Cybersecurity

 

 

https://sm.asisonline.org/Pages/Cybersecurity-for-Remote-Workers.aspxCybersecurity for Remote WorkersGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-02-12T05:00:00ZParker Rains<p>Today, half of U.S. workers hold jobs that allow them to work remotely at least part of the time, according to a 2016 study from <a href="http://globalworkplaceanalytics.com/telecommuting-statistics">Global Workplace Analytics</a>. Additionally, the number of people who work from home full-time, not counting those who are self-employed, has grown by 115 percent since 2005.</p><p>It's no secret that cybersecurity threats are on the rise across the board, and according to the <a href="https://www.sciencedaily.com/releases/2017/07/170731134133.htm">American Statistical Association</a>, the financial burden of cyberattacks will rise from $400 billion a year to $2.1 trillion by 2019. It's not uncommon now for companies of all sizes, even large corporations that invest millions in data protection, to be compromised. As more employees log on to servers and networks outside the office, it's even more imperative than ever that they be protected—and for employers to enforce cybersecurity protocols.</p><p>It's not unusual for an employee to enjoy a latte at a local bistro while working on a company laptop. The worker might log onto the public Wi-Fi, which is wide open to hackers. There are several common ways hackers take advantage of open Wi-Fi networks, including creating their own public Wi-Fi network that looks legitimate. The fake Wi-Fi is a way to monitor users' online activity. So, if the employee joins, a hacker can view credit card numbers, passwords, emails, and other sensitive company data. Human error unfortunately leads to many lapses in security and may put the company at significant risk of a cyberattack.</p><p>Here are five steps businesses can take to mitigate the security risk posed by a remote workforce.</p><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px;"><p><strong>1. Use and continually update anti-virus and anti-malware software. </strong>Some anti-virus software companies use independent test laboratories, like ICSA Labs or West Coast Labs, for certification. Check for these labels when considering a purchase. Independent lab tests and reviews from technology magazines can help you choose software. </p><p>Once the platforms are in place, run updates or patches as they are released to ensure that company data stays safe.</p><p><strong>2. Train employees on proper security protocols.</strong> When working remotely and logging on to the company's private network, the first thing to remember is to use a Virtual Private Network (VPN). VPNs function much like a firewall for online information, allowing users to securely access and share data remotely through public networks.</p><p>Additionally, teach employees to recognize system vulnerabilities and threats to business operations from email communications, internal platforms, and external websites. Train employees to be alert for suspicious activity on their digital devices. If they believe they have accidently revealed sensitive information about your company, make sure they are comfortable reporting it to their supervisor immediately, as well as to network administrators or the IT department. The sooner IT can investigate and clean the computer, the better are the chances to prevent damage to the infected device and others on the network.</p><p><strong>3. Establish and enforce a strict password policy.</strong> Make sure passwords are strong, and ensure that employees use different passwords across platforms.</p><p>What makes a password strong? Historically, best practices have included using complicated passwords with numbers, special characters, and random letters, and using different passwords for each application and website. That is not necessarily today's password protocol, as discovered in the latest research done by The National Institute of Standards and Technology (NIST), which revised its guidelines on creating passwords in June 2017.</p><p>The good news is NIST aims to make everyone's digital life easier while keeping security threats at bay. NIST's advice? Make passwords obscure, unexplainable, and as long as possible, but memorable. Phrases, lowercase letters, and an unexpected combination of typical English words work well and confound automated systems. One humorous example is cartoonist Randall Munroe's password, "correct horse battery staple," all written as one word. He calculated it would take 550 years to crack—and <em>The Wall Street Journal </em>reported this to be true and verified by computer security specialists. </p><p>Perhaps most surprisingly, passwords never need to expire, according to NIST. The organization's new guidelines are based on finding that previous password tips negatively affected users and did not do much to boost security. And most people don't change their passwords very drastically when it's time to do so, often changing only one or two characters to better remember the new entry.</p><p><strong>4. Protect communications by setting up a secure server to encrypt and decrypt communications within the company.</strong></p><p>Consider using encryption software to safeguard files. There are several options to choose from. One type of encryption software processes files and folders, creating impenetrable encrypted versions of each. Another is like a virtual disk drive that, when unlocked, functions like any other type of system drive. However, when locked, files are ultrasecure and inaccessible. </p><p>Other products are cloud-based. While this is most convenient for remote workers, the risk is much greater and more susceptible to an attack than when housed physically onsite on a company server. </p><p>However, additional safety measures can be used. Cryptographers have come up with a security feature called Perfect Forward Secrecy (PFS). PFS automatically and frequently changes keys used to encrypt and decrypt information, so if a device is stolen or hacked, only a small portion of the user's sensitive data is exposed. </p><p><strong>5. Finally, be sure you have adequate cyber liability insurance coverage. </strong>A lot of business owners don't realize that cybercrime isn't covered by their general business liability policies. A general liability policy covers against any third-party claims of things like bodily injury or property damage, but it doesn't extend to things like workers' compensation claims or cyberattacks.  </p><p>In the unfortunate event of a data breach, cyber liability insurance covers risks such as extortion and theft of data. It also covers crisis management in the immediate aftermath, including tech support and public relations. The average cost of an attack is $3.62 million, according to Ponemon Institute, so this safeguard is one of the most important tactics for protecting a company's financial health. </p><p>It's also smart to develop a detailed action plan that your team working remotely can implement immediately in the event of a cyberattack. This will ensure that the company is prepared to take actionable steps, such as communicating details of the breach to employees and implementing required action to minimize further damage. Include various breach scenarios, and provide answers to questions like "Who will deal with the technology aftermath?" and "Who will inform clients?" Test the plan and revisit it regularly—at least annually—to make sure it's up to date.</p></blockquote><p>​It's impossible to eliminate every risk involved in working remotely, but proper precautionary measures can greatly reduce exposure to cyberattacks and other liabilities. Stay abreast of the latest recommendations and advice from experts in the field to be prepared. </p><p><em>Parker Rains is senior vice president and head of Fisher Brown Bottrell's Nashville regional office. A</em><em> wholly owned subsidiary of Trustmark National Bank, </em><em>Fisher Brown Bottrell Insurance is </em><em>a publicly traded financial services company with more than 200 locations in Mississippi, Florida, Tennessee, Alabama, and Texas. </em><em>Contact Rains at </em><a href="mailto:prains@fbbins.com"><em>prains@fbbins.com</em></a><em> </em><a href="mailto:prains@fbbins.com"><em>o</em></a><em>r</em><a href="mailto:prains@fbbins.com"><em> 615-761-6332</em></a><em>, and visit Fisher Brown Bottrell Insurance online at </em><a href="http://www.fbbins.com/"><em>www.fbbins.com</em></a><em>.</em></p><p> </p>

