Catch up with Single Path
Technology is constantly advancing. And so are we.
Happy Hacktober! We’re already well into this, the 15th annual National Cybersecurity Awareness Month. NCSAM is a joint effort between the U.S. government and various businesses to raise awareness of cyber security, and emphasize the importance of protecting your organization with cyber security tools and education.
Make no mistake: the need for education continues and cyberattacks are still on the rise. According to data from the Department of Homeland Security, 600,000 personal and business accounts are hacked every day and 47% of all American adults have had their personal information exposed by cyber criminals. What’s surprising is that Millennials, despite having grown up in a digital world, are particularly vulnerable to cybercrimes, with 44% of them victims of online crime in the past year alone.
Get Smarter, Get Safer
The best protection is education. The principle behind Hacktober, which has remained the same since the beginning, is the need to promote proactive, smart behavior in organizations in order to foster a security-conscious culture. Fortunately, there are thousands of cyber security tools and resources available, whether for individuals, SMBs, schools or other organizations.
We’ve collected some of our favorite cyber security tools here. Some of these have been created specifically for Hacktober, and others are evergreen. We hope this list of resources can help you stay more secure.
Cyber Security Tools for Small Businesses
1. This Cybersecurity Awareness Toolkit for Small and Medium-Sized Businesses was published by the Cyber Security Alliance, Facebook and MediaPro specifically for National Cybersecurity Awareness Month. It includes a great deal of information on how to create your own internal company Hacktober awareness kit and, more importantly, tips on how to implement your own cyber security protocols.
2. This 30-minute online assessment tool from the Michigan Small Business Development Center (SBDC) helps small and medium-sized businesses evaluate their own cyber risks.
3. The U.S. Small Business Administration offers a free cyber security course for small businesses.
Cyber Security Tools for Schools
4. A resource library from the Higher Education Information Security Council contains cyber security tools specifically targeted for colleges and universities including brochures, banners and more.
5. k12cybersecure.com is a site filled with “a curated list of recent information and resources to help U.S. public K-12 school leaders and policymakers navigate cybersecurity and related issues.” There are lots of links to articles and reports.
Cyber Security Tools for Everyone
6. This 2018 Toolkit from the Department of Homeland Security was created for National Cybersecurity Awareness Month. This is a comprehensive report that includes government contact information, cyber security tips, a glossary of terms and a list of online cyber security tools.
7. The national STOP. THINK. CONNECT™ campaign is a “national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.” The STOP, THINK, CONNECT website has materials you can display at your organization, plus videos and resources aimed specifically for small businesses and educators.
8. Staysafeonline.org is a website from the National Security Alliance that features a list of upcoming cyber security conferences, online safety basics, advice on how to get your organization involved in cyber security, and many other resources.
9. Create your own custom cyber security planning guide for your organization with the help of this cyberplanner tool from the FCC.
10. The U.S. Chamber of Commerce offers cyber security tools such as tip cards, videos and posters that provide business security essentials.
11. US-CERT (The United States Computer Emergency Readiness Team) provides “no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.” They also offer a self-assessment package, information sheets, downloadable guides and more.
12. The National Institute of Standards & Technology developed a CyberSecurity Framework that recommends standards, guidelines and best practices to manage cybersecurity risk for organizations.
We know we promised 12 tools, a solid dozen online resources, but we have to add a few more—
13. While not specifically created for Hacktober, we’ve published many blog posts that detail cyber security across a wide range of topics including blog posts on Phishing Tactics (part 1 and part 2), How to Spot a Phishing Email, Why Password Security Is Important for Your Business, How to Create Your School Cyber-Threat Strategy, The Growing Threat of IoT, and We’re Only Human: The Importance of Security Awareness Training.
There are many more cyber security tools out there, and we hope you’ll find the ones listed here, or others, are exactly what you need to create a more secure organization.
