1500 Lake Shore Drive, Suite 400, Columbus, OH 43204
614.481.4300
Category

Cyber Security Awareness

What is U.S. Cybersecurity Emergency Response Team?

By Cyber Security Awareness | No Comments

Malware, viruses and worms are only a few of the cybersecurity threats that affect your online security, privacy and personal information. Learn what is U.S. Cybersecurity Emergency Response Team (US-CERT), a tool that protects you every day.

History of the U.S. Cybersecurity Emergency Response Team

The US-CERT began in early 2000. The federal government noticed an increase in cyber breaches and began investigating ways to respond to these threats. Congress cooperated and created the Federal Computer Incident Response Center (FedCIRC).

In 2002, Congress transferred FedCIRC duties to the newly created Department of Homeland Security. The FedCIRC was renamed US-CERT in 2003, and its mission also expanded. The organization now coordinated and shared information and provided boundary protection for the government and cybersecurity leaders.

Over time, US-CERT developed into an authoritative source and trusted security partner for the federal government and international organizations. Private industries like banks and businesses use US-CERT resources, too.

What Does the U.S. Cybersecurity Emergency Response Team Do?

The U.S. Cybersecurity Emergency Response Team performs several critical mission activities. They:

  • Analyze data about emerging cyber threats.
  • Collaborate with foreign governments and international entities to improve the U.S.’s cybersecurity position.
  • Detect intruders and prevent cybersecurity attacks for civilian executive branches of the federal government.
  • Develop actionable tips, actions and information for a variety of agencies including international organizations, federal departments, critical infrastructure owners and operators and private industries.
  • Respond to emerging cyber threats and incidents.

How Does US-CERT Handle Potential Threats?

When the US-CERT receives a threat report from any source, including civilians, they act quickly. The team must assess the threat, determine its viability and take steps to stop it.

The department partners with several international and national organizations to ensure security of the infrastructure, systems and assets that are critical to United States security. These partners include federal agencies, international entities, research communities and private sector organizations.

Find Out About US-CERT Threats

Stay updated on potential and founded cybersecurity threats with several resources.

  • Weekly Vulnerability Bulletins – summaries of new vulnerabilities and any available patch information
  • Technical Alerts – information about incidents, vulnerabilities and trends that pose significant risk and the actions taken to minimize information loss or service disruption
  • Current Activity entries – concise descriptions of any issues and associated actions that help consumers and other entities remain safe
  • Tips – details about issues US-CERT’s constituents may find valuable, helpful or interesting
  • NVD – data that manages standards-based vulnerability

What is U.S. Cybersecurity Emergency Response Team? In a nutshell, it’s the organization that keeps you, your bank, businesses and the country safe from computer attacks that threaten our national security and your personal information. You can sleep peacefully at night because US-CERT does their job behind the scenes every day.

Cyber Risks are Real, Protect Your Business

By Cyber Security Awareness | No Comments

The federal Internet Crime Complaint Center received more than 330,000 complaints in 2009, and more than a third of them ended up in the hands of law enforcement. The damages from those referred to the authorities totaled more than a half billion dollars. The Government Accountability Office estimated that cyber crime cost U.S. organizations $67.2 billion in 2005; that number has likely increased since then. With so much of business today done electronically, organizations of all types are highly vulnerable to theft and corruption of their data. It is important for them to identify their loss exposures, possible loss scenarios, and prepare for them. Some of the questions they should ask include:

What types of property are vulnerable? 

The organization should consider property it owns, leases, or property of others it has in its custody. Some examples:

    • Money, both the organization’s own funds and those it holds as a fiduciary for someone else
    • Customer or member lists containing personally identifiable information, account numbers, cell phone numbers, and other non-public information
    • Personnel records
    • Medical insurance records
    • Bank account information
    • Confidential memos and spreadsheets
    • E-mail
    • Software stored on web servers

Different types of property will be susceptible to various threats, such as embezzlement, extortion, viruses, and theft.

What loss scenarios could occur?