 

 

https://sm.asisonline.org/Pages/The-Problem-with-Data-.aspx2017-09-27T04:00:00ZThe Problem with Data
https://sm.asisonline.org/Pages/An-Education-Connection.aspx2017-09-01T04:00:00ZAn Education Connection
https://sm.asisonline.org/Pages/Book-Review---Network-Interview.aspx2017-08-01T04:00:00ZBook Review: Network Video

 

 

https://sm.asisonline.org/Pages/Cybersecurity-for-Remote-Workers.aspx2018-02-12T05:00:00ZCybersecurity for Remote Workers
https://sm.asisonline.org/Pages/A-Cyber-Pipeline.aspx2018-02-01T05:00:00ZA Cyber Pipeline
https://sm.asisonline.org/Pages/Vote-Integrity.aspx2018-02-01T05:00:00ZVote Integrity

 

 

https://sm.asisonline.org/Pages/How-to-Hack-a-Human.aspx2018-01-01T05:00:00ZHow to Hack a Human
https://sm.asisonline.org/Pages/A-New-Social-World.aspx2017-12-01T05:00:00ZA New Social World
https://sm.asisonline.org/Pages/The-Internet-And-The-Future-of-Online-Trust.aspx2017-08-11T04:00:00ZThe Internet And The Future of Online Trust

 

 

https://sm.asisonline.org/Pages/Global-Cyber-Awareness.aspx2018-01-01T05:00:00ZGlobal Cyber Awareness
https://sm.asisonline.org/Pages/Held-Hostage-.aspx2017-12-01T05:00:00ZHeld Hostage
https://sm.asisonline.org/Pages/An-Identity-Crisis.aspx2017-12-01T05:00:00ZAn Identity Crisis

 

 

https://sm.asisonline.org/Pages/Cybersecurity-for-Remote-Workers.aspx2018-02-12T05:00:00ZCybersecurity for Remote Workers
https://sm.asisonline.org/Pages/Mobile-Mayhem.aspx2017-10-01T04:00:00ZMobile Mayhem
https://sm.asisonline.org/Pages/AI-The-Force-Multiplier.aspx2017-09-01T04:00:00ZAI: The Force Multiplier