The Best Resource: Single Path
Single Path is your cyber security expert, with both the experience and resources to protect your organization. We provide a comprehensive menu of security options including audits, penetration testing, vulnerability scans, data loss prevention, ethical hacking/employee training, managed security incident event management (SIEM), managed advanced malware protection, next generation firewalls and email/content filtering. We also can help you rebound from an attack or natural disaster with our incident response services. Of all the vast array of cyber security tools that protect your organization, one of the easiest steps to take is simply calling Single Path.
Business organizations and schools are under cyber attack. Just this past week, it was reported that the FBI uncovered a phishing email scam aimed at stealing funds from New Jersey state employee online payroll accounts. The emails requested employee login credentials, which the criminals could then use to redirect an employees’ direct deposits. A similar ploy was recently directed at school employees in Atlanta, and the FBI Internet Crime Complaint Center (IC3) has issued a public warning about phishing email payroll fraud.
Learn how to spot a phishing email in our latest blog post.
Contact Single Path. With Single Path Security offerings you have access to a wide range of collaborative and customized protective services. Let us help you avoid being victimized. After all, falling prey to a phishing email scheme is a mistake, but doing nothing to prevent it from happening may be an even bigger one.
Hurricane Maria was the worst hurricane to hit Puerto Rico in nearly a century, with winds reaching almost 200 miles per hour amid torrential rains and flooding. The disaster left millions of people without power, hundreds of thousands without access to basic necessities and 10,000 people homeless. The world watched with concern and compassion.
But when School Superintendent Jim McKay and Single Path’s Bill Spakowski saw the news, they decided to make a difference.
As superintendent for School District 117 in Antioch, Illinois, Jim McKay had helped send supplies to Houston after Hurricane Harvey. But he knew, this time, supplies were not enough. He needed to do more.
Jim knew the devastation would impact families and children most, and he also understood the vital role schools play in a community. “My mind is with kids,” said Jim McKay. “It’s with helping. When I heard kids in Puerto Rico were not being served, and maybe not being able to attend school for months, I knew I had to do something.” Jim reached out to other area school districts and business and community leaders. Jim had worked with Single Path to set up his own district’s 1:1 learning environment just a few months earlier, so Bill Spakowski of Single Path was near the top of his list of people to call. As Jim suspected, Bill jumped at the chance to help.
Puerto Rico already had considerable education challenges. An estimated 30 percent of Puerto Rico’s students receive specialized education, twice the average on the U.S. mainland. According to the New York Times, only 10 percent of seventh, eighth and 11th graders achieved proficiency in a standardized math test in 2017. Escuela Rafael de Jesús, an elementary school in Rio Grande, Puerto Rico, was faced with similar challenges, even before the hurricane. This district serves 300-400 students of mostly low-income families (86% of them receive a free or reduced lunch) and a great number of special needs kids. They didn’t have the funds to recover from the hurricane on their own, at least not without a miracle. Jim, Bill and the group they named “Relief Through Leadership” became the school’s angels.
The amount of money and equipment Relief Through Leadership raised was impressive, and reflects the environment of caring and giving that both Jim and Bill advocate in their respective organizations.
Donated supplies and technical assistance from Single Path were married by similar efforts from other organizations. The group solicited no tax dollars. Volunteers who went to Puerto Rico paid for the trip out of their own pockets. And the amount of donations, work, and organization, was staggering. For example, local schools donated desktops and notebooks. CDN logistics trucked four pallets of computers from Lake Villa, Illinois to Miami. Carnival Cruise Line shipped those pallets to San Juan. The Mayor’s Office delivered the equipment to the school. And everything was donated. “We were one of the few volunteer groups that were able to crack the sea-transport challenge,” admits Jim McKay.
Jim, and his group of volunteers, which included two people from Single Path and eight school superintendents, flew down to Puerto Rico and got to work. Bill and his colleague not only helped set up two hundred computers, including desktop classroom computers and Chrome Books, but they joined the team spending time (and sweat) scraping paint from ceiling and walls and repainting the school building with paint purchased by Single Path.
