Impressive IT Industry Philanthropy

Standard

Angela Bassett Receives And Honorary Degree During The Morehouse College 135th CommencementI’m sure you heard the news over the weekend about Robert F. Smith and his unexpected act of generosity to graduates at Moorehouse College.  If you missed it, Mr. Smith announced during his commencement speech that his family would create a fund that would pay off all of the graduates college loans.  What an incredible act of philanthropy that came with a challenge to pay it forward, which I am sure will happen.

What’s especially great about this, to me, is that Mr. Smith is the CEO of Vista Equity Partners, an investment firm that focuses on the tech industry and has ownership in some marquee companies in the IT industry.  Respected industry companies like Apptio, Datto, LogicMonitor and Ping Identity as well as several others.

Just last week, former ConnectWise CEO Arnie Bellini announced his family’s intentionArnie Bellini Donation to give away $70 million dollars to their local community.  Arnie started with a $7 million donation to the private high school he attended in Tampa.

These acts of generosity are inspiring.  It’s wonderful to see successful people giving back.  It’s especially wonderful to see these two gentlemen having such an impact on high school and college age graduates.  Their acts will surely pay it forward.  Our young adults, whether college bound or entering the workforce, need the inspiration of individuals like this.  One could only hope to be able to have such an impact on the up and coming generations.

Thank you Robert and Arnie for your leadership and philanthropy.  I couldn’t be more proud to see these acts coming from technology entrepreneurs.  Just another thing I love about this business.

Update WhatsApp Now!

Standard

WhatsApp rushed an updated version of the app to market this week that fixes this vulnerability. Be sure you visit your App Store immediately and update to the latest version, to be sure you are secured from this risk.

Security researchers have uncovered evidence that hackers have exploited a flaw in WhatsApp that allows them to install malware onto any device that has the app installed.

If you use the popular messaging app WhatsApp, be sure you have the latest update installed on your iPhone or Android device.

Thank You Suncoast ALA!

Standard

Today, I had the privilege of presenting to the Suncoast Chapter of the Association of Legal Administrators in Tampa, Florida. Thanks to all who attended. I appreciated the warm welcome and introduction. Everyone was highly engaged and asked great questions. Most importantly, it seemed like everyone learned a lot and took away key action items to put into practice in their firms to help improve their posture against cyber threats.

My overall theme was one of creating a culture of cybersecurity awareness within the firm. Education is the most important part of any cybersecurity plan. Second to education is communication. We talked about real world examples of the risks that face law firm today as well as examples of actual breaches and points of exposure that were very eye opening for those in attendance.

Thanks again to all who attended and here are a few photographs from the event.

Growing Office 365 Security Concerns

Standard

CISAYesterday, the National Cybersecurity and Communications Integration Center (NCCIC) issued an important Analysis Report (AR19-133A) regarding increasing concerns about Office 365 configurations.  Specifically, this report made note of 3rd party organizations that facility company migrations to Office 365 and the lack of standards with these configurations.

More and more organizations and migrating to Office 365 and many hire partners to help them make the migration.  The issue is that many of these partners do not properly configure Office 365 security features.  These lapses can leave the organization vulnerable to hackers who exploit well known Office 365 configuration weaknesses.

I have witnessed this first hand, in my business, where clients have come to us with mis-configured Office 365 tenants that have left them vulnerable.  In one particular case, I know of a company that had one of their Office 365 accounts mirrored to a hacker, who analyzed the organizations communication style and was able to trick the two people in the finance department to wire a significant amount of funds to the hacker.  This threat is very real and it should be a concern for everyone working with Office 365.

The Cybersecurity and Infrastructure Security Agency (CISA) has released specific recommendations to address these concerns.  From the Analysis Report, CISA recommends the following:

“Solution

CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets through defending against attacks related to their O365 transition, and securing their O365 service.[6] Specifically, CISA recommends that administrators implement the following mitigations and best practices:

  • Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
  • Enable unified audit logging in the Security and Compliance Center.
  • Enable mailbox auditing for each user.
  • Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
  • Disable legacy email protocols, if not required, or limit their use to specific users.”

