Even though cybersecurity awareness month is ending, cybersecurity and staying safe online are increasingly important as our world continues to operate virtually for so much work and play. Cybersecurity is a year-round effort and should be your first consideration when buying or connecting a new device or service, both at home and within your company.
Cybersecurity Starts with You
Every time you use the Internet, you face choices related to security. There are friend requests to accept, links to click, websites to visit, and WiFi networks to join. Your safety and the security of the nation depend on making safe decisions online. Making the Internet more secure requires all of us to take responsibility for our cybersecurity posture. Be sure to tell others not to click on unknown links or emails.
Simple Steps to Keep You Cybersafe
- Use and maintain anti-virus software and a firewall. Use an anti-virus program and a firewall to protect your computer from viruses and Trojan horses that could steal or modify your data. When software notifies you of an available update, be sure to update as soon as possible to prevent hackers from exploiting known issues or vulnerabilities. Also, set up an automatic, regular spyware scanning routine to catch vulnerabilities.
- Establish and Enforce a Computer Usage Policy. Ensure your organization has a computer usage policy outlining how employees should use their work computers and the Internet. The policy not only safeguards against cybersecurity threats but keeps your company safe from legal liability should an employee visit, download, or engage in illegal activity or leak confidential information.
- Double-check email attachments. An email that looks as if it came from someone you know does not necessarily mean it did. Viruses can alter the return address to look like the message came from someone other than the sender. Before opening any attachments, verify that the message is legitimate by contacting the person who sent it. Use caution even when emails are from people you know and be wary of unsolicited attachments.
- Trust your instincts. As the old saying goes, “if it is too good to be true, it probably is.” Always be sure to scan documents and attachments with anti-virus software before opening them. Do not open suspicious emails or attachments and turn off automatically downloading attachments. The greatest cyber threat is your employees.
Although this month’s focus is on cybersecurity, bad actors find other ways to access confidential information. There are several ways criminals can access your information without accessing your computer network. Examples include overhearing phone calls, looking at computer screens in public places, and dumpster diving (looking in your trash or your employee’s trash). Does your company have a policy to control access to and destroy confidential documents? With employees working remotely, are they printing off confidential documents and throwing them out with their local trash? It may be an excellent time to remind your employees that there are other ways criminals can gain access to your confidential data and of your organization’s policy regarding the handling and destruction of confidential data.
Dewpoint is here to help your organization review and improve its cybersecurity posture. We have security professionals and trusted partners to keep you safe year-round.
Thinking about a career in cybersecurity? The US Bureau of Labor Statistics (BLS) shows that cybersecurity is one of the fastest-growing career areas nationally. The BLS predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth, resulting in hiring premiums. Several career paths are available in cybersecurity, including software developer, network architect, cyber analyst, systems engineer, and systems administrator.
For more information about a career in cybersecurity, Dewpoint’s Chief Information Security Office, Don Cornish, answered these six questions to provide insight into his career path and day-to-day activities.
- How did you first get interested in a career in cybersecurity?
The move into security was an evolution from other IT roles that introduced me to the holistic view of IT from a client-user perspective. Starting in IT client support and moving into infrastructure, network, server, directory service, backup, and recovery enabled me to see the big picture security requires.
- What advice would you give someone thinking about a career in cybersecurity?
Always be prepared to learn and seek to understand how the business and the technology work. To be successful in security, you have to blend both of these areas. Security must partner with the business, with the focus on meeting clients’ needs while minimizing expense and managing risk. It becomes a balancing act to manage the risk that the organization is prepared to accept with the client and the organization’s needs.
- What (if any) certifications do you recommend?
Technical security certifications are good to have as this is one of the common ways that organizations determine the competency of a job applicant. ISC2, CompTIA, and others are commonly seen in the security space. Vendor certifications are also beneficial; however, they can limit mobility as you need to align with a company that uses that vendor’s products. They are better than nothing as the concepts and approaches used by the vendors are generally standards and industry-based, which means it is transferable between vendors.
- Do you think most organizations are prepared for large-scale cybersecurity attacks?
Many research papers support the position that the vast majority of organizations are not prepared for a large-scale attack or business disruption. The US has various government and private sector organizations focused on awareness, limiting exposure, and the immediate steps to implement once an attack occurs.
