All Posts by Hana LaRock

About the Author

Hello! My name is Hana and I am the content writer for Smeester & Associates. I was born in raised in Long Island, New York, but I have lived abroad and traveled many places over the last four years. I currently reside in Mexico City. It's been an exciting challenge to write about topics associated with the importance of cyber security in small business. Every day, I myself am learning more about this industry and what it can do for small business owners around the country. I have years of content writing experience and I have been published on both print and web. Any topics you want to see discussed here? Shoot me an email at info@smeester.com.

Sep 19

Cyber Security Compliance is Nothing Without Measurement

By Hana LaRock | IT Best Practices , Managed Services , Security Best Practices

These days, companies need to do whatever they can to make sure their business is cyber security compliant. Being compliant means your company is following certain practices to protect your customers, your network, and most importantly, yourself.

A CIO’s main responsibility is to implement the right cyber security measures for your company. But, another part of their job is guiding you to make the right decisions for your company thereafter. So, here’s how we can all do a better job of taking cyber security just another step further:

Compliance is Important, But It’s Not the Only Factor

One of the main reasons businesses invest in the services of a CIO to begin with is because it’s imperative that they are cyber security compliant. However, many CIOs are only keeping this in mind when setting up the right security infrastructure, and unfortunately, that’s not going to help a business in the long run. All security decisions need to be made with the business mindset, because if the actual risk can’t be understood or evaluated from a business point of view, why would any company leader take interest?

Businesses Should Be Involved in Making Cyber Security Decisions from the Start

Although your CIO is the primary decision maker when it comes to cyber security, it’s likely that they are working with many businesses at once. The needs of your business may be very different from the needs of another, and you want to be absolutely sure that your needs are constantly being kept in mind. Therefore, the best way to go about this is by being involved in cyber security decisions from the start. Be proactive in keeping the conversation open and make sure you’re present when those big decisions are being made. Your CIO is allowed to guide you in making these decisions and they should. After all, one of the reasons you’re hiring them in the first place is because you’re not quite equipped to do these things on your own.

There Should Always Be Consistent Measurement and Evaluation by Businesses

Once a decision has been made, it’s important to recognize that it won’t be the last. Cyber security is an ongoing process, and it’s both your job and the CIO’s job to stay involved at all times. And, once a decision is implemented, the impact of that decision should be consistently monitored, measured, and evaluated for future purpose. This is really to say, can you be certain that your cyber security system has worked, or is it time for a new solution?

Make Sure Your CISO Has a Good Reporting Record

It goes without saying that the Chief Information Securiry Officer (CISO) that your company is working with should have a great track record. The IFS, or Information Security Forum, has reported that many of these CIOs aren’t doing their job when it comes to reporting their findings of KPIs (Key Peformance Indicators) and KRIs (Key Risk Indicators) to their clients. This goes back to a previous point: that decisions need to be made from a business — your business’ — point of view. Of all the things to consider when hiring a CIO, this is a question you don’t want to leave out.

There are many steps to making sure your business is paying the utmost attention to its security situation. Is your CIO helping you be part of the process?

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

human error
Sep 05

Are Your Employees Hiding the Truth About Your Recent Security Breach?

By Hana LaRock | CEO Best Practices , IT Outsourcing , Security , Security Best Practices

Though company leaders would like to believe that their own employees wouldn’t do anything to put the company’s security at risk, sometimes, these employees are actually the most likely suspects. Though we tend to think data breaches are only caused by malicious hackers, usually, those aren’t the people you need to worry about. That’s because most of the potential problems are being caused by the people sitting right in front of you every day.

So, are your employees ignoring security measures deliberately? Probably not. But, they could be avoiding telling you about a cyber-security incident, that could ultimately result in a major loss for your company.

So, if it’s just a little mistake, why are these employees not saying anything? And, as a leader of your company, how can you get them to speak up so you can stop the problem in its tracks?