The organization needs to prepare for events such as:

    • A fire destroys large portions of the computer network, including the servers. Operations cease until the servers can be replaced and reloaded with data.
    • A computer virus infects a workstation. The user of that computer unknowingly spreads it to everyone in his workgroup, crippling the department during one of the year’s peak periods.
    • The accounting department discovers a pattern of irregular small funds transfers to an account no one has ever heard of. The transfers, which have been occurring for almost three months, were small enough to avoid attracting attention. They total more than $10,000.
    • A vendor’s employee strikes up a casual conversation at a worker’s cubicle and stays long enough to memorize the worker’s computer password, written on a post-it note stuck to her monitor. Two weeks later, technology staff discovers that an offsite computer has accessed the human resources database and viewed Social Security numbers, driver’s license numbers, and other personal information.

In addition to taking steps to prevent these things from happening, the organization should consider buying a Cyber insurance policy. Several insurance companies now offer this coverage; although no standard policy exists yet, the policies share some common features. They usually cover property or data damage or destruction, data protection and recovery, loss of income when a business must suspend operations due to data loss, extra expenses necessary to maintain operations following a data event, data theft, and extortion.

However, each company might define these coverages differently, so reviewing the terms and conditions of a particular policy is crucial. Choosing an appropriate amount of insurance is difficult because there is no easy way to measure the exposure in advance.

Consultation with the organization’s technology department, insurance agent and insurance company might be helpful. Finally, all policies will carry a deductible; the organization should select a deductible level that it can afford to pay and that will provide it with a meaningful discount on the premium. Once management has a thorough understanding of the coverages various policies provide in relation to the organization’s exposures, it can fairly compare the costs of the policies and make an informed choice.

Computer networks are a necessary part of any organization’s environment today. Loss prevention and reduction techniques, coupled with sound insurance protection at a reasonable cost, will enable an organization to get through a cyber loss event.

Choose A Secure Password With 11 Tips

By Cyber Security Awareness | No Comments

Strong passwords protect your information from cybercriminals and keep you safe as you use the internet.

1. Use a combination of letters, numbers and symbols.

The best keywords are difficult to guess, so use a combination of lowercase and uppercase letters, numbers and symbols.

2. Use at least eight characters.

Longer passwords are more difficult to guess, so aim to make all your passwords at least eight characters long.

3. Avoid common words.

It’s amazing how many people set common words like “qwerty” or “12345” as their passwords. You secure your accounts when you use more challenging passwords.

4. Opt for unique phrases.

Single-word passwords are easy for hackers to crack with their dictionary software. Phrases like “I like ham sandwiches” or “the dog ate my homework” are more challenging to hack. Consider misspelling phrases, too, and replace letters with numbers or symbols or abbreviate words. Examples include ilIkeh@msandw!ches or tHed@g8myhomew*rk.

5. Avoid using your name or familiar numbers.

Hackers can easily find information about your life and use those details to hack into the websites you use. Never use your:

  • Name, including nickname or maiden name
  • Birth date
  • Social Security number
  • Street address
  • Family members’ names or birthdates
  • Pets’ names
  • Address, current or former

6. Don’t reuse passwords.

When you change your password, pick a unique password that you’ve never used on any site.

7. Give every site a different password.

Use the same password for multiple sites, and you invite a hacker to access all your information. Instead, use a different password for every site. A password manager can help you remember all your different passwords.

8. Use a two-factor authentication.

A two-factor authentication or 2FA increases your log-in security. It typically includes your password and a PIN, code, fingerprint or voiceprint.

9. Don’t save your passwords.

Browsers typically prompt you to save passwords. Always click no. Someone could gain access to your device and then log into websites using your saved passwords.

10. Log out of websites and devices.

After using a website or device, log out. This step reduces the chances of someone logging onto your device and gaining access the sites you used.

11. Change your passwords often.

At least once a month or more often for bank or social media sites, change the password. Set a reminder alarm on your phone’s calendar if necessary.