Before the hurricane, their school library only had two computers. Now, Rafael de Jesús has its own computer lab. Said Jim McKay, “These computers changed their world. Literally.” He added, “In the world of education, the opportunities are significantly less if you don’t have access to the Internet. With technology, kids today are able to learn and grow so much faster. And we were able to go in and give them the chance to learn and grow in way they couldn’t have before.”
Jim McKay remembers how surprised the mayor, local leaders and the school’s staff were when he and his group arrived in Puerto Rico. “Honestly, when I talked to their principal back in February I don’t think she believed me,” he said. “Talk is cheap. But when we showed up she, and other faculty members, were nearly overcome with emotion.”
Neither Jim nor Bill feel their job is done. Today, Puerto Rico is still impacted by the lingering effects of Maria. While travelling through the island, Bill noticed the blue tarps still covering the roofs of many homes, and the debris of destroyed or damaged buildings that may never be replaced or restored. More than a quarter of Puerto Rico’s schools have closed since the storm and many were without electricity for months. Hundreds of thousands of people have fled the island permanently, including many doctors and educators. Much of the relief the island has received, including a significant percentage of its educational funding, has been lost to waste, corruption and questionable spending practices. That’s why Relief Though Leadership plans to continue donating directly to the school, visiting annually, providing equipment and even new classroom furniture. Both Jim and Bill feel that acquiring and donating two thousand computers a year is a realistic goal. They also hope to set up a connected learning environment between local Illinois schools and Escuela Rafael de Jesús.
The time and energy provided by Relief Through Leadership is about more than making a difference today. It’s about the kids who will be the future of Puerto Rico. Said Bill Spakowski, “It’s about giving back and helping to develop the next generation of leaders. We’re a company that cares about making a difference, and truly cares about students.”
You can view a video showing some of the before and after images of Puerto Rico and Escuela Rafael de Jesús, and the relief efforts by Relief Through Leadership here. To learn more about Single Path, contact us.
Single Path, in conjunction with Cisco, recently hosted a presentation by renowned cyber security expert Bryce Austin. Bryce shared his experiences while at Target during their breach. The discussion also included valuable information on creating a cohesive tactical plan for a “post-breach” scenario. After the event, we all headed up to a United Center suite to have some fun and watch the Chicago Blackhawks take on the Minnesota Wild.
In April of 2016, after four years of debate and preparation, the EU Parliament approved the GDPR (General Data Protection Regulation). This landmark regulation was designed to protect data privacy, access and provide a way for EU citizens to seek damages should they suffer from misuse or breach of their data.
This regulation affects any company that does business with EU citizens, regardless of where that company is located. Among its components are:
- Mandatory breach notification. Data processors must notify their customers and business partners within 72 hours of becoming aware of any data breach.
- The right for customers to obtain confirmation on how and where their personal data is being processed, and for what purpose
- The right for customers to have their personal data “forgotten” or removed from electronic data (under certain conditions)
- The right for customers to receive their own personal data, and a right to “data portability,” or the ability to easily transfer information between service providers
- Privacy by Design. Data protection protocols need to be in place before a company collects personal information, and also limits who at the organization can access that data.
- Data Protection Officers. Certain companies must appoint an officer in charge of all data protection and privacy issues, and follow certain internal record keeping requirements.
What you need to do now
According to research and advisory firm Gartner, most companies are not ready for this change. In fact, Gartner predicts that more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
Unfortunately, if a company doesn’t adhere to the GDPR regulations, they could face a HUGE fine. Here are a few areas you’ll want to take a closer look at:
Are you a controller or a processor?
The regulation breaks out responsibility for protecting data into two roles: controllers and processors.
Which one are you? A “controller” is the person, business or public authority that “determines the purposes and means of the processing of personal data.” The “processor” is the person or organization that processes the personal data on behalf of the controller. In other words, the controller is the one who uses the information and the processor gathers it on their behalf.
Or, in an example given in an article on the website gdpreu.org, “If Acme Co. sells widgets to consumers and uses Email Automation Co. to email consumers on their behalf and track their engagement activity, then with regard to such email activity data, Acme Co. is the data controller, and Email Automation Co. is the data processor.”
