Cybersecurity continues to be a hot topic. CNN recently reported that in 2020, ransom payments were up more than 400% from the prior year.
CNN had some insights and some cautions for organizations that may be victims of cybercrime.
If you get a cyberattack, it is probably from someone with extensive IT training, state-of-the-art “burglar tools”, and wildly committed to get money from you. Without professionals on your side, it is not a fair fight!
An outside monitoring company can provide you with guidance to reduce the likelihood of a successful cyberattack, and also educate you and your staff about what to do and what to avoid. For example, consider all of the free resources from www.iconicit.com.
Cyber insurance is also becoming very common and gets you more than insurance. You get access to a team of IT/cybersecurity specialists, attorneys, and negotiators who can deal with the cyber criminals to reduce payouts and help you regain access to your data. Although, CNN points out that information about these policies is accessible to cyber criminals, so they know that you have such coverage and what your limits are. This could lead to demands for more money.CNN reports that negotiations will usually happen quickly, using chat tools. In addition to threatening you with loss of access to your important data, criminals will often threaten to publish confidential information.
CNN recommends keeping software up to date, use multi factor authentication, use firewalls and monitor your network to catch unauthorized Internet traffic.
The National Council on Nonprofits reiterates the risk of cyberattacks and makes regular recommendations. Recent recommendations from them included limiting employee access based on what employees need to do their jobs. This can reduce the amount of data that is accessed if there is a breach and improve efficiency, because fewer options to navigate make it easier for people to do their jobs.
They also point out that your website needs updates to be secure. Websites are built on Content Management Systems, and they typically have additional plug-ins or modules to provide additional functionality. You (or your webmaster) need to make security updates required by these systems. You can and should receive notification when new updates are released.
How do the banks do it? Banks do a pretty good job of not getting hacked, and of keeping their customers safe. What are their secrets? In a recent Rochester Business Journal article, a few local bank security specialists weighed in on their strategies. Their key strategies are the things we have talked about like software updates, strong passwords, two-factor authentication, and educating staff and clients about cybersecurity, especially helping them recognize phishing attempts. They enhance these basic strategies with encryption, regular phishing tests for their employees, and “behavior analytics”. Behavior analytics include things like requiring additional verification when a new device accesses a customer’s account. They also look for unusual scenarios, like logging in to an account from New York in the morning, and from California later that morning.
Microsoft recently talked about the risk of “open redirects”. These are sometimes used appropriately for business, but recently they have been used more and more by hackers. When you hover over a website, you may see something that looks okay and that you are familiar with, but when you click on the website you are redirected to a malicious site.
If you intend to go to a site, don’t click on a link, put the address into your browser to reduce this risk. – John Heveron, Jr.