When you secure your passwords, you make it more challenging for cybercriminals to steal your personal information. For additional safety tips and details about cyber insurance, talk to your insurance agent today.

Practical Tips To Avoid Phishing Attacks At Work

By Cyber Security Awareness | No Comments

According to a phishing study conducted by KnowBe4, employees in the insurance, manufacturing and technology industries click phishing emails or open infected attachments more than employees in other industries.However, no industry is immune to phishing attacks. Use several practical tips to protect your company from phishing attacks.

1. Recognize spam.

Emails designed to gather and steal information can be disguised to look like they originate from a legitimate company. Check every email carefully before you open it, and look for this and other signs of spam.

  • Originate from an unrecognized sender.
  • Ask for confirmation of personal, financial or banking information.
  • Contain a sense of urgency.
  • Threaten to contact the police or other organization if you don’t comply.

If you notice any of these signs, mark the email as spam and delete it.

2. Use secure websites.

Employers may need to order or pay for items online. In this case, they should only use secure websites to share personal or financial information. A lock icon on the browser status bar and https URL indicate that the site is secure.

3. Carefully update information via email.

Cybercriminals can practically duplicate the look, logo and other details of a legitimate company as they attempt to steal data. Your employees should always verify that the email is from the right company before they submit personal, financial or other secure information. Even then, they should use caution since anyone can hack into email and access the sensitive data it contains.

4. Avoid clicking on certain links, files and attachments.

Links, files and attachments from unknown senders may contain a virus or spyware that can compromise your entire network. Remind employees not to click on email links, files or attachments from senders they do not know or are not expecting.

5. Beware of pop-ups.

Annoying pop-ups can also be a tool cybercriminals use to gather sensitive data. Legitimate companies do not gather information via a pop-up, so employees should not click on pop-ups, copy a pop-up’s web address into a browser or enter personal information into a pop-up screen.

6. Utilize IT security measures.

Your computer system should feature IT security, including a firewall, anti-virus and anti-spyware software, and spam filters. Update these measures regularly, and instruct your employees to keep them intact.

7. Hold frequent training.

Human forgetfulness and evolving phishing scams require you to host frequent cybersecurity training. It teaches your employees to recognize and avoid phishing scams and can dramatically decrease risks.

Phishing scams can harm your company now and into the future. In addition to purchasing cyber insurance, protect your company when you take these practical steps.

Tips to Combat Email Phishing Attacks

By Cyber Security Awareness | No Comments

As many as one in five office workers fall prey to phishing incidents, but 14 percent of office workers don’t recognize phishing attacks. Learn more about phishing and how to combat attacks on your personal or company email.

What is Phishing?

Phishing is a scam that cybercriminals use to gain access to sensitive information. It often occurs via email. The cybercriminal will send you an email that looks official but actually includes spyware, malware or other malicious software. When you open the link or download the file from the email, the criminals can access confidential information like bank account information, your social security number and other data. In many cases, you never know that your information has been compromised.

How to Recognize a Phishing Email

Phishing emails are designed to look authoritative so that you will open them and give the cybercriminal access to your computer. While these emails often look like they’re from a real company, you can usually recognize them via five signs.

    • Sender AddressBefore opening any email, look at the sender’s address. It may look similar to the official company’s address but could be slightly off. For example, it may use dot-net instead of dot-com or include a small spelling error like micrsoft or mircosoft.
    • GraphicsCybercriminals do a great job of imitating the graphics of popular companies. However, the logo, colors or design may be slightly off in a small way.
    • Spelling and Grammar ErrorsMost companies and organizations employ a team of copywriters who write professional content that’s typically error-free. Emails with spelling or grammar errors, are possibly phishing schemes.
    • LinksEmail links are a cybercriminal’s primary phishing tool. You can hover your mouse over any links and verify that it matches the address of the email’s sender, a sign that the link is safe.
    • ThreatsCybercriminals use threats and fear to manipulate consumers. They may say that you will lose money, face criminal charges or suffer another devastating consequence if you don’t open the email. In most cases, these threats are meant to incite fear and get you to comply with their complicit wishes.

