Know Your Risk

Have you ever heard the phrase "the enemy within"? In today's business world, the enemy within is a very real threat and it is imperative companies understand the potential for insider attacks, and what they can do to protect themselves from this insidious danger. 

Layoffs and firings of employees are a fact of business life. However, these actions can introduce significant cybersecurity risks if not properly handled. The potential for former employees to access and misuse sensitive date and systems, either intentionally or accidentally, is becoming an increasing risk for businesses of all sizes. 

Not so long ago, Social Security numbers served as the most common way to access sensitive information. With the growth of the Internet over the past few decades, passwords and Personal Identification Numbers (PIN) have become a part of our everyday lives. While it used to be easy to keep track of that one memorable master passcode that could be used to access everything from personal bank accounts to work email to managing your online recipe collection, safety protocol now requires unique passwords for every account created. Keeping track of the various keys to the virtual castle has proven nearly impossible for most, leading to the development of popular password management tools. But what happens when the system in charge of keeping all the secret passcodes secure has its own security breach?

As headlines trumpet ever-increasing cybersecurity crime statistics, the cybersecurity employee shortage is equally deserving of attention. Consider these statistics:

While cybersecurity insurance has been available for over 20 years, both the market and the industry are rapidly changing. While initially created to protect individuals and businesses from internet based risks (including hacking and phishing), businesses' increased dependence on data storage and digital communication has pushed the industry to grow beyond its ability to assess risk. Not so long ago, coverage for cyberhacker damages might have been included in a standard commercial property and casualty insurance policy. But with the costs from malicious acts rising as quickly as bad actors find their way past the newest security measures, dedicated cybersecurity policies are now the go-to for businesses looking for protection. 

Imagine one of your vendors calling to ask when they might receive payment for the last three months of service. Confused, you check your records and sure enough, you show each month’s payment was made on time. Perhaps you wonder if this might have something to do with the vendor's change in banking that coincided with your missed payments beginning. However, your vendor confirms all payments should still be coming to the original routing number. So where have your payments gone?

Did you know that for the past 19 years October has been declared Cybersecurity Awareness Month? Since 2004, government and industry have collaborated to raise cybersecurity awareness and help ensure all Americans have access to the information and tools needed to stay safe and secure online.

Whatever businesses believed before March of 2020, pandemic circumstances forced them to test their ability to function with a work-from-home workforce. Two and a half years later, it’s clear remote and hybrid policies will be a permanent part of the employee handbook; as Glassdoor reports, 45% of the 2021 workforce expects to continue to benefit from having options when deciding where to clock their working hours. While it is clear companies large and small will need to continue to integrate remote work into the daily plan, ensuring the security of the devices and applications used outside of the physical workplace will also need to be an even more critical part of the daily plan. 

Managed Detection and Response (MDR) brings modern technology and human expertise together to offer organizations remotely delivered modern security operations center (MSOC) functions at a reasonable cost.