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/The-Problem-with-Data-.aspxThe Problem with Data <p>​More than 2.5 quintillion bytes of data are created every day. The sum of all knowledge will double every 12 hours in the future, said 2017 ASIS President Thomas J. Langer, CPP, in his opening remarks at ASIS 2017.</p><p>That is a mind-boggling amount of data that will be created in the near future. And as we've seen over the past few years, it's becoming a liability for companies facing ever-more sophisticated cyberattacks.</p><p>Earlier this month, credit reporting agency Equifax reported that approximately 143 million of its customers' private data may have been exposed in a massive data breach. </p><p>The hackers behind the attack gained access to customers' names, birth dates, Social Security numbers, and addresses. While most of the customers were from the United States, individuals from Canada and the United Kingdom were also impacted.</p><p>The Equifax breach was almost seven times larger than the U.S. Office of Personnel Management breach. The treasure trove of data it exposed is ideal for criminals looking to carry out benefits and tax fraud, identity theft, and more, wrote Rick Holland, vice president of strategy at Digital Shadows, in a blog about the impact of the Equifax breach on enterprises and consumers.</p><p>"Attribution aside, one thing is certain though, regardless of the motivations of the attackers, this data is perfect for social engineering attacks," Holland wrote.</p><p>And social engineering attacks are still criminals' preferred method when it comes to spreading malware to victims—such as ransomware.</p><p>"Now firmly established as a daily desktop malware threat, the profile of ransomware as a threat on mobile devices will grow as developers hone their skills in attacking those operating systems and platforms," EUROPOL said in a recent report on Internet crime.</p><p>EUROPOL also predicts that devices will be the next "fertile ground for the proliferation of mobile ransomware."</p><p>All of this has prompted renewed debate on the increased need for data breach laws and regulation to keep sensitive data secure. </p><p>Europe is leading the way with the EU General Data Protection Regulation, and the United States may follow suit in light of the Equifax breach. </p><p>"In a world where one line of faulty computer code can mean the difference between normalcy and chaos, it is often not a question of if, but when, the most sensitive systems will be hacked," wrote U.S. Representative Ted Lieu (D-CA) in an op-ed for Slate about the fallout from Equifax. "Given this reality, we must improve our ability to react at every level after companies have been breached."</p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/An-Education-Connection.aspxAn Education Connection<p>​With a staff of more than 2,000 people and an annual operating budget of $360 million, Eastern Suffolk Board of Cooperative Educational Services (Eastern Suffolk BOCES) provides a variety of support for K-12 schools in Long Island, New York.  </p><p>“It could be things such as the schools’ IT support; we can host their computers and their servers; we can help out with test grading and professional development for their staff,” says Ryan Ruf, associate superintendent for management services at Eastern Suffolk BOCES. “And there are dozens and dozens of other services that we provide to public schools.” There are 51 school districts, called component districts, that the organization serves. </p><p>Located in 37 different buildings that Eastern Suffolk BOCES either rents or owns, the organization puts a priority on security to protect the wealth of sensitive student and school information that it houses. </p><p>“Since the safety and security of our students and staff are our number one priority, we have the responsibility to deploy proven integrated security technology systems to achieve this goal,” Ruf explains, noting the organization has turned to several vendors to make up a network of cameras, access control, and visitor management systems to maintain security.</p><p>“There are hundreds of cameras installed throughout our locations that are available on a platform where we can view them remotely,” Ruf notes. Most cameras are from Axis, and the video management system is by IP Video.  </p><p>Access control is another priority for the organization, says Ruf, who notes the growing number of active shooters in educational environments. “Not that many years ago, most school buildings on Long Island, in New York state, and throughout the country were open—parents could walk through the front door, drop off a lunch for their kids, and leave,” he explains. </p><p>But now that the situation has changed, Ruf says Eastern Suffolk BOCES is staying on top of the security threat, with the ability to lock down buildings remotely and control which staff members have access to which buildings. </p><p>“When you’re a big agency such as ourselves, and you have daily transactions with staff coming and going….you need to have the ability to control that,” he says. This includes shutting off access for an employee who no longer needs it or going through the proper protocols when someone resigns, he adds. </p><p>Eastern Suffolk BOCES also uses a visitor management platform from Raptor Technologies, which allows front desk employees to quickly process anyone wishing to gain access to the building by running their state-issued identification. Eastern Suffolk BOCES also built security vestibules in its lobbies, holding areas of sorts, where visitors must wait while their IDs are being processed.