Update WhatsApp Now!

Standard

WhatsApp rushed an updated version of the app to market this week that fixes this vulnerability. Be sure you visit your App Store immediately and update to the latest version, to be sure you are secured from this risk.

Security researchers have uncovered evidence that hackers have exploited a flaw in WhatsApp that allows them to install malware onto any device that has the app installed.

If you use the popular messaging app WhatsApp, be sure you have the latest update installed on your iPhone or Android device.

Thank You Suncoast ALA!

Standard

Today, I had the privilege of presenting to the Suncoast Chapter of the Association of Legal Administrators in Tampa, Florida. Thanks to all who attended. I appreciated the warm welcome and introduction. Everyone was highly engaged and asked great questions. Most importantly, it seemed like everyone learned a lot and took away key action items to put into practice in their firms to help improve their posture against cyber threats.

My overall theme was one of creating a culture of cybersecurity awareness within the firm. Education is the most important part of any cybersecurity plan. Second to education is communication. We talked about real world examples of the risks that face law firm today as well as examples of actual breaches and points of exposure that were very eye opening for those in attendance.

Thanks again to all who attended and here are a few photographs from the event.

Growing Office 365 Security Concerns

Standard

CISAYesterday, the National Cybersecurity and Communications Integration Center (NCCIC) issued an important Analysis Report (AR19-133A) regarding increasing concerns about Office 365 configurations.  Specifically, this report made note of 3rd party organizations that facility company migrations to Office 365 and the lack of standards with these configurations.

More and more organizations and migrating to Office 365 and many hire partners to help them make the migration.  The issue is that many of these partners do not properly configure Office 365 security features.  These lapses can leave the organization vulnerable to hackers who exploit well known Office 365 configuration weaknesses.

I have witnessed this first hand, in my business, where clients have come to us with mis-configured Office 365 tenants that have left them vulnerable.  In one particular case, I know of a company that had one of their Office 365 accounts mirrored to a hacker, who analyzed the organizations communication style and was able to trick the two people in the finance department to wire a significant amount of funds to the hacker.  This threat is very real and it should be a concern for everyone working with Office 365.

The Cybersecurity and Infrastructure Security Agency (CISA) has released specific recommendations to address these concerns.  From the Analysis Report, CISA recommends the following:

“Solution

CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets through defending against attacks related to their O365 transition, and securing their O365 service.[6] Specifically, CISA recommends that administrators implement the following mitigations and best practices:

  • Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
  • Enable unified audit logging in the Security and Compliance Center.
  • Enable mailbox auditing for each user.
  • Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
  • Disable legacy email protocols, if not required, or limit their use to specific users.”

If you work with Office 365, please review Analysis Report (AR19-133A) right away.

National Small Business Week Shines Light on Cyber Threats

Standard

This article was originally published in the Sunday, May 12, 2019 editions of Foster’s and Seacoast Sunday.

NSBWThis past week was National Small Business Week. There are more than 30 million small businesses in the United States. Two out of every three jobs created is done so by a small business. Small business is the engine of our national economy.

This year, the National Cybersecurity Alliance co-sponsored National Small Business Week to bring more attention to the unprecedented risk small businesses face today. We are all familiar with the large data breaches from companies like Target, Equifax and others. We don’t often here about breaches that happen to small businesses.

By co-sponsoring National Small Business Week, the National Cybersecurity Alliance is hoping to bring more attention to and resources for small businesses. Small businesses, by their very nature, will not have the internal resources to address the ever evolving cybersecurity threats they face. In fact, most will experience a cybersecurity event and not know it even happened.

For small businesses that hold confidential and/or valuable information about individuals or products and services, a breach could be devastating. Many small businesses don’t expect to be able to recovery from a cyberattack and assume one could put them out of business.

The National Cybersecurity Alliance recommends all business follow the NIST Cybersecurity Framework. This is a voluntary framework that defines the five key areas of a good cybersecurity posture for business of all sizes. I endorse this framework as well as I feel it sets a de facto standard by which all business can be sure they are taking the necessary steps to insure they have done all they can to protect themselves.

Given that the cost of the average data breach is approaching $4 dollars, it’s clear that if you do not take these steps to protect yourself, you business and perhaps your livelihood, could be wiped out with just one breach.

