Cyber Security Awareness Month Highlights Concerns About Cyber Attacks – NBC 5 Dallas-Fort Worth
Friday marks the start of Cyber Security Awareness Month in October.
Ever since COVID-19 forced everyone into the virtual realm for work and school, the risks of cyber attacks continue to spiral out of control.
“I’m here to tell you that the severity and frequency of these attacks is really irrelevant. That’s right, ”said Robert Anderson, CEO of Dallas-based cybersecurity firm Cyber Defense Labs.
Anderson has observed the evolution of technology over the 20 years with the FBI. He headed the Executive Deputy Director of the Criminal, Cyber, Response and Services Branch at Headquarters, overseeing all of their criminal and cyber investigations around the world.
He said cyber attacks had exploded in the past 18 months across the country, with companies reporting a huge increase in breaches and cyber threats.
“Years ago, for a bad guy to hurt you, he had to touch you. They had to be around you. And over the last five to 10 years, technology, the dark web and everything that’s going on with cyber, it’s really made it possible for bad guys to attack people all over the country, ”he said.
At one point in the pandemic, Texas ranked 2nd in the country with the most remote workers. Some even think that working from home is here to stay to an extent.
But that means corporate equipment stays out of the office and in people’s homes, where it’s harder to protect.
“It provides more vulnerabilities in areas to allow people to access the system that they might not have had before,” Anderson said. “They take advantage of situations like this, especially people who are in a virtual environment – it’s easier to get into the system that way.”
Texas school districts are affected. There was the Colonial Pipeline ransomware attack in April that resulted in gas shortages and last fall’s cyberattack on Texas hospitals during the nationwide breach.
Anderson said these cyber attacks are escalating because cybercriminals are exploiting weaknesses during the pandemic.
“I don’t think people understand the gravity of what’s really going on across the country. Large companies can afford robust information security programs and they can hire whoever they want to protect them, ”he explained. “But the little parent and pop companies, the midsize businesses across the country – they can’t afford a multi-million dollar breach or they can’t afford a layoff. And data resilience. They really need help. “
Anderson shared some tips for workers and businesses that pursue remote working:
- Protect passwords: Require multi-factor authentication for your employee logins. Most software and vendors will give you the option to require it. Also insist that your employees use unique and complex passwords. Again, it sounds simple, but stolen or compromised passwords are the mechanism used in up to 61% of breaches according to a 2021 2021 Verizon Data Breach Survey. Store passwords securely – don’t not facilitate access to hackers. Establish policies that prohibit employees from saving administrative passwords in emails or in files on desktops.
- Do a security assessment: With more and more businesses migrating to the cloud and adopting new technologies, security controls are often overlooked. Just taking the time to find out if you are using the security features you already have and configure them correctly can be very helpful. Also make sure that the appropriate backups are in place and that they are segmented and secure.
- Incident response planning: Do you know how you would react if you were faced with a breach or ransomware attack today? What if you woke up tomorrow and couldn’t access your systems, communicate with your team, or perform operations? Make a detailed plan of what actions would be taken if a cyber event were to occur. Train your leadership team and make sure they are ready to implement the plan in the event of a crisis.
- Control access to data: Know where your data is stored, what’s sensitive and who’s in control. Limit access as much as possible. Not all of your staff should have access to sensitive data – only those who ultimately need it and can be trusted. This includes paper files and external drives. Remember that even hard copies, like medical records or credit applications, should be locked in a cabinet.
- Cyber Security Awareness Training: Malicious links and downloads are the most common way attackers gain access to corporate systems today. It sounds simple, but educate your staff on cybersecurity risks regularly. Constantly remind employees to be careful when clicking links and downloading files. Make sure they make sure to avoid emails and URLs that look suspicious. Teach employees to recheck when asked to conduct financial transactions. Make sure employees are trained to get verbal confirmations as well. Here are some common mistakes:
- Use of personal messaging for business communication
- Passwords have never been changed or set by default
- Devices connected to an open / unsecured Wi-Fi network
- Antivirus software is rarely monitored or updated
- Data sources and unknown devices (for example, free USB sticks and personal mobile phones) allowed to connect
It also stands to reason, don’t click that random link from a random email sent to your work account.
“Often the breaches we see these days are not coming from a malicious insider,” Anderson said. “It’s from someone who works very hard, they are overworked with their multitasking. All of a sudden they click on an attachment or an email and the next thing you know is the business is being violated.