 5 Reasons Employees are Causing Data Breaches and Not Saying Anything

Typically, one of the biggest reasons an employee won’t tell you about a data breach is the same reason no human likes to admit he or she is wrong. After all, why bring attention to something when it might not be a big deal after all? This mentality, along with other things, is putting companies at major risk, resulting in huge losses that could have otherwise been avoided.

Besides that, there are other reasons why employees don’t say anything.

1) They’re scared of losing their job.

These days, companies have strict rules in place when it comes to their employees correctly managing the equipment. If employees are held accountable for a data breach, it’s certainly not the kind of news an employer wants to hear. Therefore, employees are under a lot of pressure and thus afraid of losing their job if they put the blame on themselves.

2) Policies are too loose and employees are taking advantage.

If your company has a BYOD policy or you have a lot of remote workers accessing the system from all over the world, you’re already at risk. If that device is not solely for work and thus lacks the proper security on it, you’re at risk of a data breach whenever that person uses their device at home, at a cafe, or while traveling. Don’t let your employees take advantage of your leniency, because once a BYOD policy is implemented, it’s very difficult to supervise.

3) They were uninformed or unaware that they even did something.

Perhaps an employee made a security error, but they didn’t even know they did. With technology being so advanced, even the best and most skilled employees may not be too read up in the IT department. In many cases when there’s a data breach, it’s very likely the person who is at fault isn’t even aware that they are. All employees need to have basic knowledge when it comes to protecting your company’s security.

4) They were actually careless.

While in most instances we want to believe that a potential cyber breach was really just an accident, we know that’s not always the case. There are employees who don’t follow guidelines and are quite careless. And, if that is what happened, that’s not something an employee is going to be so willing to admit.

5) They were doing it intentionally.

It’s hard to trust any one 100%, and when that one untrustworthy person has access to your company’s most sensitive data, there’s always a chance that you’ll receive an unfortunate surprise; that someone you hired has been intentionally stealing your company’s data or hacking your systems to their own benefit. As scary and unlikely as this may seem, it has happened before, and will continue to happen if employers aren’t more diligent.

How to Prevent Employees from Causing Serious Breaches

The first step in making sure your employees don’t cause a data breach is by screening employees before they start working for your company. It may seem obvious, but you don’t want any suspected hackers slipping through the cracks.

If your employees are all deemed trustworthy but you still want to prevent them from accidentally causing a breach, start by implementing strict security standards in the office. Make sure new employees are aware of how to use the systems securely and update current staff regularly. Secondly, make sure your employees feel comfortable letting you know that they may have made some kind of error. If they feel worried about losing their job, they aren’t going to be willing to talk. But, encouraging them to speak up and assuring them that it’s the right thing to do, will save your company from any serious breaches and leave your employees feeling secure in their job.

Additionally, it’s your job as a company leader to make sure you implement specific instructions given to you from your outsourced CIO. For example, if your CIO strongly advises you against using a BYOD policy, then listen. Most of all, make sure your CIO is doing their job of keeping your company’s security safe above everything else, and it will be much easier to prevent problems from happening altogether.

Don’t have time to worry about your employees making an expensive mistake? Your CIO will take care of that.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

passwords
Aug 17

You Can’t Protect Your Network Without Knowing This About Passwords

By Hana LaRock | CEO Best Practices , Security , Security Best Practices

When it comes to protecting a network from data breaches, there are many things a company can do to help secure themselves as best as possible. But, most of the time, it’s not what companies are doing, but what they’re not doing correctly that puts them at risk.

One of the most basic yet most important things that companies need to pay attention to is their passwords. There have been many reports over the years on what qualifies as a “good password.” However, according to recent reports, it seems that what we think we know about passwords is very, very wrong.

If company leaders don’t stay up to date on the latest security news, then they could be making big mistakes in their overall Internet security plan.

So, here’s the advice you need to update your passwords and upgrade your security.

Complicated Passwords are Hard for Humans, Easy for Computers

For a long time, the creator of the NIST Memo back in 2003, Bill Burr, suggested that the best passwords were those that used a combination of letters, numbers, and symbols. He also encouraged users to make passwords that were not obvious keywords in their lives, but maybe used the first letter of each word from their favorite quote.