</p><p>“Raptor does a background check, and cross-references the ID with the sex offender list. It also records certain key information for us in case we needed to find out who was in our building at any particular time,” Ruf says. If everything checks out, a temporary ID is generated for the visitor. </p><p>A+ Technology & Security Solutions, Inc., is the integrator that installed and manages those security platforms for the organization, and monitors their health to perform any repairs that may be needed. “That way, if an incident does occur, things are working well soon after,” Ruf says. “We don't necessarily have the people power to walk around and check everything out every few hours and make sure everything is operational.” </p><p>While the technologies it has installed greatly improve its security posture, Eastern Suffolk BOCES took its ability to handle serious threats like active shooter to the next level when it signed up for a pilot program with A+ Technology and the local police department. Since December 2016, it has given Eastern Suffolk County Police headquarters access to its surveillance cameras in an emergency. </p><p>To connect its cameras to police headquarters, Eastern Suffolk BOCES built a fiber optic cable network that can be tapped into should other school districts want to leverage the same fiber in the future. </p><p>“With this new Ethernet line, we would be able to just route those individual component districts back to Suffolk County Police,” Ruf says, “and we view that as the next step in this program.” </p><p>When an emergency call comes in—whether it’s for an active shooter or another type of threat—police can automatically pull up the camera feeds from the location where the incident is occurring. From there, law enforcement can direct first responders with real-time information based on what the camera shows. </p><p>Ruf notes that many of Eastern Suffolk BOCES’ buildings are large, and possibly difficult to navigate for someone who isn’t familiar with the layout. “This way, police already have an eye inside of our building that's talking to the [first responder], directing them to the northeast corner of the building, or the south of the campus,” he explains.</p><p>Eastern Suffolk BOCES is part of the larger pilot program in Suffolk County facilitated by A+ Technology. The technology company has worked with other schools and businesses to install “tens of thousands of cameras” that connect to police headquarters, according to David Antar, president of A+ Technology. </p><p>“The system leverages something called the C3fusion by IP Video Corporation, which takes many disparate sources of information and brings them back to a common operating picture at police headquarters,” says Antar. </p><p>With such a large stakeholder community, Ruf says Eastern Suffolk BOCES benefits tremendously from having a one-stop-shop for law enforcement to view its cameras. </p><p>“There are 51 component districts. We can’t have 51 different systems that police are looking at, it has to be one uniform system,” Ruf notes, “We think this A+ solution is the one that makes the most sense.” </p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Book-Review---Network-Interview.aspxBook Review: Network Video<p><em>CRC Press; crcpress.com; 366 pages; $79.95.​</em></p><p>The true value of this second edition of <em>Intelligent Network Video</em> is found in its subhead: <em>Understanding Modern Video Surveillance Systems. </em><br></p><p>A quick glance through the comprehensive table of contents provides the reader with a virtual encyclopedic source of all things technical. Readers are introduced to terms for video networking such as progressive, interlaced, and 2CIF-based video screening; rolling shutter distortion; dwell time and heat mapping; and megapixel, multimegapixel, and ultra HD networks. Although there is no accompanying glossary for reference, the author does a superb job of providing clear definitions and descriptions throughout the text. </p><p>Author Fredrik Nilsson draws connections between the cyber and physical security worlds and demonstrates why and how convergence will affect all professionals under the security umbrella. As someone who has concentrated mostly on physical security and shied away from the technology side, I learned a lot from this discussion.</p><p>While the first edition of this book was excellent, new chapters on serious topics such as cloud computing, thermal camera and video developments, and the updating of network video standards improve it. The book is full of photos and detailed illustrations reinforcing the written material and demonstrating the value and comparison of various technology system components, and applications within network systems. </p><p>Nilsson does a fantastic job of educating the reader on the historical timelines and development of the entire industry and what makes it tick. More experienced practitioners will learn from the advanced, technically rich chapters. And readers will appreciate the candid discussion of the advantages and disadvantages of the various systems. This is a valuable addition to any security practitioner’s library. <em>CRC Press; crcpress.com; 366 pages; $79.95.</em></p><p><em><strong>Reviewer: Terry Lee Wettig, CPP</strong>, is an independent security consultant. He was previously director of risk management with Brink’s Incorporated and a U.S. Air Force Chief Master Sergeant. He is a doctoral candidate in organizational management and a member of ASIS.</em></p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465