Cyber Liability Tips & Resources

Why Implement Multi-factor Authentication?

What is Ransomware and How Do You Deal With It?

Wire Transfer Fraud (aka Social Engineering)

Cyber Security Best Practices

  • Beware of app permissions – only give permissions to the applications that need them, don’t be afraid to deny permissions to apps
  • Install antivirus software on all devices
  • Always lock your devices, especially when you will be leaving that space for a while; it is unlikely an attacker will know your password and be able to gain access to your data
  • Passwords – the more complex, the better. Especially in terms of length; you may even want to think of a sentence for a password, as it is easier to remember.
  • Ensure the URLs of sites you visit include HTTPS and a lock icon in the corner
  • Multi-factor authentication (what you know, what you have, and what you are) = stronger protection
  • Phishing emails rely on quick/incredible deals and a call to action to get you to make a thoughtless decision: slow it down and think-if it sounds too good to be true, it probably is.
  • Links in emails can be spoofed: double check links by hovering over the URL
  • It is important to keep your system updated, as this will often fix bugs, patch vulnerabilities, and keep your system optimized.
  • Never let someone else access sensitive data unless they are explicitly authorized, and they know the guidelines around the handling of that data.
  • Customer’s data should be protected and stored in a secure location, in which the data is encrypted, or password protected
  • Customer information that is no longer needed should be shredded/thoroughly erased
  • Conduct security awareness training with all employees
  • Store backups in a safe, secure environment and keep redundant copies offsite
  • Test those backups regularly and make sure you can easily and quickly restore files
  • Dual signature authorization required for transferring money over a certain threshold
  • Install both external and internal firewalls

 

Glossary of Cyber Terminology

Application Whitelisting – This allows one to specify what software is and is not allowed to run on their systems. This can be used to prevent any application that is not whitelisted from running. This prevents most malware from being able to execute on a system, as it is not permitted to do so.

Asset Inventory – A list that shows all IT hardware and devices an organization owns, operates, or manages. This is mostly used to see what security measures are in place and how the data is being held, which is directly corelated to assessing one’s risk.

Custom Threat Intelligence – Analysis of data from open-source intelligence and sources from the dark web to provide organizations with intelligence on cyber threats and actors. This is used to prevent, prepare, and identify cyber threats that are relevant to the organization.

Database Encryption – Where data within a database is encrypted. This can be used to prevent malicious actors from being able to read the data if they do end up gaining access to the database.

Data Loss Prevention – Specific software that can detect if data is being exfiltrated from a network or system. This is important, as it ensures their most sensitive data and assets are secured.

DDoS Mitigation – A solution used to filter out malicious traffic relating to a DDoS attack, while allowing users to continue to access the entity’s website or web-based services. A DDoS, or distributed denial of service attack, is one that targets a network by attacking nodes in the network, thus blocking incoming traffic to websites. These attacks can shut down a website entirely, affecting the business directly.

DMARC – Domain-based Message Authentication, Reporting and Conformance. This is an email authentication, policy, and reporting protocol. Using this identifies spoofed phishing emails by validating the sender’s identity. Phishing is when the attacker, hoping to gather personal and confidential information, sends an electronic communication (email, text, etc.) asking for sensitive data. Spoofing is where the attacker first steals the identity of a real-time user, and then contacts the user for personal and sensitive information. Both phishing and spoofing have the same end result, information stolen.

DNS Filtering – A technique used to block access to known bad IP addresses by users on the network. This ensures that company data remains secure and allows organizations to have control over what their employees can access on their network.

Email Filtering – Software that scans an organization’s inbound and outbound email messages, then organizes them into categories. This is used to filter out spam and other malicious content.

Employee Awareness Training – Training that increases employee’s security awareness. This is vital to organizations of all kinds, as a human fire wall is equally, if not more important, than a computerized one. This training can be generalized information, or focus on specific topics, like phishing emails.

Endpoint Protection – Software that uses behavioral and signature-based analysis to identify and stop malware infections. When organizations ensure endpoint compliance with data security standards, they can maintain greater control over the types and amount of access points to the network. Endpoints are remote computing devices that communicate back and forth with a network to which it is connected. Some examples are desktops, laptops, phones, etc.

Incident Response Plan – An action plan for dealing with cyber incidents. This helps guide an organization’s decision-making process and can assist in returning the network to a normal operating state as quickly as possible. Basically, this safeguards your organization from a potential loss of revenue due to downtime of the network.

Intrusion Detection System – Monitors activity on computer systems or networks and generates alerts when signs of compromise by malicious actors are detected. This can be used to help analyze the quantity and types of attacks on an organization, and then use this information to change their security systems or implement more effective controls.

Mobile Device Encryption – Encryption that scrambles data in such a way that it can only be read by someone with a special key. This is used for mobile devices, such as phones and laptops. This ensures that, even if lost or stolen, the data is still secured.

Network Monitoring – A system that monitors an organization’s network for performance and security issues. This assists in pointing out the exact location of network problems or prove that the network is not the issue.

Penetration Tests – Authorized simulated attacks against an organization to test its security defenses. This is also referred to as ethical hacking. These tests can help test security controls, find real-world vulnerabilities, ensure compliance, and reinforce security posture.

Perimeter Firewalls – Hardware solutions used to control and monitor network traffic between two points according to predefined parameters. Its goal is to prevent unwanted or suspicious data from entering or exiting the network, as it can filter both internal and external traffic.

Security Info & Event Management – System used to analyze network security information generated by different security solutions across a network. This makes it easier for organizations to manage security by massive amounts of security data and prioritizing security alerts the software generates. This also detects incidents that may otherwise be undetected.

Vulnerability Scans – Automated tests designed to examine systems or networks for the presence of known vulnerabilities that would allow malicious actors into the system. Doing this may prevent attacks that would have happened if left.

Web Application Firewall – Protects web facing servers and the applications they use from intrusion or malicious use by inspecting and blocking harmful requests and internet traffic. This is done by adhering to a set of policies that help determine what traffic is malicious and what is safe.

Web Content Filtering – Filters certain web pages or services that may pose a potential security threat to an organization. This is important as it reduces malware infections, protects against exploit kits, and minimizes company liability, among other things.