- How do you stay abreast of current trends and threats?
It is a matter of continually reading industry papers, blogs, subscribing to the threat feeds, talking with peers and security vendors, attending conferences, and developing a network of people who are engaged in the security ecosystem. There are many sites across the web that are dedicated to sharing the latest news on compromise and attack methodologies. Government sites are also an excellent resource to subscribe to.
- What keeps you up most nights?
Trying to be aware of the threats coming at us all the time and from every angle. Getting people to understand their responsibilities and take those responsibilities seriously is a challenge. The weakest point in nearly all organizations is still people; technology plays a part. However, it cannot ensure that 100% of malicious attacks are prevented.
If you are interested in a cybersecurity career or IT career opportunities, contact Dewpoint, a “Cool Place to Work” for eight years in a row.
This year’s 2021 Grand Rapids IT Symposium on Thursday, October 21st, is designed with the IT executive in mind. It is meant to serve as a conduit for IT professionals to build a more robust professional peer network and attain real-world knowledge on business-changing technology and management solutions. The three primary goals of the symposium are to explore innovations by bringing the most cutting-edge providers to you, make connections through offering collaboration opportunities throughout the day and learn more to help grow and educate the next generation of leaders and help today’s leaders overcome present and future challenges. The symposium incorporates topics that you want to hear about.
Dewpoint is a sponsor of the single-day event hosted by the Information Technology Management Association. Please stop by our booth during your break or lunch, register to win an Ipad, chat with one of our reps, and learn more about Dewpoint. To register for the event, click here.
The 2021 Michigan Cyber Summit (formerly the North American International Cyber Summit) is scheduled for Thursday, Oct. 21, 2021. Dewpoint is proud to sponsor this important event, now in its tenth year, bringing together experts to provide timely content and address a variety of cybersecurity issues impacting the world. Attendees will hear from government and industry leaders on the latest developments and gain insights into managing today’s security challenges.
To maintain your health and safety, this year’s conference will be online. The full-day virtual conference will be fully interactive delivering all the benefits of an in-person event to you from the comfort of your home or office. Although the event is complimentary, you must pre-register to attend. To learn more about how Dewpoint can help with your cybersecurity needs, click here.
What is Phishing?
Phishing, attacks through email, or malicious websites to infect your machine with malware and viruses to collect personal and financial information are the leading cause of data breaches, accounting for a whopping 90% of them. (Source: Retruster.) Phishing emails may appear to come from a financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use the information to access users’ accounts.
How Costly is Phishing?
No company is spared from the cost of phishing attacks. Phishing gives attackers the best return on investment for their time and effort. A successful cyber-attack on a payment processor provides the hacker with credit card details. A hack on one individual can provide banking or credit card information to drain bank accounts and purchase merchandise. Phishing attacks peak in the US during the holiday season.
Some staggering facts:
- The average cost of a phishing attack to a mid-sized company is $1.6 million. (Source: Dashlane blog)
- Phishing emails are responsible for 94% of ransomware and $132,000 per business email compromise incident. (Source: Phish Insight)
- In 2018, a breach that involved tampering with or unauthorized access to an application cost $2 million more than a personally identifiable information breach on average. (Source: F5)
- North Korean national Park Jin Hyok carried out a successful multi-layer attack using phishing as its initial attack vector and stole $81 million from a Bangladesh bank. (Source: F5)
- In 2018, Google and Facebook lost $100 million due to an email phishing scheme. (Source: Inc. )
What are some tips to stop Phishing?
- Play hard to get with strangers.Links in emails and online posts are often the way cybercriminals compromise your computer. If you are unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
Think before you act. Be wary of communications that ask you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks suspicious, reach out to them via customer service to verify the communication.
- Protect your personal information. If people contacting you have key details from your life—your job title, email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cybercriminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
- Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also, ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
- Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it using a trusted mobile device, such
as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Shake up your password protocol. According to the National
Institute of Standards and Technology guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect
you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Install and update anti-virus software. Ensure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated anti-virus software, firewalls, email filters, and anti-spyware.
