Slide Deck | Source: Cumulus Global —
Cyber Insurance is a tool, not a solution. This deck is from our June 2022 3T@3 Webcast: A Cyber Insurance Primer and discusses the what and why of cyber insurance and how it fits into your cyber security and incident response plans.
Streamlining IT Security for SMBsStreamlining IT security is a more balanced message about why and how to protect your business. Over the past year, we have covered the on-going, and increasing, threats to small businesses. We often highlight the scope and severity of the risk, including how security trends will affect small business. Hopefully this information, along with cost-effective solutions, prompts you to act. At times, we may appear to be fear-mongering.
Sound business practices, not fear, should be your motivation to protect against cyber attacks.
The market is awash with cyber security solutions. These range from single-protection products to complex advanced security monitoring and response services. The number of options, and competing claims, is overwhelming.
Focus protections on the most common, and most damaging, types of attacks.
We know that:
As such, small and midsize businesses should focus on preventing these types of attacks. Plan to limit your security approach and spending to prevention and recovery from these risks.
Make sure your team knows how to spot an attack and what to do if they suspect an attack. They should know the risks and steps you are taking to protect your business.
Periodically sharing articles or updates may be sufficient to strengthen your business. Subscribing to a security awareness training service is an affordable way to provide this education. Your cyber insurance policy may require this service.
To protect your business from the greatest risks, put the following solutions in place:
Specific to business email compromise attacks and ensuring your legitimate emails are not flagged as dangerous, ensure your domain configuration include the following protocols and services:
Even with protections in place, cyber attacks can be successful. Ensure that you can return to operations quickly, even as a full recovery may take time. Your ability to recover and respond should include:
Note that continuity services also protects you from the impact of hardware issues, theft, and other losses.
For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.
To learn more, please join us on May 17th at 3:00 PM ET for Streamlining Security, our May 3T@3 Webcast or schedule a no-obligation call with one of our cloud advisors.
Speaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.” His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.
Expectations are changing and our tolerance for breaches is dropping. More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days. Frankly, many of us are failing at the fundamentals of IT security and this needs to change.
While smaller in size, SMBs remain prime targets of cyber attacks. With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective. SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.
Here are 7 security trends that warrant our attention and action:
As the name implies, Zero-Day Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.
Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.
Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not. For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.
We need Security Awareness Training to help individuals understand the risks and build safe habits.
As noted, security expectations are changing. State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).
With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.
Internet of Things devices, and similar automation technologies are popular and often lack basic security features.
As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.
Bad actors know that attacks on supply chains can be more effective than attacking an intended target.
If your smaller business is in the supply chain of a larger company, expect security to become an issue. They are likely to request — or demand – additional security measures as a condition of your business relationship. And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.
Data mining enables attackers to not only go after your business, but your vendors and customers as well. Imagine attackers telling your customers their private data will be released if you do not pay the ransom. Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.
We need to start protecting unregulated data in the same ways we protect regulated data. Encryption, for example, does not prevent a breach but ensures the data cannot be used.
It would be nice to think we are past the ransomware pandemic, but we are not. Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue). Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.
A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.
Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.
As cyber attacks on real estate agents and brokers increase, clients are paying the price.
Most of the country is facing high demand for housing with extraordinarily low supply. This creates a highly competitive sellers’ market in which buyers compete to have offers accepted. The urgency and need to move fast makes real estate agents, and their clients, prime targets for cyber crime. As noted in a recent bulletin from CRES Insurance, brokers and agents need to protect themselves and their businesses from cyber attacks, which can include adding cyber insurance for real estate organizations.
Imagine being a real estate agent and receiving a call from client excited that their offer was accepted and confirming that they have wired the deposit, only to realize that their offer was not accepted. They share the email with you with the instructions. The email looks like is from you, your assistant, or your firm. The message uses words and phrasing that you and others at your firm regularly use. Without close inspection, the message appears to be legitimate.
Your email domain and/or your identity has been successfully impersonated. Your client has lost thousands of dollars. Your reputation is damaged. You may be facing legal action. All reasons to pursue proper data protection and security services to prevent real estate cyber attacks.
This form of attack, a Business Email Compromise (BEC), is on the rise and real estate agents and brokers are the target. Attackers compile information about you, and how you work, from public sources and social media. In some cases, you may be an unknowing victim of an advanced persistent attack. In these attacks, hackers install software the sits quietly on your computer, tracking your activity, and sending information back to the attacker’s servers. The attackers then use this information to impersonate you and/or your business.