Some companies are both. You may want to seek legal advice to ensure your role is properly defined.
Audit your data
Per a recent article on informationweek.com, auditing your data, while time-consuming, can have numerous benefits. The article suggests you “Find out what data you have, where you have it, why you have it, how long you need it and any current processes for deleting it.” Since information may have to be deleted, shared and immediately accessible, enabling a single view of all information, and where it is stored, can be a vital time and cost-saving measure.
Conduct a Privacy Impact Assessment (PIA)
You will need to assess how customers’ personally identifiable information (PII) is collected, used, maintained and disclosed to ensure it is protected adequately. As shared in an article at gdpr.com, “The PIA should be conducted throughout the development lifecycle of a system, but especially before you even start collecting the data. When risks are identified, the GDPR expects you to employ measures to address them, such as encryption, continuity plans or backups of the data.”
Remember, it’s not just about having a secure system. The real trick is in controlling who has access to the information and how it can be used. As stated in the same article quoted above, “security is about who has access to the data, privacy is about what you do with the data you have access to. Assuming security is good, the main risk will be the way in which you use the data.”
Let an expert help
At Single Path, we’re well known for “providing accountability for technology from the start.” Our team will work with you to put the processes and protections in place to ensure you are compliant with the GDPR, and any other regulations or requirements. From storage to security, we have the experience and resources to collaborate, educate and connect you with the tools you need.
Don’t risk a large fine from a lack of compliance. Let Single Path help you take the steps now to ensure you’re ready by May 25.
As nearly everyone knows, Equifax recently reported a data breach, which has put more than a hundred million people at risk. As the Federal Trade Commission puts it bluntly, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.”
The facts are undisputed. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Yet Equifax didn’t inform the public until September 7th. Within a week of that announcement, both Equifax’s Chief Security Officer and Chief Information Officer were fired, Equifax became a source of anger from the public, a source of investigation by the U.S. government, and a source of ridicule on late night television.
As Wired Magazine stated in an article dated September 14 titled Equifax Officially Has No Excuse, “Capping a week of incompetence, failures and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March … As the security community processes the news and scrutinizes Equifax’s cybersecurity posture, numerous doubts have surfaced about the organization’s competence as a data steward.”
Even Worse, It was Entirely Preventable
According to Equifax itself, the data breach was due to a flaw in the Apache Struts Web Framework, a widely used enterprise platform. Equifax discovered the bug months before the breach occurred, yet did nothing to fix it. This decision is surprising, as the remedy to fix it was a relatively simple procedure. Equifax was provided clean and simple instructions on what to do. Instead, they chose to do nothing.
At best, the refusal to fix this major flaw was negligent. At worst…well, that’s still to be determined.
Once Trust Is Gone, It’s Gone
Since this ongoing fiasco was first made public, how many people are excited about the immediate prospects of Equifax? Its stock lost more than 35% of its value within days of the news coming out, and has remained significantly lower than its pre-breach levels. Meanwhile, the Department of Justice is looking into criminal charges against high-level Equifax executives who sold nearly $2 million in stock before Equifax released the data breach information.
While it is too early to determine the long-term future of Equifax, if it has one, individuals and municipalities have filed numerous lawsuits (including one by the city of Chicago on September 28 of behalf of its citizens, following in the footsteps of San Francisco which filed suit just two days earlier; more cities are expected to follow) and politicians are calling for more investigations. As the lawsuits go through the system and people’s lives are disrupted—this breach affects nearly everyone who has had a credit report run—the news of Equifax’s lax security standards and insufficient response will only linger, as will public outrage.
Are You the Next Equifax?
While it’s true a breach can affect any business at any time, arrogance and a refusal to protect your data will only hurt your business’s rebound and make the prospects for its success questionable. Recent and well-publicized data breaches from Target, Home Depot and others have demonstrated that open communication can go a long way to restoring public trust; a path that Equifax has so far seemed reluctant to follow, at its own risk.
