CYBER SAFETY: KEEPING YOU INFORMED

At River Run, our mission is to help our people, our clients, and our community achieve meaningful results. One way we honor this mission is by sharing information on the latest Cyber Security trends and buzz words. Until recently, our Technical Dictionary did not include Phishing, Vishing, Whaling, or Ransomware. It is a new Cyber Landscape, and this document is designed to help you understand the new landscape and steps you should take to keep you and your team Cyber Safe.
 

Cyber Security: Technology can help

  • Advances in Technology and Artificial Intelligence (AI) have helped to make it possible to keep pace with the latest threats. There are a variety of monitors and alerts to which you can subscribe to protect your personal and company information. Banks, credit cards, and other service companies offer many of these services.

  • Enhanced passwords make it more difficult for bad actors to use or guess a password. The length and complexity of a password deters the bad actor from attempted logins. Multiple attempts to login with a complex password may time out your account(s) or force them to lock and notify you of an attempt to get in.

  • Multifactor or two-factor authentication creates additional levels of security that make it more difficult to use or guess a password without the additional layers of protection. This may be a bit cumbersome for some and it has forced businesses to look at their mobile device policies to provide for token applications to be used on personal devices.

  • New vulnerability and penetration testing services are offered to check if corporate networks are up to date with the latest patches and configurations to respond to many new threats as they are identified.
     

Cyber Safety: Everyone plays a part

  • The protection of personal and corporate information is the responsibility of all those who work with technology every day. We are challenged with the task to make sure our information/data is secure and that we use this information correctly.

  • Systems and services are in place to provide automated protection of our data, but what about governance? Who has access and when or why do they need it? These questions need to be answered.

  • How should we prepare and respond to security events (e.g., Data Breach, Phishing email)? We tend to shy away from the “what if” scenarios and focus on daily operations because “what if” can be a difficult conversation and open a multitude of other issues that may need to be addressed.

  • The need for an Incident Response Plan centered around a data breach (e.g., Ransomware) is a critical tool to have at the ready. A Cyber disaster could be as simple as a failed system that cannot be restarted due to corrupt or encrypted system files, or a Denial-of-Service attack that makes it impossible for remote users to connect to their corporate network. These incidents may exceed normal recovery time expectations, so plans are needed for a speedy recovery.
     

Cyber Training: The more you know the better prepared you will be

  • It is important to train your end users and provide updated Cyber Security information regularly. The threat landscape continues to change, and providing continual awareness of these threats goes a long way in being prepared.

  • Phishing testing is also a must, and it provides a great opportunity to instill best practices in our people by helping them identify suspect emails.

  • Engage in the use of a multifactor authentication system. It is inevitable, security processes require the positive identity of the employee beyond a simple password. And… Make those passwords complex. The days of a 4 character or number password are gone. We need to be creative with our password phrases.

  • Update Company policy on the use of mobile devices to work with your multifactor authentication systems. For most authentication systems, personal cell phones provide the additional identification needed to complete the login process of your employees.

  • Create a purposeful Cyber Security Strategy for your organization. Do you require access cards for building entry? If yes, you may be able to extend your physical security to include keyboard and workstation access. Creating a user experience that is easy to follow but provides a strong security policy can prevent unattended access to buildings and systems along with a biometric (e.g., fingerprint or a passcode) to complete a two-factor authentication solution.

  • Backup data can be at risk. Solutions provide options to segment your backup data so that access to these systems is limited, encrypted, and logged to prevent corruption due to a ransomware attack or other malicious attacks looking to render the system unusable.
     

Cyber Safety Power Shift: From the bad actors to you

If the information provided above leaves you asking more questions or you need to validate your responses to these threats, consider having a conversation with River Run to provide you with solutions and services tailored to your business needs:

  • Identify the products, tools, and services you need to create a new security posture for your business or refresh your current platform and processes

  • Develop a strategy that provides you with ongoing detection, prevention, and response to the daily security threats

  • Train your employees and business leaders to provide awareness of threats that exist

  • Tailor your Business Continuity and Disaster Recovery plan to address the potential disaster of a Ransomware attack or other intrusion that may disable and/or disarm your protection systems and services

  • Assist with the creation, design, and review of your Cyber Security Plan. Having a plan in place and communicated to your business leaders creates a Cyber Safe environment.

Topics

 

Share this article

Blog