Steps That Protect Your Email

You can’t prevent cybercriminals from targeting you. However, you can take steps to protect yourself.

  • Install spam filters and virus scans.
  • Learn to recognize phishing emails.
  • Only open email links from verified and trusted sources.
  • Delete any emails that look suspicious.
  • Train coworkers and associates to recognize phishing threats.
  • Purchase cyber insurance that protects you if you are a victim of phishing.

You can’t stop cybercriminals from targeting your email, but you can use these tips to protect yourself and your data.

Tips To Foster New Cybersecurity Professionals And Protect Your Business

By Cyber Security Awareness | No Comments

By 2019, the cybersecurity industry will face a deficit of over two million professionals. Whether your company needs a solid cybersecurity team or already has a great team in place, consider taking steps to fight this deficit and protect your business.

Detail the Threat

Incite current employees to enter the cybersecurity industry when you detail current threats, including phishing scams and cyber breaches. Employees who are aware of the threats may step up and seek further training so they can protect others.

Make Cybersecurity Everyone’s Job

Cyberbreach costs exceed $100 billion annually in the United States. Despite your cyber liability insurance policy, your company is not immune to breaches. Ensure that every employee understands the basics of privacy and security in their daily operations. With ongoing training, your team will be equipped to protect your company.

Recommend Schools that Align with National Cybersecurity Guidelines

The National Security Agency (NSA) and Department of Homeland Security (DHS) sponsor a program that supports cybersecurity education for all elementary to postgraduate students and aims to improve the number of trained cybersecurity professionals. Currently, 200 universities have earned the Centers of Academic Excellence in Cyber Defense (CAE-CD) status in the U.S. Highlight these schools as you encourage people to enter the cybersecurity field.

Encourage Hands-on Training

In addition to four-year degrees, a variety of hands-on certification programs also train students to handle cyber challenges. They include the Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), Security+, Network+, GIAC Penetration Tester (GPEN), and Certified Ethical Hacker (CEH). The hands-on education means graduates are prepared to succeed as security specialists, security analysts or other security professionals immediately after graduation.

Introduce Practical Skills

A cybersecurity training program will include technical classes in risk management, data mining and statistical analysis. However, students must know other skills such as collaboration, conflict management, perseverance, and attention to detail. These practical skills provide a well-rounded education and enhance a student’s ability to succeed in the cybersecurity field.

Offer an Annual Scholarship or Tuition Reimbursement

Sometimes, finances prevent someone from pursuing a cybersecurity career. Reduce financial strain with a scholarship for current employees and their family members. You could also offer tuition reimbursement that allows employees to boost their current cybersecurity skills or pursue advanced training.

Allow Flexible Work Hours

If your employees express interest in pursuing cybersecurity training, give them a flexible work schedule. They can work a different shift, share duties with another employee or telecommute as they balance work and classes.

Your company can do its part to train new cybersecurity professionals. Take these steps so that more trained personnel can fight cybercrime and keep data safe.

How Much Cyber Liability Insurance Should A Business Purchase

By Cyber Security Awareness | No Comments

Cyber breaches that affect big businesses make the news, but over 60 percent of all cyber breaches target small and medium-sized businesses. Because you must protect your business, no matter what its size, purchase adequate cyber liability insurance.

What is Cyber Liability Insurance?

When your business suffers a data breach, you can file a cyber liability insurance claim. The policy won’t prevent a hack, but it will cover your financial losses and assist your company during recovery.

Common Cyber Breach Risks

Any company, from international mega corporations to small family-owned businesses, that operates online or handles customer data faces cyber breach risks such as:

  • Human error – using the same password for all websites, losing unlocked devices or downloading malware.
  • Mobile devices – gateway for thieves when used over unsecured Wi-Fi connections or left unlocked.
  • Disgruntled former employees – use old login information to hack into your system.
  • Ransomware – hackers introduce malware onto your computer, encrypt data and require a ransom before they release and decrypt your system.
  • Coordinated attacks – international hacker groups target the sensitive information your company stores.

