Do I Need to Worry About Cyber Security

A small construction company in the Pacific Northwest has 20 employees. The office manager/human resources manager got an email from the owner. He asked her to compile a list on an excel spreadsheet with the names, social security numbers, date of birth, home addresses and send it to him via email. She complied with the information and sent it to her boss, so she thought. Her boss was a cyber hacker in Africa who then sold the report for $5,000.00.

Every business needs to ask three criticality questions every year. First, how do your employees currently access the corporate network along with critical business applications and data? Second, how are your employees and executives trained on cyber security? How often are refresher courses performed? Third, When was the last completed security audit performed? What were the results?

Businesses need to protect three different types of information.

1. PII - Personally Identifiable Information: Any representation of information that permits an individual's identity to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification.
2. PHI - Personal Health Information: The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights concerning that information. At the same time, the Privacy Rule is balanced to permit the disclosure of personal health information needed for patient care and other essential purposes.
3. PCI - Payment Card Industry: The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

There are three industry target markets for cybercriminals. Finance, healthcare, and Retail/Hospitality. These target markets have the highest amount of attacks and ransomware hits. Small business attacks have increased by 78% since 2019, and small business doesn't protect themselves with monitoring solutions and employee training.

There are four security must-haves. The average lifespan of a breach is 314 days and typically costs $3.4 million (IBM Security). There are four security must-haves. As many businesses experience constrained IT resources and stricter budgets, they guide customers in making strategic decisions regarding their security investments.

1. Employee Training: Employees play a significant role and responsibility in cybersecurity, with IBM reporting human error as the cause of 95% of breaches. Education is the first line of defense, and ongoing training should be mandatory.
2. Protected Access: (VPN) Virtual Private Networks now are very affordable solutions available through various ISPs and cloud providers, enabling safe remote access to the corporate network. Add Multifactor Authentication requiring at least three or more layers of authentication before accessing sensitive company data.
3. Endpoint Security: All devices (mobile, laptops, desktops, servers) provide a point of entry for attacks. Endpoint security, managed from a network server or gateway and installed on each device, blocks threats, prevents downloading malicious apps, and can remotely wipe devices should they be lost or compromised.
4. Managed & Next-Generation Firewalls: With so many security threats, it makes sense to invest in managed firewall solutions to take on the management, maintenance, and reporting. Updates, patch management, change management, and other maintenance are handled 24x7x365.

Russian Hacker Break Into Our Computer In Minutes | CNBC

My CEO is involved in the FBI’s Community Outreach Program supports the Bureau’s investigative mission by addressing multiple interrelated societal problems—including crime, drugs, gangs, terrorism, and violence. Linking community service, prevention, and law enforcement is a national trend spurred by grassroots efforts around the country, and FBI employees have joined this movement, volunteering in a wide variety of community-related actions.

I have been in the cyber security business for 15+ years. I have worked with small, medium, enterprise businesses. I have sold over $1 million in security solutions. My company provides free assessments and evaluations for small business owners. I am not here to sell you something, and I am here as a natural resource.

Sincerely,

Tim OLeary | [email protected] | 360-597-1244