This is why, nowadays, when you create a password, you’re asked to write a password that falls between 8-12 characters and includes different letter cases, numbers, and symbols.

Well, that’s a lot to remember. And, when we’re also encouraged to keep changing out passwords frequently, we forget. After all, how many times have you forgotten a password?

See, we might try our best to re-create fancy passwords every other month. But, the fact of the matter is, hackers using the right technology are able to figure out those kinds of passwords easily. In fact, it wouldn’t be a surprise if A.I. could guess your password faster than you can remember it.

So, what’s the new solution?

Longer Passwords

That’s right, folks. According to new reports, the current methods you’re using to create passwords aren’t exactly helping you stay secure. If you really want to protect your network, you should continue to be vigilant. Use two-step notifications, use different passwords for each of your programs, and make your passwords longer. Computers are less likely to guess longer passwords than the type of passwords we’ve been encouraged to use for years.

Only One Problem

Making longer passwords is no problem, right? Wrong. Because of what we know to be the “best” way to guard ourselves against hackers, most websites don’t even give you the option of creating longer passwords. As with most things, the status quo takes time to catch up to what we actually know to be true. Therefore, it might be quite a while before you’re even allowed to create longer passwords, and by then, maybe we won’t be using passwords much at all anymore.

So, How Can I Help My Company Stay Secure?

When you have the opportunity to create a longer password, go for it! But, in the meantime, you’ll have to continue to practice tight security measures for your company’s network. One way to do this is of course by staying on top of the news. See what current threats are out there, and what experts are saying you can do to protect yourself further.

And, speaking of experts, you don’t need to go at this alone. All the conversation surrounding appropriate security measures can be rather overwhelming. To combat it, seek the help of an outsourced expert in cyber security and risk management. This way, you can always be sure you’re doing everything you can to take your company’s network security seriously; whether that’s creating the right password or implementing other smart security tactics along the way.

Technology
Aug 07

Always Get Your Technology Approved Before Implementing It

By Hana LaRock | CEO Best Practices

Businesses who want to be successful need to find ways to incorporate technology into their offices. The right technology can help your business grow and aid in getting work done more efficiently. Why technology certainly has a lot of benefits, it takes a professional to know which technology is right for your business, and how to properly implement it. After all, if it’s not handled with care, your company could be at risk for a data breach or network slowdowns. Having an unbiased professional, typically an outsourced CIO, can help you make the right decisions regarding the technology you’ll want to use.

Get the Right Connections

Part of having the right technology is knowing where to find it. Technology is ever-changing, and you don’t want to be stuck with something that’s outdated or essentially useless for your business. Therefore, it’s important you have good connections. Knowing excellent IT providers can help guarantee you are working with only the best products out there. Don’t know any IT providers yourself? Luckily, an outsourced CIO probably does.

No Need to Rely Solely on Your IT Department

Your IT department (or your IT guy) have important roles at your company, there’s no doubt about that. But, their roles are also very specific, and the more things you expect out of them, the more you might complicate things. Officially, an IT departments’ role is to design, maintain, and support an organization’s information technology infrastructure. But, before anything can be maintained and supported, it needs to be discovered and implemented. This is where a CIO comes in.

Don’t Miss Out on the Best Technology

Even if you’re well read up on what’s out there and what’s the best solution for your company, no one expects you to be the expert in everything. You’re busy running your company, and you can’t waste any time worrying about things that aren’t really under your jurisdiction. An outsourced CIO knows what’s out there, what’s coming, and what’s a good match for your business.

Always Have an Expert Keeping an Eye on Things

While your IT team will certainly be occupied managing that technology, such complex software and products require a lot of human support. And, because a majority of data breaches can occur because of human error within the office, it doesn’t hurt to have an extra hand. Especially from someone who’s not working internally. Not only should you get your technology approved by an unbiased CIO before deciding on it, you should have it reviewed by this same professional for the long run.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

CIO
Jul 24

The Role a CIO Can Play for Your Company and Why You Should Hire One Now

By Hana LaRock | CEO Best Practices , IT Best Practices , IT Outsourcing , Managed Services , Security , Security Best Practices

Technology has taken over the business world. Ever since we’ve become more reliant on technology, we’ve been seeing new jobs added to companies to help maintain it all. And, when it comes to that technology, those who will be managing it on your company’s behalf need to have the appropriate skills and expertise to do their job correctly.