But openness after the fact is only one step—the best step is to be proactive and do all you can to avoid a breach in the first place. That means not only ensuring appropriate safeguards, but also backing up data in case you are hit by a malicious cyber attack that compromises, erases or prohibits access.
As we detailed in a recent blog post about cypersecurity attacks, “formulating a multi-layered plan including continual back-ups and implementing best practices, such as employee education, is of paramount importance.” This includes back-up protection, strong email security, artificial-intelligence-based security and more. In short, you not only need to protect your customers, but yourself. Safeguarding information rewards your customers’ trust but also ensures your company doesn’t miss a beat in the event of a cybersecurity breach.
Learn more about how Single Path’s Security Offerings can help you create a cyber strategy and protect your data and your reputation.
You probably have heard a lot about Unified Communications. As an ‘untethered’ workforce expands—a workforce free of geographic restrictions and traditional workspaces—the need for Unified Communications (UC) to the cloud has exploded. Unified Communications refers to the unification of business communications into a single platform, and often includes email, instant messaging, smart phones, landlines, fax capabilities and real-time data access. UC is also usually capable of handling both audio and video content. In general, UC allows businesses to have more flexibility, enhanced collaboration and greater responsiveness.
The explosion of Unified Communications is easy to understand when you look more closely at today’s workforce and their technology expectations.
As we shared in a previous blog post, BYOD continues to expand due to the reduced business costs and ease of use; smart phones are commonplace and working at home or while travelling is expected. Access to files, constant communication despite geographic borders, and easy access to video conferencing—all with mobile devices—allow employees to stay connected anytime, from anywhere.
As the workforce gets younger, led by the influx of Millennials, so does the comfort level of using newer technology. The vast majority of Americans own smart phones—they are owned by more than 90% of those between the ages of 18-29 according to the Pew Research Center—and the use of broadband technology at home is nearly as pervasive. Employees want the same level of communication for work that they have for home. These expectations will only continue to increase with a new generation of workers.
Video conferencing is playing an increasing role in daily business interactions due to the cost savings in travel expenses while increasing productivity, especially with features like multichannel capability, HD screens, advanced meeting controls and easy interoperability. But video solutions need clarity and elimination of disruptions or lag. Cloud-based UC solutions are particularly effective for video conferencing, without the need for expensive hardware.
UCaaS to the Rescue
Larger enterprises have already addressed the shift to UC, but SMB’s have been slower to react due to the high cost of initial deployment and ongoing support.
That’s because UC requires quite a bit of network infrastructure to accommodate the necessary bandwidth for phone calls, data sharing and more. Building infrastructure is costly! As the Huffington Post reports, “While small- and medium-sized businesses’ (SMB’s) telecommunications networks have become more proficient at serving more devices and connecting them to the cloud, they may not be able to offer the effective bandwidth increase, speed and security required.”
That’s why a cloud-based UC solution, Unified Communications as a Service (UCaaS), is becoming more and more popular. UCaaS refers to the growing practice of outsourcing these services to a third-party, who then delivers them over an IP network, usually the public Internet.
With UCaaS, businesses don’t have to worry about managing and updating their communication technology—that will be handled by their UCaaS provider. Businesses avoid those expensive infrastructure expenditures, take advantage of the newest IP-based communication technologies, and have scalable and reliable communication services should they need to expand or downsize.
Let Single Path Collaborate
Is it time for your business to consider UCaaS? Whether or not you and your business are currently tech savvy (see if you are here), a partner like Single Path can help. We can assist you in weighing the advantages and disadvantages of Unified Communications, see if UCaaS is right for you, and help you determine the timeline and the immediate expenditures, if any, that are needed to unify your business.
History teaches us that cyber threats are not merely the stuff of Hollywood movies, or only relevant to ‘someone else.’ They are real. They are happening now. And without proper protection your system—and even the continued operations of your business—can be greatly compromised.
