their vulnerabilities which made them the logical next move for hackers.
Wired published an interesting article about the connectivity of IoT devices and the entrance they provide into a company’s network. Once successful entrance into an IoT device is accomplished, a hacker can “jump” from one IoT device to the next and so on. They can literally bypass servers and are thus harder to detect. The article states: “Many, many IoT gadget characteristics make them risky to deploy. Manufacturers tend to patch vulnerabilities slowly, if at all. Each model of each device is a special snowflake, running inscrutable, proprietary code and making it difficult to create one-size-fits-all security scanning tools. Meanwhile, large institutions and industrial environments already struggle to prioritize PC and server patching; finding and cataloging IoT devices and hustling to apply every update quickly becomes unwieldy. So the devices sit out there, connected to the open internet with little oversight and few protections.”
Read the entire Wired.com story and check out the following links from the article for even more information.
- A long-predicted IoT crisis is here, and most devices simply aren’t ready
- The Krack Wi-Fi vulnerability showed just how vulnerable IoT devices are—and how hard they are to fix
- A big part of the problem is that every device is a black box, we don’t know what code these things are running and it’s all proprietary
Keeping Your Business Safe in a Cyber Threat World
TechSling Weblog just posed an interesting question: “If a hacker were to try and steal your company’s sensitive data, would they be successful?” What would your answer be? Yes? Don’t know? Both are the “wrong” answers and mean that you need to take a closer look at your cybersecurity.
The list of dangers your data faces is not just hackers and cyber thieves; malware and viruses are just as disabling. Implementing measures such as encrypting data that is stored or sent is a good measure of protection. Frequent data backups are also highly recommended.
Passwords can become a point of vulnerability. We all want a password that is easy to remember. Worse yet, many of us use the same password for everything. Both of those are dangerous practices. A strong online password is of the utmost importance.
Other areas of protection the article talks about are:
- Establishing a security policy
- Review and update the security policy on a regular basis
- Protect your clients by ensuring their data is secure
- Understand EU’s General Data Protection Regulation (GDPR) privacy policies
- Protect your company with cyber insurance as the cost of a cyber attack could prove to disastrous for a small business
- Stay informed about the latest risks and ways to protect your company from them
- Frequently check the Vulnerability Database for up-to-date information on cyber threats and solutions.
This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice. Should you have any questions or would like to discuss your risk exposure with your company’s insurance, please contact the insurance pros at ARCW Insurance. We are here to help.