You may already have an IT team, or maybe even a CTO. But, you as the CEO need to make sure the right decisions are being made for your company at all times (and at all costs). So, isn’t it about time to outsource a chief information officer?

Why You Need a CIO

While all roles in a company are unique and important, a CIO does a number of tasks that bridge all those roles together. Ultimately, the CIO is responsible for making sure technology is properly integrated throughout the company so that operations can run smoothly. He or she has the final say on how technology is managed so that the business can keep moving forward without any hold ups.

Why Outsourcing is Important

One of the biggest questions that comes up when a company integrates technology into their everyday tasks is the issue of cyber security. Though there are many ways in which a system could potentially be hacked from outside intruders, human error is still one of the main causes of breaches that we commonly see today. Certain protocols need to be followed in order to guarantee a network’s safety. To eliminate any risks of vulnerability or conflicts among high-level decision makers, a CEO should consider outsourcing their CIO. This way, any decisions that are made are unbiased and are therefore solely for the best interest of the company.

Also, don’t forget that one of the perks of hiring any type of managed service means that you have more time to run your business. Any worries you may have will now be dealt with by that service provider.

When is the Best Time To Hire a CIO? 

Most company leaders may think it’s best to wait until a company reaches a certain level before hiring a CIO. Perhaps when a certain number of sales have been made or a certain number of followers has been reached. But, it may be that it’s time to get one sooner than later if you’re noticing some inconsistencies at your company. This could involve anything from repetitive inefficiency, seeing your network has become vulnerable to attacks, disagreements among executives, or too many tasks being handled by a small staff. Whether it’s one of these reasons, a combination of these reasons, or you just feel the need to extend such an important role to someone else, then it might be time to hire a CIO.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Petya
Jul 11

How You Can Stay Safe from Future Ransomware Attacks Like Petya

By Hana LaRock | CEO Best Practices , Ransomware , Security

In June 2017, yet another type of complex ransomware has infected computers worldwide. It goes by the name ‘Petya,’ and it caused companies like DLA Piper and Maersk to freeze up their systems. The only way for these companies to have unlocked their systems, is, of course, by paying a hefty ransom.

If your company was safe from Petya this time around, how can you continue to stay safe from ransomware attacks in the future?

What is Petya?

The interesting thing about the Petya virus is that the authors of Petya demanded the large ransom (100-bitcoin) only after many companies infected already resumed their operations. Though it looks like some victims had decided to pay a smaller ransom, Petya’s financial success didn’t amount to much.

While all ransomware viruses typically work in the same way, each one possesses a unique attribute that makes it stand out from the others. Perhaps it infects more companies, demands more money than other forms of ransomware, or is simply that much harder to prevent.

Before Petya, the big ransomware virus to look out for was WannaCry. Though WannaCry could fall into its own category of headline-making ransomware, it actually shares some similarities with Petya. Like WannaCry, Petya infiltrated networks through systems that used Microsoft Windows. And, although it seems that Petya’s main goal was to disrupt Ukrainian infrastructure (where the virus was sourced from) rather than just make money, it’s important for everyone to be aware of such a virus’ capabilities. Knowing what’s out there makes you less likely to become a victim yourself since you know how to prevent an attack in the future.

How Can You Protect Yourself Against Attacks Like Petya

It goes without saying that not all cyber attacks can be prevented. Because technology is so complex and because there is so much we cannot see on the Internet, hackers are finding new ways to get what they want. But, first and foremost, we must educate ourselves about what kind of hacks are out there, how we may possibly be vulnerable to those attacks, and how to protect ourselves in every way possible.