As we’ve detailed in previous blog posts, a malicious cyber attack can be devastating to your business—from the loss of information or money, to the loss of confidence from your customers. Our blog post on Cyber Insurance for example, outlined how general insurance policies exclude cyber threat protection, leaving a business liable for losses associated with data destruction, ransomware, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.
Let’s dive into three recent attacks and see how a lack of safeguards crippled businesses.
This worldwide ransomware attack occurred in May 2017 and targeted computers running Microsoft Windows. It encrypted data and demanded ransom payments to decrypt them.
The attack hit on Friday, May 12. Within a day it affected more than 230,000 computers in more than 150 countries. Among its victims was the UK National Health Service. Hundreds of UK health clinics were affected, as were several hospitals. As reported by online trade publication techrepublic.com, “The incident forced surgery delays, cancelled appointments, and generally made a mess of healthcare for several days.”
A fortuitous discovery by a 22-year-old web security researcher from England found a flaw in the virus, which dramatically slowed the infection. Still, his discovery, and subsequent patches provided by Microsoft and others, were too late to help computers already infected. Also, new strains have since been detected that continue to spread, and are significantly more difficult to halt.
According to security software company Symantec: “WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting critical vulnerabilities in Windows computers.”
When your files are encrypted and you have no viable backups, what are your options? As of June, it is estimated that just over $130,000 of ransomware had been paid to the perpetrators of this attack.
Pinkslipbot is a worm capable of spreading over a network, downloading files, controlling networks and stealing user information. First introduced in 2011, once a computer is infected, Pinkslipbot can extract email addresses, accounts, certificates, web addresses, and login credentials, allowing cyber terrorists the ability to compromise banking information, credit card information and engage in personal identity theft.
Pinkslipbot is a derivative of Qakbot, a virus that emerged in the late 2000’s and has been a continual source of problems and threats, with new variants continuing to pop up—a particularly malicious strain was detected as recently as May, 2017.
From a post on business technology news website zdnet.com, “There has been a resurgence of the malware, according to [Cyber security software company] Cylance, which had been made even more evasive and persistent with new, polymorphic features that enable the malicious code to squat in business networks for longer.” Unlike ransomware, this malware does not lock out a system, but uses stolen credentials to “spam neighboring hosts and disrupt corporate activities. In turn, this may result in the compromise of additional hosts and further spread.”
The CryptoLocker ransomware attack started in September 2013 and continued for more than 20 months. The virus targeted computers running Microsoft Windows, encrypting files and offering to decrypt the data only if a payment was made by a certain date. While the virus was fairly easy to remove, the affected files remained impossible to decrypt without the ransomware payment.
The exact amount of money the operators of CryptoLocker successfully extorted vary wildly, but some sources put that number at close to three million dollars. The University of Kent released a survey reporting 40% of CryptoLocker victims paid ransom. According to the same report, “28.2% of respondents in the survey claim not to engage in any security practices online, such as using antivirus software, firewalls and password management tools.”
Avoid The Next Threat
While no one knows what threat will hit next, the one thing everyone can agree on is that every business needs to be prepared for the worst.
Our blog post on Four Foundational Layers Every Organization Should Have outlined the importance of back-up protection, strong email security, artificial-intelligence-based security and other critical programs that can self-guard against cyber attacks.
As history shows us, getting rid of malware is at best a challenge, likely expensive, and at worst, impossible. That’s why formulating a multi-layered plan including continual back ups and implementing best practices, such as employee education, is of paramount importance. Single Path can help you get protected and stay protected. We work with small- to mid-size businesses like yours, creating a multifaceted approach that will leave you prepared for the next headline-creating cyber threat.
At Single Path we’re ready to work with you, and discuss our array of security offerings. Our certified and highly skilled security specialists understand the complexities of protecting your network, and our security solutions leave you feeling confident and secure.
Let’s make sure the next cyber attack doesn’t cripple your business and make you a footnote to tomorrow’s headlines.
Thousands of companies crippled by cyberattack!
Millions of customers’ credit card data compromised!