The five pillars of the Cybersecurity Framework are identify, protect, detect, respond and recover. You can visit www.nist.gov/cyberframework to learn more and explore resources to help you build your cybersecurity plan.

Identify is all about knowing what you have. This includes not just your physical assets like computers, servers, mobile phones and tablets but also what data you have. When it comes to data, you want to have a clear understanding of what data you hold may be at risk to breach. It could be intellectual property or it could be sensitive personal information about your clients.

Protect means protecting your network. This encompasses everything from having proper perimeter security, firewalls, anti-virus software and more. This also includes strategies like least privileged access, giving only the minimum level of access necessary to do the job.

Detect encompasses technologies and services you deploy to monitor your entire network from the inside and outside. Many organizations are deploying intrusion detection and prevention systems to actively monitor for unauthorized attempts to penetrate their networks.

Respond is all about how you respond to a cyber incident. Make sure you have a clear plan for how to communicate any cybersecurity incidents to your staff, clients, business partners and others. Communication is a critical part of any plan. Response also dictates how you respond technically, to isolate and investigate the event.

Recover encompasses restoring data in the event of loss or corruption. This may also include rebuilding elements of your network. Communication remains key during this phase, as you need to keep all stakeholders informed of your progress and when you will restore normal business operations.

These brief descriptions of the five elements of the NIST Cybersecurity Framework as exactly that, brief. These are not all encompassing and are only a glimpse into what goes in to an effective cybersecurity plan. If your organization already has a plan, be sure you review and update it, at least annually. If you do not have a cybersecurity plan, get one in place as soon as possible. The last thing you want is to need a plan and not have it.

National Small Business Week, Day 5

Standard

Forgot to post this on Friday, but Friday was Day 5 of National Small Business Week.  The theme for Day 5 was Recover.

Recover is the fifth and final pillar of the NIST Cybersecurity Framework.  Recover is about how you recover from a cybersecurity event.

Recover is all about repairing and restoring systems and data that may be compromised as a result of a cybersecurity event.  Equally, if not more important, is how you communicate your recovery plan and status.  The most important parts of this step are the following:

  • Document the lessons learned.
  • Make improvements to policies & procedures and communicate these changes to all parties.
  • Establish continuing education opportunities–train your employees and yourself, repeatedly.
  • Take steps to repair your reputation, which might require you to engage with a PR firm. Decide who is responsible for communicating with external stakeholders, and what the message will be and how often you will provide updates.

This is by no means an all emcompassing list, so consult the links on the Recover page and polish off your plan.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Respond, today is Recover.  Take advantage of all the resources I have linked to and be sure you have a cybersecurity plan that will protect your business, before, during and after a cyber event.

Cybersecurity-Recover.png

National Small Business Week, Day 4

Standard

Following up on yesterday’s post about National Small Business Week, Day 3, Cybersecurity-Respondtoday is Day 4 and the cybersecurity theme for today is Respond.

Respond is the fourth pillar of the NIST Cybersecurity Framework.  Respond is about how you respond to a cybersecurity event once you know it has taken place.

There are some excellent resourced linked on the Respond page.  Many will help you draft an appropriate response plan for your business.  Some of the key elements of a response plan are:

  • Communication plan for both internal and external audiences.
  • Isolating the impacted systems and analyzing the impact of the event.
  • Restoring impacted data.
  • Verifying if you have a reportable event.
  • Reporting the event to the appropriate authorities.

This is by no means an all emcompassing list, so consult the resources mentioned above and build a plan that is right for your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Detect, today is Respond and the final will be Recover and that will be tomorrow.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.

National Small Business Week, Day 3

Standard

Cybersecurity-DetectFollowing up on yesterday’s post about National Small Business Week, Day 2, today is Day 3 and the cybersecurity theme for today is Detect.

Detect is the third pillar of the NIST Cybersecurity Framework.  Protect ecompasses the following:

 

Detection is all about understanding what is taking place on your network.  Do you know what devices are connected to your network?  Do you know when new devices enter the network?  Do you know when portable media is inserted into computers on your network?  Do you know what your staff is doing on your network?  The list goes on and on.  You can’t respond to threats if you don’t know about them.  Active, proactive monitoring of your network is critical in order to understand what activities are taking place on your network.  Once you understand what is taking place, you can detect events that are not authorized and address them.