From what we know from this attack, only Windows systems were targeted. Those who haven’t updated their software were more at risk, as well as businesses. Home networks weren’t really a target in this case, which is pretty true for most cyber attacks (but not always).

Unlike WannaCry or other types of ransomware, Petya locks up entire data systems instead of individual files. A worm is sent out and encrypts machines. This on its own is a reminder that although we may not be able to prevent attacks, we can back up our data separately so that we can access it even if it gets hacked.

Lastly, it’s important that you’re doing what you can to protect your network. The first step is seeking out the help of a managed service provider that’s up to date on cyber attacks and knows how to evaluate your system for any inconsistencies. Generally, a good antivirus should work, but only if that antivirus’ usage is being constantly monitored by an expert.

And, Remember…

Hopefully, you’ll never fall victim to a ransomware attack like Petya. But, if you do, remember that you should never pay up to the perpetrator.  This only encourages these hackers to continue doing what they do.

Working together with your team and the expertise of a managed service provider, you can spend less time worrying about these hacks and more time doing what you do best; running your business.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

software development background
Jun 26

Does Your Cyber Security Consultant Have the Right Expertise?

By Hana LaRock | CEO Best Practices , Managed Services , Security

When it comes to cyber security, there are a lot of things one needs to know. Ultimately, business leaders choose to invest in the help of a cyber security consultant in order to make sure their network is properly managed by an expert. But, even if your consultant claims to be an ‘expert’ in cyber security, you need to ask yourself, “Do they have the right expertise?”  Often times, it’s not about what this professional has on their list of credentials; it’s about what they don’t have. And, what they don’t have could prove to be very bad news for your security situation.

What’s Their Background When It Comes to Internet Technology?

When you look for your cyber security consultant, it might be overwhelming to see everything they have to offer you. Just like when you buy a new TV or look through a brochure, you see all the beautiful advertising. If it’s done nicely, you would never really ask yourself, “Well, what does this not have?” or “What is it missing?”

Most cyber security professionals will have an IT background, which seems like that should be a given. However, an IT background isn’t all you should be looking for. After all, if that’s all they have, then why not just consult your IT department? Surely, they have all it takes to clean up a security problem, right?

Wrong. Most business leaders know that their IT team has other responsibilities, and not quite the right experience when it comes to specifically handling security concerns. This is why CEOs seek the help of a professional cyber security consultant in the first place.

So, what is it you want to be looking for in your cyber security professional?

Clearly Defined Software Development Expertise

While an IT background is certainly necessary, you want to make sure the consultant you’re looking into working with actually has a software development background.

The biggest reason for this is because hackers generally do their work by using scripts as their main tool to cause damage on the networks of unsuspecting targets. To even recognize something like this, a cyber security professional would have to have experience in software development. But, in addition to being able to recognize this kind of hack, you also want someone who could make sure YOUR software is protected, to begin with. They know exactly what to look out for and are read up all the different types of breaches that exist.

A person with solely IT experience probably won’t be able to see this as well as someone with a software development background.

Generally, although most cyber security consultants with software development experience also have a good IT foundation, those with solid IT experience can’t really say the same for themselves. Again, it’s not about what your potential cyber security has; it’s about what they’re perhaps lacking and how that could impact the quality of their service to you.

The Bottom Line

An avid cyber security approach is important for financial companies that collect the information of their clients or have their own data to store and protect. While there are a lot of great consultants and managed services out there, take your time choosing the one that’s best for your company. And, do yourself a favor and make sure they have experience in both software development and IT. Otherwise, you aren’t really getting what you’re paying for.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

network's security
Jun 20

Do You Have Enough Eyes Looking Out for Your Network’s Security?

By Hana LaRock | Managed Services , Security

When it comes to companies protecting their network from hackers, most business leaders know what to do. Once a company has made the decision to utilize services of a third party in regard to their security, they’ve already made a move in the right direction.

