Are you in the 43%?

What’s the point of a cybersecurity program?

When we say, “cybersecurity program”, here’s what we mean:  Implementing cybersecurity policies, procedures, and controls in a unified approach to reduce risk to private data and systems.  The cost of not implementing a cybersecurity program in your organization goes far beyond downtime and extends to financial loss, reputation damage, and a loss of employee confidence.

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 - 50 Employees 

What We’re Listening To:

What We’re Listening To:

Know Tech TalksThe Continuum PodcastSecurity NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e

How Cybersecurity Misconceptions are Leaving Customers Vulnerable

How Cybersecurity Misconceptions are Leaving Customers VulnerableAccording to a recent survey among 2,034 US consumers, public misperceptions are making customers more vulnerable to breach. Almost 90% believe that cybersecurity risks are increasing, with 41% who know someone that has been a victim and 25% being personally impacted.

However, just over half are taking critical measures such as using two-factor authentication or changing their settings across browsers, social media, or email. Additionally, most have not recognized the vulnerabilities involved in smart home devices or mobile device security.

There is also a lack of alignment in terms of which breaches are the most common and severe, with 97.4% being aware of viruses, even though phishing and identity theft are the first and second most damaging threats to consumers. In order to prepare for future breaches to come, consumers must educate themselves on the new landscape of cybersecurity and take recommended actions to protect themselves.

https://venturebeat.com/2019/01/25/cybersecurity-study-reveals-misperceptions-leave-consumers-vulnerable/

In Other News:

In Other News:

GDPR Update: 95,000 Data Breach Complaints Since Adoption

Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period.

As you may already know, GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.

So far, most complaints have been related to telemarketing, promotional emails and video surveillance by closed-circuit televisions.

https://www.dailysabah.com/technology/2019/01/26/over-95000-data-breach-complaints-since-eu-rules-kicked-in

What’s the most important part of an incident response plan?

The most important part of an incident response plan is not the plan itself, but the actual regular testing, tweaking, and discussion of the plan.  How can a plan be useful if nobody knows where it is and their role and responsibilities within the plan?  Incident response planning should be an ongoing, yearly exercise with actual testing of the plan performed at least once a year.  Additionally, incident response isn’t just an IT issue. It’s a business issue that affects all departments, and in many cases third-parties such as legal counsel, PR, and third-party hardware and software vendors.