What’s the point of a cybersecurity program?

When we say, “cybersecurity program”, here’s what we mean:  Implementing cybersecurity policies, procedures, and controls in a unified approach to reduce risk to private data and systems.  The cost of not implementing a cybersecurity program in your organization goes far beyond downtime and extends to financial loss, reputation damage, and a loss of employee confidence.

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 - 50 Employees 

What We’re Listening To:

What We’re Listening To:

Know Tech TalksThe Continuum PodcastSecurity NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e

How Cybersecurity Misconceptions are Leaving Customers Vulnerable

How Cybersecurity Misconceptions are Leaving Customers VulnerableAccording to a recent survey among 2,034 US consumers, public misperceptions are making customers more vulnerable to breach. Almost 90% believe that cybersecurity risks are increasing, with 41% who know someone that has been a victim and 25% being personally impacted.

However, just over half are taking critical measures such as using two-factor authentication or changing their settings across browsers, social media, or email. Additionally, most have not recognized the vulnerabilities involved in smart home devices or mobile device security.

There is also a lack of alignment in terms of which breaches are the most common and severe, with 97.4% being aware of viruses, even though phishing and identity theft are the first and second most damaging threats to consumers. In order to prepare for future breaches to come, consumers must educate themselves on the new landscape of cybersecurity and take recommended actions to protect themselves.

https://venturebeat.com/2019/01/25/cybersecurity-study-reveals-misperceptions-leave-consumers-vulnerable/

In Other News:

In Other News:

GDPR Update: 95,000 Data Breach Complaints Since Adoption

Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period.

As you may already know, GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.

So far, most complaints have been related to telemarketing, promotional emails and video surveillance by closed-circuit televisions.

https://www.dailysabah.com/technology/2019/01/26/over-95000-data-breach-complaints-since-eu-rules-kicked-in

What’s the most important part of an incident response plan?

The most important part of an incident response plan is not the plan itself, but the actual regular testing, tweaking, and discussion of the plan.  How can a plan be useful if nobody knows where it is and their role and responsibilities within the plan?  Incident response planning should be an ongoing, yearly exercise with actual testing of the plan performed at least once a year.  Additionally, incident response isn’t just an IT issue. It’s a business issue that affects all departments, and in many cases third-parties such as legal counsel, PR, and third-party hardware and software vendors.

What we can do to stop putting our data at risk of identity theft

What we can do to stop putting our data at risk of identity theft

5 quick and easy tips for updating your data security

It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.

However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise:

1. Foster cybersecurity team buy-in

Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.

2. Make regular updates

Schedule timely updates and involve employees in the process by sending notifications and ensuring compliance.

3. Encrypt data

By making data unreadable for hackers, SMBs can dodge hefty fines and tarnished reputations in the event of a breach.

4. Backup data

By backing up your data onto multiple servers, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection.

5. Test cybersecurity protocols

By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. Teaming up with security providers to stay constantly alert will offer the two-pronged benefit of preventing a breach from happening in the first place and being prepared pre- and post-incident.

https://www.itproportal.com/features/before-the-breach-five-tips-for-upgrading-data-security/