Hundreds of thousands of computers hit; ransomware demanded.
Unfortunately, headlines like these are becoming commonplace, and the range of companies hit by such attacks are both global and wide-ranging by industry. Small- to medium-size businesses are hardly immune. In fact, due to lower protections, they may be more vulnerable to cyber terrorists and hackers.
As we shared in our last blog post, IT security needs be at the very top of every business’s priorities. The simplest malware can cripple a business. The most vicious can bankrupt it.
Are Your Protected Already?
In case of a cyber-attack, what sort of insurance protections do you have in place? Probably very few. Most businesses are surprised at how scant their coverage is; and how costly the damage.
Most traditional commercial general liability and property insurance policies exclude cyber risks. That means most businesses have no means to recover their losses. This has led to the rise of Cybersecurity Insurance (sometimes referred to as Cyber Liability or Data-Breach Liability Insurance) as a new, ‘stand-alone’ line of coverage. That coverage can include protection from data destruction, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud and privacy violations.
Cybersecurity Insurance is so new, there are no real industry standards. Insurance company prices and exclusions vary widely. This makes finding the right insurance policy complicated. Businesses should carefully read their Cybersecurity Insurance policy to understand what is covered in the event of a security breach.
The Two Types of Cybersecurity Insurance
As explained by Techinsurance.com, Cybersecurity Insurance falls into two categories: first-party and third-party insurance, although some—but not all—policies cover aspects of both.
First-party coverage is most suitable for non-IT firms. It includes the payment of ransomware, the costs for notifying clients that their information was compromised or exposed, the costs of monitoring services for customers affected by the incident, and the expenses involved in launching a public relations campaign to restore the reputation of the company affected by the breach.
Third-party Cybersecurity Insurance covers companies who are responsible for the systems themselves. These may be the same companies who were breached, or it may involve an outside IT company or independent contractor. It offers liability protection resulting in the release of confidential data and the failure to anticipate or prevent the transmission of a virus to a third party.
Other areas Cybersecurity Insurance can cover include money stolen through an electronic crime, security breaches of employee confidentiality and business interruption insurance.
Will Cybersecurity Insurance Cover Everything?
Unfortunately, Cybersecurity is hardly a panacea for all your cyber threats. As Data Central Journal reports, “Cybersecurity Insurance is so new that underwriters remain unable to easily and accurately assess risk. As a result, they exclude items—such as product designs, software code and reputation loss—that are hard to quantify.”
International Data Group, the world’s largest tech media company, agrees. Per a recent article from their CIO magazine, “Cybersecurity Insurance doesn’t do a good job of covering intellectual property theft or the reputational damage and business downturn that can be caused by a security breach.”
Because of these gaps, you should always start by building a defense against the sorts of malicious attacks that Cybersecurity Insurance is designed to cover. Single Path can provide both—assistance in uncovering your Cybersecurity Insurance needs through a complete risk assessment, but also developing comprehensive IT security, from managed firewalls to proactive Desktop, Server and Network infrastructure patch management.
Cyber threats continue to increase, but by adapting the best security measures, combined with a recovery plan that includes Cybersecurity Insurance, a business will be poised to bounce back quickly. At Single Path, we have already helped businesses like yours do just that. As your IT partner, we will guide you every step of the way, providing expert and personalized advice on all areas of your technology.
It’s not a question of if your business is at risk for a cyber attack. But when. IT security should be at the top of every business’s priorities, and rigorous attention and multiple facets of protection are essential.
Hackers and cyber terrorists are smart and growing smarter. They have access to ever improving technology. While you’re sitting and reading this post, they are probably actively looking for ways to get and exploit sensitive information.
And if you think only big businesses are at risk, then think again.
As we wrote in an earlier blog post, more and more small- to medium-size businesses are falling victim to cyber attacks, often due to the perception of laxer security measures. In the same post, we mentioned that cyber victims may not even be aware of security leaks for months or even years after they happen.