If you work with Office 365, please review Analysis Report (AR19-133A) right away.

National Small Business Week Shines Light on Cyber Threats

Standard

This article was originally published in the Sunday, May 12, 2019 editions of Foster’s and Seacoast Sunday.

NSBWThis past week was National Small Business Week. There are more than 30 million small businesses in the United States. Two out of every three jobs created is done so by a small business. Small business is the engine of our national economy.

This year, the National Cybersecurity Alliance co-sponsored National Small Business Week to bring more attention to the unprecedented risk small businesses face today. We are all familiar with the large data breaches from companies like Target, Equifax and others. We don’t often here about breaches that happen to small businesses.

By co-sponsoring National Small Business Week, the National Cybersecurity Alliance is hoping to bring more attention to and resources for small businesses. Small businesses, by their very nature, will not have the internal resources to address the ever evolving cybersecurity threats they face. In fact, most will experience a cybersecurity event and not know it even happened.

For small businesses that hold confidential and/or valuable information about individuals or products and services, a breach could be devastating. Many small businesses don’t expect to be able to recovery from a cyberattack and assume one could put them out of business.

The National Cybersecurity Alliance recommends all business follow the NIST Cybersecurity Framework. This is a voluntary framework that defines the five key areas of a good cybersecurity posture for business of all sizes. I endorse this framework as well as I feel it sets a de facto standard by which all business can be sure they are taking the necessary steps to insure they have done all they can to protect themselves.

Given that the cost of the average data breach is approaching $4 dollars, it’s clear that if you do not take these steps to protect yourself, you business and perhaps your livelihood, could be wiped out with just one breach.

The five pillars of the Cybersecurity Framework are identify, protect, detect, respond and recover. You can visit www.nist.gov/cyberframework to learn more and explore resources to help you build your cybersecurity plan.

Identify is all about knowing what you have. This includes not just your physical assets like computers, servers, mobile phones and tablets but also what data you have. When it comes to data, you want to have a clear understanding of what data you hold may be at risk to breach. It could be intellectual property or it could be sensitive personal information about your clients.

Protect means protecting your network. This encompasses everything from having proper perimeter security, firewalls, anti-virus software and more. This also includes strategies like least privileged access, giving only the minimum level of access necessary to do the job.

Detect encompasses technologies and services you deploy to monitor your entire network from the inside and outside. Many organizations are deploying intrusion detection and prevention systems to actively monitor for unauthorized attempts to penetrate their networks.

Respond is all about how you respond to a cyber incident. Make sure you have a clear plan for how to communicate any cybersecurity incidents to your staff, clients, business partners and others. Communication is a critical part of any plan. Response also dictates how you respond technically, to isolate and investigate the event.

Recover encompasses restoring data in the event of loss or corruption. This may also include rebuilding elements of your network. Communication remains key during this phase, as you need to keep all stakeholders informed of your progress and when you will restore normal business operations.

These brief descriptions of the five elements of the NIST Cybersecurity Framework as exactly that, brief. These are not all encompassing and are only a glimpse into what goes in to an effective cybersecurity plan. If your organization already has a plan, be sure you review and update it, at least annually. If you do not have a cybersecurity plan, get one in place as soon as possible. The last thing you want is to need a plan and not have it.

National Small Business Week, Day 5

Standard

Forgot to post this on Friday, but Friday was Day 5 of National Small Business Week.  The theme for Day 5 was Recover.

Recover is the fifth and final pillar of the NIST Cybersecurity Framework.  Recover is about how you recover from a cybersecurity event.