But, how do you know you’re using the right cyber security service for your company? And, does the service you’re using possess the expertise, resources, and manpower to continuously monitor your network? It’s not just about outsourcing your cyber security, although that much is important. Ultimately, it’s about asking yourself whether or not there are enough eyes on your network to make sure your security situation is stable at all times.

Why You Need to Analyze Your Own Business Before Seeking Help

Just because you define your business as a small business, doesn’t mean your need for cyber-security is any less than anyone else’s. In fact, small businesses can actually be more of a target for cyber criminals, as most of the time, hackers assume you’re not taking proper precautions and your network is thus that much easier to hack. 

This means that you need to up your cyber security game as much as possible. Since you can be considered the low-hanging fruit for hackers, you need to be extra cautious of your network’s security, especially when you operate in the financial industry. As a small business, you’re vulnerable in a lot of ways; one of those ways being the reputation you have amongst your customers. When you’re small or just starting out, your customers’ expectations of you are that much higher. If you have a security breach, you may find yourself back at square one with your business.

Therefore, before you seek assistance from a third party managed service provider, have a general idea of what’s important to you security-wise. Even if you don’t know a lot, knowing what your business’ demands are and the value of what you need to protect, is enough to guide you in the right direction.

One Pair of Eyes is Never Enough

Before the technology era, how did people protect their businesses? Think about it. They locked and chained their doors. They installed alarms. They added security cameras. Many hired security guards to keep watch overnight. Already, that’s a lot of eyes watching that business.

In the Internet age, the concept is much the same. However, hackers don’t have to dress up in black and plan a heist to break in; it’s often much easier to breach your network. And, since a lot of security breaches can happen because of human error, it’s so important you have enough people looking out for you.

When someone writes a book, they have editors read over their work again and again. Don’t you want your network treated better than a bestseller? We think so. That alone is enough incentive to make sure there are enough eyes on your network. Therefore, when you seek out a company to take care of your cyber-security, figure out what their staff numbers look like and how many people will be on your case.

But, It’s Not Just About Eyes

When you’re working in the financial industry, you have a lot of responsibility when it comes to your customers. If you’re collecting sensitive information from your clients, such as credit card numbers, SSNs and home addresses, the stakes are higher for you than other companies. That means it’s not just about HOW MANY people are monitoring your network, but HOW they are monitoring it (and how often).

Before you buy the services of a third party provider, read their testimonials. See what they offer, what their guarantees are, and read up to make sure they haven’t made headlines for anything negative.

This is YOUR company and it’s your priority. Is your managed service provider making your security their priority? You better hope so. 

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

auditors
Jun 06

Three Categories Regulators Expect Your Risk Assessment To Fall Under

By Hana LaRock | CEO Best Practices , Managed Services , Security

Up until now, when auditors and regulators of cyber-security came to companies, most of the time they would just ask to see whether an assessment was done. It was even less likely that they would have asked the details of that assessment. But, now, that’s starting to change.

Some companies these days have gotten into trouble with auditors and regulators because even though they had done an assessment, the assessment was either not as comprehensive as it should have been or the company didn’t act on the risks that the assessment reported.

If you want to make sure your risk assessment is done correctly, then you must make sure it falls under one of these three categories:

1) Standardized:

There are many different kinds of risk assessments out there, and what you use will depend on a lot of factors. First of all, it depends on what kind of business you’re in and how much a hack could affect the lives of your customers and employees. Of course, there are some businesses that are held up to higher standards than others when it comes to an auditor’s discretion. That being said, you should always set the security bar high for yourself no matter what, this way you know you’ll be safe.

Whatever route you decide to go with your risk assessment, you should ask the organization that’s doing it whether or not the test they choose to perform is standardized; meaning if the test were repeated again at your business or another, it would produce (more or less) the same results. At the very least, the assessment should yield the same, specific kind of information across the board.

2) Relevant:

As mentioned before, a test that’s done for one company may not work for another. If your third-party is running the same assessment on your small e-commerce site that’s it’s doing on a multi-million dollar health insurance company, that could very well be a red flag.

