Cybersecurity
Cybersecurity
Ransomware is a kind of malware which encrypts your data so you can no longer access it until the ransom is not paid. There is a ransomware attack every 11 seconds, businesses are crippled by them and ransom amounts are rapidly increasing. To protect yourself, you could use the following in order of importance: antivirus software, a hardware firewall, and installing Microsoft security updates.
Antivirus does the most good since it’s running on the computer that is being attached. In addition to being capable of stopping a ransomware attack, it must also be configured properly and kept up to date. The new generation of cloud-managed antivirus programs do a better job of this because they are monitored by the cloud and the user.
Firewalls protect all the computers on a network and have varying levels of security capabilities. The best can scan incoming and outgoing traffic for suspicious activity and stop it. They can also be monitored by the cloud to improve effectiveness. Also having both a firewall and antivirus provide much better protection through layering.
Microsoft products are big complicated programs which creates the possibility for vulnerabilities. Approximately 700 are discovered each year. This is why you should not put off installing updates for very long. When your computer is fully updated, you have a third layer of protection making you nearly impervious to attack.
Since the Corona virus pandemic started, cybersecurity incidents have been up 400%. The most common tactic is when hackers use email to trick you into giving them your personal information. You can protect yourself just by asking three simple questions before you open a message.
Question one. Am I expecting this message? You should always be suspicious of unexpected e-mail.
Question two. Does this message ask me to do something? Hackers expect you have security software installed on your computer, so they work around it by sending you an official looking message and simply asking you to give them the information. Messages which do not ask you to do anything aren’t much of a threat, but be very suspicious when a message asks you to do something.
Question three. Do you know who the message is from? If the sender is unknown, the message is suspicious. If the sender is known, you can verify the message by contacting the sender. If it’s a person, call them. If it’s a company, go to their web site and log into your account.
If a message is suspicious and can’t be verified, ignore it, delete it, or mark it as spam, but never act on it. Always question every e-mail and you will always be safe.
The first step to creating a data security plan is to pick a standard to adhere to. Some industries have government mandated standards such as: HIPAA for healthcare and Gramm, Leach, Bliley Act for finance. Some industries define their own standards such as PCI for the merchants who take credit cards. If none of these apply to you, a risk assessment is used to determine what is appropriate.
Once you have chosen a standard, you need to audit your level of compliance with that standard. In areas of non-compliance, you have a choice to either do what is necessary to become compliant or accept the risk. This decision is based on the perceived level of risk.
The last step is to document the process: what standard you are complying to, which areas are in compliance and what risks were chosen to be accepted and why. Since cyber risks are constantly evolving, you need to re-evaluate you plan on an annual basis.
- Department of Homeland Security – general information
- https://www.dhs.gov/topic/cybersecurity
- United States Computer Emergency Readiness Team – for small and midsize business
- https://www.us-cert.gov/ccubedvp/smb
- U.S. Department of Health and Human Services – for private medical practices
- https://www.hhs.gov/ocio/securityprivacy/index.html
- Healthcare Information Systems Management Society – for private medical practices
- http://www.himss.org/library/healthcare-privacy-security
- Cybersecurity Resources | AICPA - for public accounting firms
- http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/cyber-security-resource-center.aspx
- New York State Office of Information Technology Services – for local governments
- https://its.ny.gov/eiso