How Much Does a Cyber Breach Cost?

After a cyber breach, your company will owe first-party expenses, such as damages to your systems and data, and third-party expenses related to your liability to customers. Examples of these two expenses include:

  • Customer losses – direct financial loss, credit monitoring and other related expenses.
  • Business disruption expenses – account for up to 39 percent of a breach’s total cost.
  • Direct financial loss – resources the hackers steal from your company bank accounts.
  • Legal costs – handling lawsuits customers may file against your business.
  • Regulatory fines – imposed by the FCC, FTC, HHS and your state.
  • Public relations expenses – required to rebuild your company’s reputation.

These and other expenses contribute to the $3.62 million global average cost of a cyber breach. Each breach affects an average of 24,000 records, reports the Ponemon Institute, and costs $141 per individual lost or stolen record. Multiply this figure by the number of confidential or sensitive records your company stores, and you get an idea of how expensive a breach would be for your business.

Purchase Adequate Cyber Liability Insurance

Many experts suggest that businesses purchase at least $1 million in cyber liability insurance. Without this valuable coverage, your company could face insurmountable financial challenges and possible bankruptcy after a cyber breach.

On average, small businesses pay from $750-8,000 per year for this valuable coverage. Because your needs vary, schedule a consultation with your insurance agent and get a detailed quote.

Protect your customers and your business with cyber liability insurance. It’s essential coverage for every company.

Security Tips That Protect Your Website From Hackers

By Cyber Security Awareness | No Comments

Your company’s website shares information about your business and promotes sales. Hackers can access your website and wreak havoc on your business, though, as they steal customer data, post negative messages to customers or destroy records. As you lock your company’s doors every day, implement several tips as you protect your website, your reputation and business.

Stay Informed About Security Threats

Hackers change tactics often in an effort to access data, so stay informed. Follow tech sites, including The Hacker News, as you secure your website.

Boost Admin Portal Security

Because the admin portal serves as the brain of your website, you need to secure it.

  • Utilize a username and password that are hard to guess.
  • Never share login information with unauthorized users or via email.
  • Limit login attempts.
  • Require a multi-factor authentication for logins.
  • Reduce access to the portal.
  • Scan devices that connect to the network, and ensure they’re not affected by viruses or malware.

Install Security Software

A web application firewall (WAF) scans all the information that passes between your data connection and web server. It catches hacking attempts, malicious bots and spam, so choose one to install.

Update Software

Software updates or patches may close security vulnerabilities and fix bugs. Because hackers can scan thousands of websites each hour, set your devices, web servers and all aspects of your website to update software automatically as you protect your business.

Add an Encrypted SSL

You may use your company’s website to gather customer email addresses or credit card information. In this case, use an encrypted SSL to hide personal information that’s transmitted from your website to your database.

Minimize File Upload Access

You may carefully scan uploaded files for security threats, but smart hackers can easily hide bugs in those files and gain access to your website. Counteract hackers when you store uploaded files outside of the root directory, then use a specific script when you’re ready to access the stored information.

Backup Your Website Frequently

Several times a day, schedule website backups. Choose a local and off-site backup location so you can get to your data if a hacker does manage to access your website, the hardware fails or you suffer a power outage.

Prioritize Security

Everyone in your company should prioritize security and take steps to deter hackers. Train employees to secure their devices that connect to your server, follow password security protocols and set logins to expire quickly after inactivity.

With these tips, you can protect your website from hackers. Additionally, talk to your cyber liability insurance agent and ask about other strategies and steps you can take to protect your website, customers and business.

Tips That Protect Customer Information In Your Open Office

By Cyber Security Awareness | No Comments

Your customers entrust their personal data to you and your company. Your employees may easily share information, though, particularly if you operate an open office with little privacy. Protect your customers’ information and identities when you follow several tips.

Collect Only the Data you Need

Unless you need a customer’s driver’s license number or Social Security number for a specific purpose related to the transaction, don’t collect this data. Ask only for the data you need, and reduce access to information that could be compromised.