Some of the assessments you may have heard of include, but are not limited to, FAIR, OCTAVE, FMEA, etc. Some fall into the category of qualitative assessments, while others fall into the category of quantitative. This means that some assessments will look at data and other factors over a long period of time, while others are simply based on an expert’s opinion. The results of these assessments can be expressed in different ways, usually referring to the various direct or indirect costs.

When the assessment is done, it should be able to answer key questions that are relative to your business. What vulnerabilities do you have in your system? What could be causing the threat? What kind of damage are you looking at if these threats take hold? And, of course, how to fix it.

3) Explicit:

So, if auditors and regulators are starting to ask more questions, don’t you want to be ready with more answers? If you happen to have an auditor come knocking on your door that wants to know much more than whether or not you’ve simply done on an assessment, then you need to be prepared. What we’re trying to say is, your assessment shouldn’t merely report the date you had it done, when you’re due for a next one, and by whom was it administered.

Instead, your assessment needs to have explicit information and data on it that will be satisfactory to the potential auditor. If you want to get a heads up about what an auditor might look for, speak to the organization that will be conducting your assessment.

Remember, even if you go through all this work to have the right assessment done for your company in the eyes of the auditors, it won’t mean much if you’ve left that assessment report in a pile of papers on your desk. In addition to making sure your assessment falls into one of these three categories, you also need to address anything that assessment uncovers; immediately. Also, make sure you continue to get assessments done regularly in order to stay on top of your security.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

WannaCry
May 31

Why The Recent WannaCry Ransomware Attack is Relevant to You

By Hana LaRock | CEO Best Practices

About two weeks ago, cyber-security made headlines yet again when the WannaCry Ransomware attack hit several large companies around the world. It affected companies globally, reportedly hitting 230,000 computers in 150 countries. It attacked computers running Microsoft’s operating system and asked for a ransom via Bitcoin payments. There were several reasons that this WannaCry Ransomware was so successful in its attack. And, even if you weren’t affected, here’s why the whole situation is relevant to you, anyway.

Have You Been Updating Your Software?

One of the reasons certain companies were vulnerable to this ransomware attack was because they had not updated their systems. Though Microsoft had advised their users to run an update a few months prior to the attack, we know that there are always those that pay no attention to the updates.

This is, of course, one of the factors that make this WannaCry Ransomware attack relevant to you. When it comes to your cyber-security, those updates may seem unimportant. But, they are actually very important. Software companies and operating systems generally do a lot to monitor their vulnerabilities. If they let you know about a potential risk and encourage you to make updates to protect yourself, don’t ignore it.

Are Your Files Backed-Up?

Luckily, the WannaCry Ransomware attack could have been a lot worse if experts hadn’t stopped it in its tracks. However, the virus was still able to get its hands on sensitive information by encrypting the computer’s data files which it had attacked. Of course, the main goal of any ransomware is to hold a ransom (hence the name). Agencies that work to fight against these kinds of attacks encourage victims not to pay up to the hackers. And, if you were proactive enough to have your data files backed up, you won’t have to pay up. Falling victim to a ransomware attack, even one as heavy as WannaCry, won’t be as much of a crisis if you have copies of your data. That being said, you still don’t want that data in the wrong hands.

Which brings us to our next point:

Pay Attention To Your Own Network’s Security

Though it’s important you stay on top of the news to see what new threats are out there, that’s not going to help you if you’ve already been hacked. And, when you’ve got a business to run, it’s not really easy to stay on top of your system all the time, monitoring and checking for risks and if there are risks, patching up your system.

That’s why it’s a good idea to have a third party assess your systems. Those companies affected by the WannaCry Ransomware that knew about the updates but neglected them, could face serious fines. Especially if the hackers got their hands on credit card information of those company’s clients, there could even be lawsuits in order.

Therefore, it’s essential that you have your systems constantly monitored by an unbiased third party. This way, you can not only make sure you and your customers are protected from hacks like ransomware but that you’re also protected against the questions of auditors and regulators.

Though you may wonder what such a large-scale cyber attack like this has to do with you, we promise you that it’s completely relevant.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

1 2 3 5