Top 5 Success Factors for Cybersecurity Management Programs

It is a common scenario: an employee is terminated from his job and while being escorted from the facilities he tries to take a backup of his work, or worse, of confidential corporate information. As a leader of the cyber security team it is your job to train, handle and check any type of cyber theft issue, including this one.  And if you have planned well, you deal efficiently with cybersecurity management by ensuring your employee contract legally protects the company and allows it to confiscate backup media from employees leaving the building.

But what happens if this issue is not accounted for?

The the company could face serious threats and even possible loss of proprietary information.

This scenario is often a very tricky situation for companies that are not prepared with a cybersecurity management program (CMP). An employee could very well walk out of the facility with a backup of sensitive information, possibly  even the latest product designs or any other information critical to the growth or the financials of the organization.  It is a problem that many companies face and the solution is to implement a CMP to protect the company against cyber crimes of this nature.

Cybersecurity Management

If you fail to manage your cybersecurity issues, your security measures will fail and your organization will be compromised. With phishing, ransomware and so many other types of cybercrime out there, it is critical that businesses plan, create and execute effective cybersecurity management programs that work. When these programs are implemented and consistently managed, the organization’s sensitive information will be protected.  We must always keep in mind that an intruder only needs one cybersecurity weakness to compromise the organization. It is your team’s responsibility to properly manage all the cyber security controls and settings of your business so situations like these do not occur.

We cannot underestimate the need to develop and implement an effective cybersecurity management program to encompass all possible weaknesses. But what is the solution? A good CMP starts by keeping in mind these five key points:

  1. Identify and get support from the senior leaders of all departments.
  2. Develop an organization-wide cybersecurity management program and submit it for endorsement by the CEO.
  3. Create a cybersecurity management work plan to implement the policy.
  4. Mandate a document review process to support ongoing cybersecurity policy and management.
  5.  Complete the basic cybersecurity framework first.

Final Thoughts

Cyber threats are a real issue and organizations of all sizes need to prepare for cyber attacks, both internal and external. It’s a matter of setting up all-encompassing cyber threat policies and then testing them against all possible scenarios. The principle behind effective cyber security management is to be prepared for all situations, including internal cyber threats.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

Don’t Be An Accomplice To Cyber Criminals

Vulnerabilities, Phishing, Internet Privacy only relate to big business, right?

Well, we would have to say that you’re totally wrong. Cyber security is a problem for everyone, from the end user at home to the large organization. It is definitely something we all need to be concerned with. Don’t believe me! Well maybe you will after I show you how vulnerable most home computers, mobile phones, tablets, and any other device that connects to the Internet really are.

Yes, we all do the basics when it comes to cyber security. We usually run an antivirus program on our devices, but most of us have overlooked the internet router, a prime target for cyber criminals. Yes, the router is a way in. Unfortunately, you and your Internet provider probably don’t even think about it. Most people simply set up their router once and then forget about it. You never, ever think of the router, unless you begin to have internet problems.

 VPNFilter

The latest malware, known as VPNFilter is targeting the lowly router – and it has already infected over half a million of them.

What is the purpose? Having access to all of these routers gives the hacker a huge botnet of connected devices he can control. A simple command could result in a flash memory deletion causing the router to become completely useless and prevent you from getting on the internet again – until you buy a new router that is.

But let’s say he doesn’t want to block you from the internet. Instead, he wants to spy on your activity, get access to your passwords, credit card numbers, etc. That is what he’s really after. And once the router is infected with this virus, it can be used for almost anything.

Making The Small Internet User An Accomplice

Of course, the biggest danger is making the small user an accomplice in a much larger cyber attack. The biggest danger is that a cyber attacker can use these large groups of connected devices to flood large corporate websites, bringing them offline. In fact, there was a case where the Mirai botnet managed to bring down entire internet services in several states of the US for most of the day. Router-based attackes can be so damaging that the FBI has started investigating – managing to shut down a server using the same VPNFilter malware that cyber criminals use to send commands to infected devices.

What Can We Do About This Cyber Attack?

Unfortunately, there is no real way to tell if your router has been infected. So far Linksys, Mikro Tik, TP-Link and Netgear routers have been hit by malware. But whether your brand of router is one of these or not, it is a good idea for you to take a few cyber security precautions.