Recover is all about repairing and restoring systems and data that may be compromised as a result of a cybersecurity event.  Equally, if not more important, is how you communicate your recovery plan and status.  The most important parts of this step are the following:

  • Document the lessons learned.
  • Make improvements to policies & procedures and communicate these changes to all parties.
  • Establish continuing education opportunities–train your employees and yourself, repeatedly.
  • Take steps to repair your reputation, which might require you to engage with a PR firm. Decide who is responsible for communicating with external stakeholders, and what the message will be and how often you will provide updates.

This is by no means an all emcompassing list, so consult the links on the Recover page and polish off your plan.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Respond, today is Recover.  Take advantage of all the resources I have linked to and be sure you have a cybersecurity plan that will protect your business, before, during and after a cyber event.

Cybersecurity-Recover.png

National Small Business Week, Day 4

Standard

Following up on yesterday’s post about National Small Business Week, Day 3, Cybersecurity-Respondtoday is Day 4 and the cybersecurity theme for today is Respond.

Respond is the fourth pillar of the NIST Cybersecurity Framework.  Respond is about how you respond to a cybersecurity event once you know it has taken place.

There are some excellent resourced linked on the Respond page.  Many will help you draft an appropriate response plan for your business.  Some of the key elements of a response plan are:

  • Communication plan for both internal and external audiences.
  • Isolating the impacted systems and analyzing the impact of the event.
  • Restoring impacted data.
  • Verifying if you have a reportable event.
  • Reporting the event to the appropriate authorities.

This is by no means an all emcompassing list, so consult the resources mentioned above and build a plan that is right for your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Detect, today is Respond and the final will be Recover and that will be tomorrow.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.

National Small Business Week, Day 3

Standard

Cybersecurity-DetectFollowing up on yesterday’s post about National Small Business Week, Day 2, today is Day 3 and the cybersecurity theme for today is Detect.

Detect is the third pillar of the NIST Cybersecurity Framework.  Protect ecompasses the following:

 

Detection is all about understanding what is taking place on your network.  Do you know what devices are connected to your network?  Do you know when new devices enter the network?  Do you know when portable media is inserted into computers on your network?  Do you know what your staff is doing on your network?  The list goes on and on.  You can’t respond to threats if you don’t know about them.  Active, proactive monitoring of your network is critical in order to understand what activities are taking place on your network.  Once you understand what is taking place, you can detect events that are not authorized and address them.

Check out all of the linked resources at the Detect page.  There are some excellent materials and tools that you can use, for free, to help educate and protect yourself and your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will continue to highlight one area each day.  Yesterday was Protect, today is Detect and tomorrow will be Respond.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.

National Small Business Week, Day 2

Standard

Cybersecurity-Protect

Following up on yesterday’s post about National Small Business Week, today is Day 2 and the cybersecurity theme for today is Protect.

Protect is the second pillar of the NIST Cybersecurity Framework.  Protect ecompasses the following:

  • Control who logs on to your network and uses your computers and other devices.
  • Use security software to protect data.
  • Encrypt sensitive data, at rest and in transit.
  • Conduct regular backups of data.
  • Update security software regularly, automating those updates if possible.
  • Have formal policies for safely disposing of electronic files and old devices.
  • Train everyone who uses your computers, devices, and network about cybersecurity.  You can help employees understand their personal risk in addition to their crucial role in the workplace.

Check out all of the linked resources at the Protect page.  There are some excellent materials and tools that you can use, for free, to help educate and protect yourself and your business.

The five pillars of the Cybersecurity Framework are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.  As we move through National Small Business Week, I will highlight one area each day.  Yesterday was Identify, today is Protect and tomorrow will be Detect.

As you review each of these elements, do an honest assessment of how well your business covers each area.  This Framework is essential to estabilshing good cybersecurity best practices in your business.  If you have cyber risk insurance, your insurance carrier may start asking you to verify what you are doing to address each of these areas.  This will have an impact on your premium for coverage as well as what cyber events your insurance will actually cover, should you ever need to make a claim.  The NIST Cybersecurity Framework is the defacto standard for maintaining a proper cybersecurity stance for your business.  Take time to educate yourself and your teams.