CYBERSHEATH BLOG

Thanksgiving Day is almost here and with it, our focus turns to our family, friends, food, and most importantly, football. As we celebrate one of our country’s most cherished traditions, we give thanks to health, wealth, good company, and of course, turkeys. However, this holiday season, we should recognize our nation’s involvement in cybersecurity and how much we’ve grown with it! Whether it be booking your flight home online, posting a picture of your Thanksgiving feast to Instagram or Facebook, streaming the big game, or FaceTiming your relatives that can’t be there in person, being online is a huge part of this and every day. I’d like to take a moment to share with you some news within our industry that we should be thankful for this year.

As most of you know, October heralds a variety of festive autumn events such as the epic return of the pumpkin spice everything, Halloween, and the beautiful transition of fall foliage. October also happens to be National Cyber Security Awareness Month, which provides us an opportunity to shed light on every day dangers that we face in our vastly connected world. In addition to things that go bump in the night and the occasional monster in our closet, we face constant threat to our online security in both our corporate and home atmospheres. Below are some tips (not tricks, we promise!), that we hope, will help make accessing the internet a little less frightening.

As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The intention of the directive is to ensure the safeguards implemented to protect CDI are consistent across nonfederal information systems as they relate to work contracted by the US government.

Two-factor authentication is an immensely more secure option for securing your accounts than just using a password. The process has typically been as simple as putting in a spontaneously generated code that is provided to you via an app or SMS, in addition to your password. The extra time that it takes to fetch and type in the generated codes ensures that your account stays secure even if your password is compromised, offering an extra layer of account security. The extra time is also why astoundingly few people take advantage of two-factor authentication.

(ISC)² recently released a report based on the survey results of a targeted pool of executive-level government officials and contractors with the goal of reporting on the state of cybersecurity in the Federal Government. The individuals surveyed are accountable for enterprise-wide security and the key findings from the report paint a rather bleak picture for the federal workspace. While some federal entities protect their assets better than others, it’s hard not to feel like cybersecurity is still consistently put on the back burner when budgets get tight and hard decisions have to be made.

On July 26, the Obama administration released a framework for incident handling around cyber-attacks.  The framework is part of the Presidential Policy Directive on United States Cyber Incident Coordination and action plan that was released in February of this year.  It provides a clear standard of when and how government agencies will handle cyber security incidents. Included in the directive is a new color-coded scale that assigns specific colors and response levels to the danger of a cyber-attack.

Cyber security has historically been viewed as something you HAVE to pay for, not want to. This way of thinking is outdated today. Highly successful organizations today understand that confidence in their cyber security is what enables them to grow boldly in today’s world. Confidence in cyber security as a foundation for success is still not often talked about at the executive leadership level. The following are three core values that today’s high-performing organizations understand:

Business owners rely on internet connectivity for everything from business operations, productivity and collaboration services to maintaining customer relationships. Unfortunately, the reliance on internet connectivity and cloud services also increases the risks and enhances the exposure to the threat of cyber crime. In addition to stealing money by fraud and deception with things like ransomeware, cyber criminals can also cause damage to your businesses reputation and put you out of business completely depending on the impact and headline worthiness of an incident. As a small business, the risk of a cyber incident or breach can be much more impacting on your ability to do business than a large enterprise that has the ability to absorb the costs that incident response may present.

A business can never be completely safe from the threat of cyber crime but most cyber attacks can be mitigated with some basic security practices. Online security should be taken as seriously as locking the doors of your business and storing cash and valuables in a safe location. Clients have the expectation and right to the security of their data and it's essential that steps are taken to prevent it from being exposed on the internet due to poor security practices. The following tips will enhance your defenses against cyber attacks:

This past week has been riddled with cyber attacks.  Three major industries - Healthcare, Banking, and Telecommunications - have either had customer data stolen or held hostage.   And last but not least, a historic face-off between technology and policy with Apple refusing to provide the FBI the necessary information to access data on a known criminal's iPhone. 

So whether you are returning from a well-deserved vacation or drowning in looming project deadlines, we don’t want you to miss out on this week’s cybersecurity happenings.  To help you get caught up, we have compiled links to the top four trending cybersecurity news stories of the week.  

Happy reading!