Every year in October, the Department of Homeland Security (DHS) promotes National Cybersecurity Awareness Month – a time when organizations are asked to take stock of the state of their network security. However, as we head into the holiday season, with Cyber Monday and other online sales and promotions abound – cybersecurity for both businesses and consumers is an issue everyone should pay attention to year-round.
Equifax Security Breach Affects Over 143 Million People – Half of the US Population: How Can Your Credit Score Be Safe?
Over the past few years, many enterprise-level companies such as Target have been hard-hit by cyber criminals who have accessed customer credit card information. Now Equifax is now among the largest companies hit by a cybersecurity breach – but this time it is on a scale that is stunning IT and security experts. According to the Wall Street Journal, the breach was a result of a well-known security hole in Cisco firewalls which was identified as a fix and distributed back in March. According to the article, Equifax’s IT experts deployed the fix, but in July “found the same security flaw still existed in some areas.”
While this breach was announced in September 2017, Equifax believes consumer information may have been accessed in an unauthorized manner between May and July, according to Fortune.
Given that Equifax is a credit reporting agency, the company holds a myriad of private consumer information. Last week, Equifax reported that over 143 million people – about half the size of the U.S. according to the Los Angeles Times – could be affected.
In a previous blog post entitled, Ransomware Targets Government Sector and Ravages Industries Worldwide, we discussed how enormous ransomware cyberattacks have rippled across the world targeting many industry sectors – including city governments. These attacks include the recent Petya (aka GoldenEye), reported in late June 2017, as well as WannaCry May 2017.
While ransomware can target any industry, business or individual, Government Computer News reports that the government sector is seeing a larger proportion of ransomware attacks than ever before. Therefore, municipal organizations must be on high alert and learn how to protect their networks against increasingly sophisticated cyberattacks.
However, protecting against malware, ransomware, and other cyberattacks, is a multi-tiered process that involves everyone at every level of an organization. Here are some key tips to keep in mind:
Invest in the latest Hardware/Software:
- Having the most updated operating systems (OS) such as Windows 10 is a good prevention measure as newer OS tend to have fewer security vulnerabilities. If you have a less current OS, experts warn to “apply the latest Microsoft security patches for this particular flaw.”
- Ensure your anti-virus programs are conducting regular scans with the latest virus signature files.
- Update or invest in new systems that offer more protection such as Next Generation Firewalls (NGFW). NGFW have many advantages including deep-packet inspection, application-level inspection, intrusion prevention, and intelligence from outside the firewall.
- Ensure employees at all levels of an organization are trained and understand what malware is and how to spot rogue emails. Employees need to know that they should never open attachments sent by an unknown sender. CXO Today reports that “…cybercriminals often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware.” As such, organizations also need to update antispam settings.
Have a Security Plan/Incident Response Team in Place:
- Having a security or incident plan in place for when an attack occurs is a proactive strategy for dealing with a cyberattack. CXO Today writes, “Internal confusion within the teams often delays the response to the cyberattack causing potential loss to the organization. Therefore, it is essential to establish an incident response team, with clearly defined roles and responsibilities.”
- A security plan also can include a concise inventory of assets, users, applications, and traffic flows. Without knowing what you have, data can be stolen quickly and may not be detected for months.
City governments must ensure their data is properly protected. Ransomware and other cyber threats are very real, and happening with rapidly increasing frequency all over the globe. For more information on protecting your network, contact DiamondIT.
Recent studies on cyber attacks in the U.S. outline staggering consequences. For instance, Datacenter Dynamics recently reported that cyber incidents in 2016 cost 500,000 jobs and over a $100 billion in financial loss to American companies.
But despite what might seem like an intuitive strategy, “fear” of an attack may not incite C-suite executives to invest more in cybersecurity. The problem is that it is “…very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries …are a small piece of the ROI calculation,” according to a recent article in the Harvard Business Review (HBR).
School districts must have a solid telecommunications network in place in order to protect, inform and enable communication across district campuses.
While many educators want to offer their students the best in technology, they must first lay the foundation for an effective digital teaching environment, and that starts with a reliable telecommunications or telco solution. However, the path to a good telco solution isn’t always exceedingly clear.
This article will outline how a Telco Audit can identify the funding and the fit for the right telecommunications network for school districts.
When Chief of Police, Kent Kroeger, first came on the job in 2014 at the Tehachapi Police Department, he was determined to make immediate changes and upgrades to station’s IT infrastructure. At the time, Chief Kroeger said the Tehachapi Police Department or TPD, located in California, was operating without the modern conveniences that other law enforcement agencies were using such as a modern call center or outfitting police vehicles with the latest mobile computers. In addition, the TPD was outsourcing its dispatch center to another nearby police department – a cost that was becoming prohibitive.
Developing an IT Infrastructure to Fit Your Business Needs in 2017: A Discussion with Matt Mayo, CEO, DiamondIT
Today there are many slick commercials and advertisements with smart-looking individuals holding tablets and working away using the newest technology to grow their businesses. There are slogans suggesting that organizations who procure the latest applications and hardware are the ones that become more productive…more successful. While these technical ads may be true to a point, there are many organizations in the real world that still struggle to determine the most practical, budget-friendly yet effective IT infrastructure. Everyone wants to work smarter. Everyone wants to have a safe and secure network. But not everyone knows how.
We sat down with Matt Mayo, CEO of DiamondIT, and asked him how businesses and organizations can get the most out of their IT in 2017.
As a solution provider with offices in Bakersfield and Los Angeles, California, DiamondIT works with a number of businesses and organizations in a multitude of industries from healthcare to education and has great insight into the needs of the business end-user.
Below is part one of Matt’s interview discussing the latest trends in IT for 2017.
When we think of the victims of cyber crime – we mostly think of individuals or small businesses being targeted. We rarely conjure up law enforcement as the targets. However, the fact is, even the toughest and most stringent of law enforcement agencies can be affected by cybercrime.
Ransomware occurs when a cybercriminal takes over a computer system and prohibits users from operating their computers until a “ransom,” is paid. The FBI writes that users and organizations are generally not aware they have been infected until it is too late. They learn of the infection when they can no longer access their data or they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key.
In the past few years, the cases of schools and universities becoming victims and targets of ransomware are becoming far too common. Recently news reports spanning worldwide are proliferating. It seems strange that cybercriminals would dare go after the institutions that protect and educate our children – but they do. In some cases, the cyberattacks stem from former students bent on revenge (as was the case last year in a Japanese school district), but in most cases, it is not personal – cybercriminals gauge weakness in a network and just go after it.
Aside from straightforward ransomware, K-12 Schools have also drawn the attention of cybercriminals interested in identity theft. As children are less likely to apply for credit until college, the use of their identities for obtaining fraudulent credit can go undetected for years and thus becomes a valuable commodity in the black market.
Every year, National Privacy Day underscores the importance of not just keeping one’s network and IT infrastructure safe from cybercriminals, but also having “reasonable security measures” in place to protect the privacy of customers, employees, and vendors. Developed by StaySafeOnline.org, National Privacy Day falls in late January each year and reminds businesses that the privacy of others is a big responsibility.
The fact is, identity and corporate theft is still a stark reality that people in 2017 are going to have to face as cyber criminals ramp up their efforts to go after organizations that guard private information of others: whether the information is from a medical center that is storing thousands of patient records in its servers; a retail store with credit card information; or even a small business with a handful of clients, security experts warn that every organization needs to ramp up their IT security efforts in 2017.