Once an attacker can impersonate you or your business, your clients become the financial victims. You face a loss of clients and reputation, and potential legal action.
Like any business, agents and brokers need to ensure their systems are safe and secure with proper real estate cyber security best practices. They should also take steps, specifically, to prevent domain and email impersonation. Here are three cyber security steps you can take to protect your real estate business from attacks.
Feel free to contact us to discuss your security profile or for a security assessment.
The U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.
Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.
Fortunately, you have a range of tools at your disposal to protect you business:
These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.
Please contact us if you have any questions or would like a no-obligation review of your security footprint. You can also schedule a call with one our Cloud Advisors, below.
eBook | Source: Cumulus Global —
Cyber attacks by email have skyrocketed over the last decade. Email and domain impersonation attacks, fueled by successful phishing attacks, bypass account-centric security. This eBook discusses how to protect your business and domain from Business Email Compromises and impersonation attacks.
Gone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.
With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.
Here are 4 key findings from research conducted by Microsoft:
The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.
However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.
90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked
For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity, and 21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.
As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.
Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or sharing sensitive information, whether maliciously or accidentally.
Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.
Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.
Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant impact on your company’s overall security profile. The key is to match security to your business needs and your budget.
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.
Security Threats: 3 You Know and 1 You ShouldSecurity threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.
According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.
Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.
While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.
The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.
Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.
These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business. Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.
While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.
All of the suggestions, above, fall within our Security CPR® best-practice model and services for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.
eBook | Source: ID Agent —
2020 saw a cybercrime boom that included record-breaking phishing and ransomware threats. This report provides insights into the rapidly changing cybersecurity landscape; forecasts cybersecurity trends for 2021; and provides helpful advice about smart risk mitigations that fit every business and every budget.
As part of its Global Year in Breach – 2021 report, security firm ID Agent found that remote workforce security is more difficult than generally thought. With many of the changes in how we work expected to continue, as business leaders we need to embrace hybrid work as the way of the future.
Remote workforce security is a subset of IT cybersecurity that focuses on protecting corporate data and other assets when employees work outside of a physical office. Implementing strong security protocols and technologies for remote access, educating employees on how to identify security risks and stay safe, and strengthening your overall business data protection and security are some of the best ways to secure your remote workforce.
2020 and the onset of the global COVID-19 pandemic presented new challenges. The biggest challenge was cybercrime. The mix of understaffed IT departments, maintenance failures, unpreparedness, record-breaking cybercrime, and employee stress taxed IT teams and services. Cybercriminals took advantage of this golden opportunity, and businesses were hit hard.
Businesses needed to rapidly shift to remote operations. For those with older technology, this shift was especially difficult. Everybody became a remote worker. IT teams needed to become instant experts in remote workforce security, including knowing the four pillars of cloud security. For too many businesses, it was a mad scramble to to get their teams remotely or face shutting down entirely. Many employees lacked training in remote work; many IT teams had never managed remote security at scale. A barrage of unintentional, insider threats assaulted IT teams daily.
Why was the massive shift to Work from Home such a boon to cybercrime?
IT departments were unprepared and understaffed. Only 39% of IT executives polled felt they have adequate IT expertise on staff to assist with remote work issues. Only 45% of organizations reported having and adequate budget to support remote work.
At the same time, employees were dealing with unexpected stress at home and more likely to make cybersecurity mistakes. Over 50% of respondents admitted they were more error-prone while stressed. 40% said they made more mistakes when tired or distracted. Altogether, 43% of workers surveyed acknowledged mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.
Chaos and confusion created opportunities for cybercriminals. Experts estimate that overall cybercrime was up by 80% in 2020. Much of that increase was from phishing attacks. Cybercriminals took advantage distracted, stressed workers, with limited IT support, and immense numbers of email. In 2020, phishing attacks skyrocketed by more than 650%. Attacks hit 75% of companies and accounted for almost 80% of all cybercrime.
Successful ransomware also jumped more than 145%. In 2020, 51% of all businesses and 40% of small and midsize businesses experienced a ransomware attack. 50% of attacks on SMBs used vicious double extortion ransomware. Ransomware will continue to top the list of cybercrime trends in 2021.
Stopping ransomware and decreasing your company’s risk of a successful cyberattack against remote and hybrid workers starts with stopping phishing and its destructive effects. We have tools that help your IT team support and protect your people and your business, while also protecting your budget.
To learn more about you cyber risks, and solutions to fit your needs and budget, contact us and schedule a complimentary Cloud Advisor Session.