Dewpoint can help reduce your risk of being a victim of phishing and increase your organization’s overall security posture. For security awareness training, our partner KnowBe4 specializes in making sure your employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware, and social engineering and can apply this knowledge in their day-to-day job. Click here to learn more about our full range of security services.
As a continued supporter of Ele’s Place, Dewpoint was recognized on their marque during the week of September 30th. Per Kristine Kuhnert, Capital Region Director, “We are incredibly grateful for the continued support from Dewpoint.”
In addition, Dewpoint is attending the Greater Lansing Fall Reception on October 14th to celebrate its 30th anniversary. If you would like to learn more about the great work done by Ele’s Place providing onsite and school-based bereavement programming (at no cost) for children who have experienced a death in their lives, click here. To support Ele’s Place or to attend the fall reception, click here.
Do Your Part. #BeCyberSmart
October is designated as Cybersecurity Awareness Month to continue to raise awareness about the importance of cybersecurity across our Nation. It is a collaborative effort between government and industry to ensure everyone in the Nation has the resources to be safer and more secure online.
Now in its 18th year, the need for the campaign has never been greater. Attackers are becoming more sophisticated and going after all-size businesses. Although large corporations make the headlines due to the customer impact, small and mid-size businesses are just as likely to be targeted. As business leaders and individuals, we all need to do our part to be cyber smart. According to CNBC small business playbook:
- “Cyberattacks now cost businesses of all sizes $200,000 on average.”
- “Forty-three percent of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves, according to Accenture.”
- “In 2019, more than half of all small businesses suffered a breach within the last year.”
Actions you can take to increase cybersecurity awareness in your organization and mitigate the impact of a cyberattack:
- Approach cybersecurity as a business risk. What information, if compromised or breached, would cause damage to employees, customers, or business partners? Ask yourself what type of impact would be catastrophic to your operations? What is your level of risk appetite and risk tolerance? Raising awareness helps reinforce the culture of making informed decisions and understanding the organization’s risk level.
- Determine how much of your organization’s operations are dependent on IT. Consider how much your organization relies on information technology to conduct business and make it a part of your culture to plan for contingencies in the event of a cyber incident. Identify and prioritize your organization’s critical assets and the associated impacts to operations if an incident were to occur. Ask the questions that are necessary to understanding your security planning, operations, and security-related goals. Develop an understanding of how long it would take to restore normal operations. Resist the “it can’t happen here” pattern of thinking. Instead, focus cyber risk discussions on “what-if” scenarios and develop an incident response plan to prepare for various cyber events.
- Lead investment in cybersecurity. Invest in cybersecurity capabilities for your organization and staff. This includes investments in technological capabilities and continuous investment in cybersecurity training and awareness capabilities for your organization’s personnel. Have conversations with your employees, business partners, vendors, managed service providers, and others within your supply chain. Use risk assessments to identify and prioritize the allocation of resources and cyber investment.
- Build a network of trusted relationships for access to timely cyber threat information. Maintain situational awareness of cybersecurity threats and explore available communities of interest. These may include sector-specific associations, vendors, government agencies, and local law enforcement.
- Lead development of cybersecurity policies. Business leaders and technical staff should collaborate on cybersecurity policy development and ensure policies are well understood by the organization. Review all current cybersecurity and risk policies to identify gaps or weaknesses by comparing them against recognized cyber risk management frameworks. Develop a policy roadmap, prioritizing policy creation and updates based on the risk to the organization as determined by business leaders and technical staff.
If you need help starting your cybersecurity journey or increasing your cybersecurity posture, Dewpoint security professionals are here for you. Reach out to us today to learn more about mitigating your cybersecurity risk.
October is National Cybersecurity Awareness Month. Some facts and statistics:
- In 2019, more than $3.5 billion was lost globally to cybercrime
- Cybercriminals often impersonate big name brands
- 7 million data records are compromised daily
- The first three months of 2020 saw a 20% increase in cyber fraud as cybercriminals took advantage of the global pandemic
- It only takes one person in your organization to cause a data breach
- 75% of organizations worldwide were hit with at least one phishing attack in 2020
- A new cyberattack is launched every 39 seconds
During the next four weeks, visit the Dewpoint news page for tips on how to increase your security posture and save your organization from becoming the next cybersecurity victim!