Of course, sometimes a business knows immediately when it has been the victim of an attack. A malicious attack can immediately cripple a network, and the business may even receive ransomware demands—blocking access to data, and possibly deleting or publishing it, until money is paid. But there is no guarantee the payment of a ransom will discourage future attacks; often it encourages them.
So how do you protect your business, and your customers? Here are four layers of protection you should implement immediately, if you haven’t already.
Incorporate artificial intelligence-based security
Endpoint protection is the most common form of security—arming work stations and electronic devices with programs that block or root out malware. We’re all familiar with standard anti-virus software programs, but they are hardly enough to fight off today’s attacks.
Older systems rely principally on signature-based security—software that checks programs against a list of known malicious files, or the signatures of those files within programs. But that form of protection is ineffective against new malware strains, or encrypted ones.
Artificial intelligence-based security works differently. Rather than limiting analyses to specific codes, these programs identify techniques and patterns often associated with malware. They analyze both good and bad software, figuring out what factors, or combinations of factors, are associated with each. The program then calibrates the probability that something could be harmful before accepting it. The more software and malware it examines, the smarter the security system gets. For example, a program that starts encrypting files without notifying the user could be identified as malicious.
But as this article from Forbes explains, analyzing the necessary amount of data to make such decisions would be overwhelming for an IT team; however, “With machine learning, [a] mountain of data could be whittled down in a fraction of the time, helping organizations quickly identify and then mitigate a security incident. Artificial intelligence could be a game-changer for security teams.”
Ensure strong email security
Email is a common entry point for malware, spam and phishing attacks. Deceptive messages can entice recipients to divulge sensitive information, open attachments, or click on hyperlinks that install malware on the victim’s device.
A strong email security system is important which can quarantine dubious emails while letting safer ones through. The best security systems will examine the origin of the email, and analyze its attachments. Tighter security systems often implement email authentication policies, only allowing emails from approved sources.
There are many practical strategies businesses can create to prevent email entry of malware. According to digitalguardian.com, these include:
- Educating employees of email security risks
- Requiring employees to use strong email passwords
- Utilizing email encryption
- Insist on best practices for BYOD
- Implement scanners and other tools to scan messages and block emails containing malware or other malicious files before they reach your end user
Limit web access to halt Command and Control
Command and Control capability is a critical component of most malware.
For example, let’s say a user searches online for information, and stumbles on a website embedded with small, malicious files. These files reach out to a central server, which then sends malicious commands to a network of compromised computers. These computers can number in the thousands, their malware lying dormant, hidden, waiting to be activated.
These infected computers, each known as a ‘botnet’ (a combination of the words robot and network) can then launch a concerted, organized and overwhelming attack. Botnet attacks are difficult to defend against using traditional security solutions, and can cause considerable, sometimes irreversible damage.
The best defense? Avoid the infection from happening. Software systems can block user access to different websites or even entire website categories. The same systems can also block links.
Have sufficient and timely back-up protection
Once you’ve been hit by a cyber security breach, avoiding damage and removing it from your system can be costly and even impossible. In the end, your best security may be only as good as your last, best back up. For example, rather than paying ransomware, a better option is to restore your blocked information.
Cloud computing offers easier access to files from any location, seamless integration with existing systems, and also superior back-up opportunities and security protocols. Electronic devices can be backed up regardless of where they are located and who is using them, and can rapidly restore a compromised network.
Ramp up your own IT security
Rooting out malware and keeping your system protected isn’t always easy, and getting rid of it can be expensive. But SinglePath can help you get and stay protected, with an IT security bundle that falls within your budget. We work with small- to mid-size businesses like yours, and make sure the size of your budget doesn’t compromise the size of your security. We’ll create a multifaceted, layered approach that will leave you safe from most attacks.
At Single Path we can provide comprehensive IT security, from managed firewalls to data loss prevention threat solutions to risk assessment. We’re a true collaborative partner that can provide expert advice, ongoing analysis of your needs and support. For your IT security needs and beyond, Single Path is ready to serve … and protect.