Cybersecurity Resources

Learn About Cybersecurity Strategy, Tactics and Lessons Learned

As a business leader, you don’t need to know everything there is to know about cybersecurity, but you need to know enough to make well-informed decisions that will help you effectively manage cyber risk. Here’s a selection of articles from our blog that will bring you up to speed on some of the cybersecurity topics that may come up in conversations with your IT team.

Cybersecurity Strategy

In a world where 90% of cyber attacks utilize social engineering to exploit human weakness and bring about errors in judgment, it makes sense that beefing up the security skills of computer users would decrease cyber criminal success. Secure behavior can be taught yet many organizations still struggle with getting everyone to understand their responsibility for security. This has executives who are tasked with managing cyber risk asking themselves…

If you’re getting outsourced cybersecurity services from a managed IT service provider, you may have been presented with options for different tiers of service. If this surprised you, it may be because you didn’t expect to have choices. You do have choices, however, because cybersecurity is about risk management, and that responsibility ultimately rests on executives’ shoulders, as do decisions about allocating resources towards managing risks.

In a world where cyber threats are increasing every day, your business sustainability is in large part resting on your cybersecurity strategy. Yet, executives and even some IT managers don’t have a good handle on what it takes to build and maintain a strong cyber defense. These mistakes and omissions can stem from lack of knowledge or a faulty mindset that leads them to believe that they won’t be the target of a cyber criminal.

Security Tactics

You’re working from home going about your business. You respond to an email that looks like it’s from one of your vendors. Their request for your login credentials for your line-of-business software is a little odd but you think they must have a good reason or else they wouldn’t ask. You comply. You go about your day as usual, not knowing that the email wasn’t really from your vendor and the action you took opened the door and let a cyber criminal into your laptop.

Would hearing news about break-ins and burglaries in your neighborhood cause you to check your window and door locks to see if you were doing what was needed to secure your house? You bet it would! You’d make sure that the dead bolt was being used in addition to the doorknob lock, and you’d confirm with your whole family that they knew what to do when they’re home and when they leave the house.

An accounting clerk gets an email from the CEO of his company. He thinks it’s a little strange, but he proceeds to follow the instructions in the email to purchase several gift cards and reply back with the gift card ID numbers. When the clerk goes to the CEO a day later to ask about getting reimbursed for the gift cards, the CEO says, “What gift cards?”

Sometimes the simplest things that you can do to defend your organization against cyber-attack get neglected. Take keeping software and hardware up to date for example. When you use unsupported software or fail to apply security patches, you’re creating holes where cyber criminals can enter. As for hardware, older equipment isn’t that good at running modern software, so you miss taking advantage of all of the security features that you have at your disposal.

A disgruntled ex-employee puts hate messages on your company social media channels. Your sales rep takes your customer contact data with them after they’re terminated. There’s an unauthorized withdrawal from your bank account. These are all scenarios that could happen if you’re not controlling employee access to corporate accounts and data. Having a detailed employee offboarding process that shuts off access to accounts and information before anyone has a chance to steal…

It would be great if you could lock the doors to your network and know for sure that no one’s going to get in except the people who have permission. Unfortunately, cybersecurity is a lot more complex than that. First of all, you need several technical and non-technical security layers to control access to your network. Second, you have to make sure that your people don’t do something that lets a bad guy bypass your locked doors.

Cyber Insurance

More and more organizations are purchasing cyber insurance. Between 2019 and 2020 the market increased by 29.1% and this upward climb is projected to increase by 25% through 2026. (Statista) The impetus for this trend is due to requirements for cybersecurity accountability from customers and vendors, and the realization by business leaders that they need to take the threat of cyber attack more seriously than they ever have before.

You didn’t used to need cyber insurance, but now you do if you want to make sure that your cybersecurity strategy does what it’s supposed to do. The goal of cybersecurity isn’t just to prevent cyber attacks. It’s to give you the ability to bounce back if and when you have an intrusion. No one can 100% guarantee that you’ll never be a victim of cyber crime. The technology that cyber bad guys use is always evolving…

You could be the safest driver on the road and still not be able to guarantee that you would never, ever be involved in an accident. That’s why you have insurance. You hope you don’t need it. You’ll do everything you can to be safe, but if something does happen you’re glad it’s there. It’s the same with business cybersecurity insurance. Cyber crime is increasing at an alarming rate, and more businesses are purchasing cyber insurance as part of their strategy to manage these increasing risks.

Cybersecurity Lessons Learned

What if you got a call from your vendor asking you why you haven’t paid them yet – but you HAD already paid them, or you thought you had. That’s what happened recently to a company that became the victim of a cyber attack that siphoned off $160,000 to the hacker’s bank. Here’s how it happened. This story actually starts not with the business that was trying to get paid, but with one of their customers…

This happens all too often – someone files their tax return expecting a nice refund when their return is rejected because one has already been filed with their social security number. How did that happen? You can’t necessarily point the finger of blame on that unfortunate person because they had a piece of their personal identity stolen. The source of the data breach could have been their employer and here’s how that happens.

Choosing a Cybersecurity Partner

There are many reasons why you might be contemplating a change in how you resource IT services. You could have outgrown your current IT support company. You may have come to the realization that your internal team doesn’t have all the capabilities you need. Maybe you’ve had a data breach and you aren’t confident that IT is doing everything they can to keep your data and business secure. Whatever the reason, make your evaluation of potential IT services companies easier by looking for SOC 2 verification.

Hope isn’t the same as confidence when it comes to cybersecurity. If you’re just hoping that your IT team has all of the cybersecurity bases covered for your organization, then you’re bound to have some sleepless nights wondering if tomorrow will be the day when you have to deal with the impact of a cyber attack. While no one can guarantee 100% that you’ll never have a cyber intrusion, it’s possible to bump up the confidence you have in your security game when you partner with a Managed Security Service Provider (MSSP).

Security isn’t an option for any business these days. Not only is it vital to protect the information that you gather and store, but more and more companies are being asked by their customers and vendors to verify their security posture as a requirement for doing business. That means that you not only need a cybersecurity strategy, you need to be able to communicate your strategy and that’s where a Virtual Chief Information Officer (vCISO) comes in.