Use Data Only for Legitimate Purposes

The data you collect may be used to complete a sale or open a line of credit, but don’t use a customer’s data for any other purpose. Improper use of data can compromise a customer and place your company at risk.

Store Data Properly

Protect sensitive customer data when you store it electronically and never on paper. Then encrypt all data and lock it in a centralized location, not on a USB drive or other removable media. When you’re ready to erase the data, wipe it from your system and shred any paper files.

Use a Dedicated Server

While you could use a shared server to save money, a dedicated server reduces a hacker’s ability to access your data. It reduces vulnerability and improves security.

Protect Your Network

Secure the information on your network when you update your system’s anti-virus and firewall protection and scan often for malware. Perform regular updates on all computers and other connected devices, too.

Secure Your Devices

Use only updated computers, tablets, smartphones, printers, fax machines and all devices as you improve security. Then ensure all devices that connect to the internet are kept locked when not in use. When employees must connect remotely to your network, ensure they use a secure VPN (Virtual Private Network).

Backup Data Regularly

Schedule data backups at least daily. This step secures data as you collect it and reduces the risks of theft.

Restrict Access

Maintain a “need to know” attitude as you protect data. If employees don’t need access to the information stored on paper or electronically, they shouldn’t have access to it.

Train Employees

Educate your entire staff about how to protect customer information. They should know how to maintain confidentiality during every step of their customer interaction, including before the sale,  when they collect payment and during any follow-up.

Employees should also know how to:

  • Update software.
  • Lock computers when they’re not in use.
  • Avoid downloading malware.
  • Change passwords often.

Protect customer data in your open office when you take these steps. When you and your team secure data during every step of your customer interaction, you reduce the risk of an expensive cyber breach.

Ways To Secure Your Virtual Payment Terminal

By Cyber Security Awareness | No Comments

With a virtual payment terminal, you can take payments over the internet. Not only will you boost sales, but you’ll also offer convenience to your customers. Your virtual payment terminal may be vulnerable to security risks, though, so follow several tips as you reduce liability and protect your customers and business.

What is a Virtual Payment Terminal?

Your virtual payment terminal allows you to accept credit card payments without using a credit card terminal. Simply log into the virtual terminal website from your device, enter the sales amount and key in the credit card information. You’ll then receive authorization if the sale is approved and can print or email the receipt.

After each sale or when it’s convenient for you, check the transaction history to see details about your sales and processing activity. The terminal also includes performance data and financial reports, and you can adjust the admin settings.

With your virtual payment terminal, you can accept payments anywhere. You’ll also save money with lower processing fees and increased opportunities to make sales.

Security Tips for Your Virtual Payment Terminal

Your virtual payment terminal offers convenience and can boost sales, but you must secure it. You will be liable if your actions compromise a customer’s credit card number or if fraud occurs to your account.

  • Never store customer payment information. Use credit card data to make the sale, but never make or store a copy of the card number or other details.
  • Use a PCI-compliant virtual payment terminal provider.
  • Utilize fraud filters that identify potential fraud and help you respond properly.
  • Partner with a provider that uses Point-to-Point encryption.
  • Implement tokenization. It replaces data with a token and inhibits hackers.
  • Avoid public Wi-Fi connections that are often unsecure.
  • Follow all the security protocols mandated by your virtual payment terminal provider. These protocols may include annual PCI compliance training or software updates as you protect your customers’ data and company.
  • Limit login access. Only authorized employees should be able to log into your virtual payment terminal as you prevent unauthorized transactions or other information compromises.
  • Log out after each transaction or when you need to walk away from your device. This step prevents someone from accessing the terminal and information between sales.
  • Secure the computers, smartphones and tablets you use to access your virtual payment terminal. If possible, use devices that require a pin or use fingerprint or face recognition, and store these devices in a secure location.

Your business benefits from a virtual payment terminal. Secure it as you limit your liability and protect customers and your company.