Check out all of the linked resources at the Detect page.  There are some excellent materials and tools that you can use, for free, to help educate and protect yourself and your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Protect, today is Detect and tomorrow will be Respond.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.

National Small Business Week, Day 2

Standard

Cybersecurity-Protect

Following up on yesterday’s post about National Small Business Week, today is Day 2 and the cybersecurity theme for today is Protect.

Protect is the second pillar of the NIST Cybersecurity Framework.  Protect ecompasses the following:

  • Control who logs on to your network and uses your computers and other devices.
  • Use security software to protect data.
  • Encrypt sensitive data, at rest and in transit.
  • Conduct regular backups of data.
  • Update security software regularly, automating those updates if possible.
  • Have formal policies for safely disposing of electronic files and old devices.
  • Train everyone who uses your computers, devices, and network about cybersecurity.  You can help employees understand their personal risk in addition to their crucial role in the workplace.

Check out all of the linked resources at the Protect page.  There are some excellent materials and tools that you can use, for free, to help educate and protect yourself and your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will highlight one area each day.  Yesterday was Identify, today is Protect and tomorrow will be Detect.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.

National Small Business Week

Standard

NSBW.png

May 5-11, 2019 is National Small Business Week.  Two out of every three new jobs created in the private sector are created by small businesses.  There are over 30 million small businesses in the United States alone.

The National Cybersecurity Alliance is co-sponsoring National Small Business Week this year, along with the Small Business Administration and others.  As part of this, each day this week, there will be a focus on an element of the NIST Cybersecurity Framework, the gold standard for keeping your business secure in cyberspace.

Today being the first day, is about Identify, the first of the five pillars of the Cybersecurity Framework.  There are several other resources related to indentifying your key assets at this link.  I encourage you to check them out.

In addition, the Federal Trade Commission has published a great one pager on the NIST Cybersecurity Framework which you may access and download here.

A Not Unexpected First

Standard

Kindly note, this is not a political post, nor is it intended to take sides in a very complex and difficult international conflict.  This is an analsyis of a technology related development and what it means in relation to the growing threat of cyberwarfare.  Any political statements or comments other than about the analysis itself will not be posted.

Unless you specifically avoid the news and social media, you are likely aware of the recent flare up between Hamas forces in the Gaza Strip and Israel.  What you may not know is that on Sunday, Israel launched a military stike on a building that it says was the source of a cyberattack.  This is believed to be the first time that traditional military force has been used in response to a cyberattack in real-time.

Accoding to reports, Israel identified and stopped a cyberattack.  The cyberattack was broadly characterized as attempting cause harm to civilians in Israel.  In response, Israel was able to trace the source of the cyberattack to a specific building in the Gaza Strip, which it attacked and destroyed in an air strike.

It has long been theorized that a future military conflict between two cyber-warparties could take place without a single weapon being fired.  The thesis being that the opposing sides would attack one another in cyberspace, looking to do damage to the other by destorying or disrupting utility grids, healthcare facilities, financial systems, transportation networks and more.  A war started without a single shot or traditional military attack.  Imagine the chaos that could result from such cyberattacks.  The world has already witnessed limited examples of these threats in areas like the Ukraine.  It’s no secret that many large cyberattacks and data breaches are known or thought to be the work of Nation State actors.

So, unfortunately, what took place yesterday is not exactly unexpected.  It was just a matter of time before a nation who was targeted by a cyberattack responded militarily.  Who the parties in conflict are is not the real story here.  Cyberattacks have the potential to disrupt social order and in so doing, have the theoretical capability to cause death and destruction that one might associate with a military attack between warring parties.

I am sure there will be extensive debates as to ethics of responding militarily to a cyberattack.  How can you measure proportionality when one attack may have failed and the retaliatory strike succeeded?  It feels like a video game moving into reality and it’s not a comforting thought.  It’s almost surreal to be thinking in these terms, yet here we are, in 2019 having just learned of the first publicly known real-time military response to a cyberattack.  Could this be the start of an overt form of Cold War 2.0?  It’s not a pleasant thing to consider.

This is not what technology was developed for.  Technological capabilities should make our lives better and our world a safer place.  So much good has come from technology.  Let’s hope we can stay focused on using technology to improve the quality of life for every human being on this planet.