What is one free, but impactful change companies can make today to skyrocket their security posture?

Eighty percent of Internet traffic is secure (HTTPS) which means your company’s firewall cannot inspect it (since it’s encrypted).  This means that 80% of the traffic coming through your firewall into your organization is not getting inspected for malware!  It’s simply dubious security to have a firewall and not have it configured to decrypt, inspect, and re-encrypt HTTPS web traffic.  All business-grade firewalls have an option labeled something like SSL Decryption or SSL Inspection.  Work with your IT person or provider to get this turned on so you’re able to inspect the malware that is coming in under your nose.

What are some common mistakes made by business owners when implementing cybersecurity measures?

The largest root-cause for poor cybersecurity in an organization is a lack of upfront leadership buy-in and identified roles for cybersecurity.  Without top-down buy-in, cybersecurity simply cannot be effective. Another erroneous mindset is that “I’m in the cloud, so I have nothing to secure”.  This couldn’t be farther from the truth!  While most cloud applications and environments come with security options, it’s every individual organization’s responsibility to actually configure these options.  Additionally, it’s quite easy for hackers to take over online accounts with phishing and brute force attempts.  So, every online workflow should be protected by multi-factor authentication.

How does a company get started with cybersecurity when they’ve never addressed it seriously?

To get started with cybersecurity, companies must understand what data they have, what regulations apply to them, and the overall leadership attitude towards risk, cybersecurity, and protecting information assets.  From here, the company needs to pick a cybersecurity framework such as HIPAA, PCI, NIST, or ISO that most closely aligns with their goals.  Once a framework is selected, a gap analysis should be performed.  Then the company can proceed with implementing controls to address the unique weaknesses and vulnerabilities that face it.

2019's New Frontier of Cybersecurity Threats and Trends

Remaining vigilant and proactive are key strategies for cybersecurity experts in 2019. Hackers find new ways to exploit vulnerabilities on public and private computer networks. Information technology (IT) industry leaders appeal to everyone from consumers to corporate technical architects to adopt protocols that make technology safer and more reliable to use. Here are some cybersecurity threats and trends to watch in 2019. 

Viruses as Weapons of Mass Destruction 

When diplomacy doesn't work, leaders of national governments have been known to resort to unconventional warfare tactics to effect change. Instead of directly declaring war and dropping bombs, these governments have been known to stage cyber-attacks on other countries' public and private networks.

In December 2018, the U.S. Department of Justice put out a statement about the criminal charges that it levied against two Chinese hackers who breached a network to steal intellectual property. The hackers worked for China's Ministry of State Security. Was pressure to fix trade imbalances between the United States and China the motive for the attack?

More recently, Venezuelan leaders accused the United States and its allies of sabotaging Venezuela's power grid and causing a country-wide blackout. Some have hinted that attackers used the computer virus Stuxnet to bring the power grid down; the worm is not detected by most antivirus software. The two countries have been at odds about the use of Venezuela's gold and oil assets as they relate to U.S. business interests. 

Hijacked Hardware for Crypto Mining 

Many national currencies are in a state of decline or instability as financial experts look for solutions that'll bring permanent economic health and prosperity to their respective countries. These leaders are giving digital currencies a serious look. Meanwhile, cybercriminals attempt to grow their cryptocurrency wealth by any means necessary. They often hijack the computer systems of individuals and businesses for crypto mining activities.

Biometric Authentication 

Stealing authentication credentials and cracking passwords are common skills for today's cybercriminals. These thieves continue to steal credentials because it works, and their first acts aren't usually thwarted by sophisticated antivirus software. Biometric-based authentication systems such as fingerprint readers and iris scanners eliminate network breaches that are caused by stolen credentials.

Labor Shortage of Cybersecurity Talent 

People who are worried about global competition for IT jobs need to check out the field of cybersecurity. According to industry analysts, there is a growing shortage of trained, cybersecurity talent. Someone who wants to break into a computer security job needs training and credentials. Four-year degree seekers take programs such as Drexel's BS in Computing and Security Technology. Those who already have a bachelor's degree often earn certificates through specialized training programs such as the EC Council's Certified Ethical Hacker course.

Conclusion 

In 2019, IT security specialists will continue to use their knowledge of network protocols and advanced antivirus tools to prevent, contain, and clean up cyberspace's most costly digital messes. Hackers will use old viruses in new ways to exploit vulnerable computer networks everywhere. Their attacks have a surprising bright side, however, for people who are willing to get the proper education and training.

Bit by Bit can help with your network security assessment you can help up at Contact us

Why is cybersecurity important for small and medium businesses?

Large companies tend to have the time, money, and resources to invest in cybersecurity.  Small and medium businesses (SMBs) generally don’t have a single point person devoted to the organization’s cybersecurity.  SMBs generally lack the knowledge and expertise to ensure that risk is both discovered and addressed.  This is why most SMBs outsource the cybersecurity function to a trusted third party with the certifications, experience, and know-how to combat cyber risks.  SMBs who don’t outsource this important role are at significant risk of damaging information loss and downtime.

River Legacy Speaker Series

Why does HIPAA apply to me if I am not in the medical field?

HIPAA, the acronym for the Health Insurance Portability and Accountability Act, is a regulation administered by the Department of Health and Human Services.

Most people are aware that hospitals, long-term care facilities, health insurance companies, doctors offices, & the like must comply with both the privacy and security components of HIPAA. However, many people are fuzzy on the fact that other organizations also have to follow a minimum set of security standards under HIPAA.

Any organization who provides services to any of the entities above has to sign what is called a business associate agreement or BAA. This agreement is essentially an attestation that the business associate will exercise due care while handling medical records.

Here are some examples of business associates:

- An outsourced IT firm

- A third-party cybersecurity firm

- A CPA firm who provides accounting services and has access to PHI in the process

Any time a business associate discloses, handles or uses PHI, they must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.

The HIPAA Security Rule requires periodic risk assessments, users to be trained on security best practices, and penetration testing to ensure that the business associate is not adding unnecessary risk to the handling of protected health information.

Essentially, anybody coming in touch with protected health information needs to align their cybersecurity posture with HIPAA requirements.

Managed Security Team