Here’s what you can do:

Restart and Update Firmware

Restart the router. Although this will only temporarily disconnect from an infected network, it will give you enough time to update your firmware. You can find out how to update your firmware by going to the manufacturer’s website and going to the downloads section. By updating the firmware you apply the latest manufacturer fixes which secure it from the VPNFilter malware.

You will need your router’s serial number to get the proper firmware. Check on the underside or back side of your router for the make and serial number. Then you log into the administrator panel through your web browser and install the update. Look for the web address to the administrator panel in the instructions packaged with the router.

Normally, you should update router firmware every few months or so since routers do not perform an auto-update.

Change the Default Password

Most routers come with a default password or no password at all. The manufacturer does this on purpose because it helps consumers set up the router easily. Unfortunately, hackers also know the default passwords. Look up the instructions to find out how to change the password via the website offered by the manufacturer.

Turn Off Remote Access

Many routers allow you to access the administrative panel remotely via the internet. This is nice when you first set up the router but you want to turn it off so cyber criminals cannot access and they can also change the settings, especially if you are using the default password that comes with the router.

Do a Factory Reset

If you notice that the router is acting a little wonky and you have tried all of the above tips, do a factory to reconfigure everything from scratch. It is a hassle and it may not get rid of persistent malware but it will restore your device to its original setup allowing you to make necessary changes.

Bottom Line

If you think cyber security does not affect you simply because you only use the internet at home, you would be wrong. Cyber security is something all Americans need to be on the lookout for. Just as you are alert to criminal activity in your neighborhood, you also need to watch out for cyber criminals who may be using your lowly router to build a powerful interconnected network and create havoc on the web.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

 

Chief Information Security Officers (CISO) – The First Line of Defense for Strong Cyber Resilience

The C-suite has a new and immensely important addition. Now, sitting right next to the CEO’s, COO’s and CFO’s is a C-level executive. The Chief Information Security Officer or CISO’s mission  is to deal with cyber security conditions. The corporate position is becoming vital in the corporate world because we face an age of Ransomware, Malware and other vulnerabilities that proliferate on the net.

What Is The Situation?

Criminals and other cyber thieves don’t need blow torches and nitro to pull off a heist anymore. They need and have an arsenal of cyber burglary tools to do it for them.

How Do They Get in So Easily?

People are the weakest link in your chain of cyber threat defense. As such, CISOs know they need to keep their eyes and attention on employees who may inadvertently or intentionally open the door to allow access by unauthorized users.

The big questions that must be asked are: do your employees have the skills to recognize and combat cyber threats and cybersecurity issues? Are you making sure they have the training and the knowledge to stand up to the ever inventive cyber criminals? And are you – as a company – seeking out and securing the services of people with the skills and talents needed to be a line of defense?

A recent research study by ESG and ISSA revealed that 96% said that professionals in cyber-security need to keep their skills on high alert because cyber-foes spend all their time finding new and inventive ways to breach your security.

Unfortunately, even knowing that, organizations repeatedly fall behind when it comes to training. That can be because of perceived high costs, or too little time or other excuses. But as a reminder, the costs of putting things back together and salvaging your company’s reputation will be far greater.

Cyber professionals stated unequivocally that they want more resources to help in the fight. Undergraduate programs don’t teach much of that. For instance, a 2017 study reported that not one of the top 10 computer science programs in the U.S. require it and less that 25% of cyber threat and security professionals believe that their education gave them the skills needed in the real world, with real threats and real professionals working against them.

Because of that, CISO’s may have to do the training themselves or create in-house programs that will do so. And that training needs to include non-tech employees as they are often the portal in by downloading malicious files, opening dangerous links or becoming the victim of a Phishing trip.

So, What to Do?

Make education tools available to all your staff. Create simulations and teach your staff how to react. Use all opportunities to incentivize the use and learning of new skills.

These can and should include:

  • Fundamental security online or on-demand courses.
  • Programs administered by accredited resources.
  • Vendor training so your suppliers know a safe and secure way into your systems.
  • Cyber-security classes, events and simulations. Training labs virtual or actual.

A Word about Virtual Training Labs

They are cost-effective solutions for both new and existing employees teaching safeguards to cyber vulnerability and should have the support of all upper management. Cyber-security should dominate the first days of an employees training and keep being reinforced and updated as new challenges arise.

In the end, it’s more about people than it is about technology, so people are where your defense program must begin.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.