According to a recent Forbes article, CEOs and Board Members don’t get cyber, they aren't being cyber leaders. They see the numbers associated with the cost of cybercrime, yet there is nothing in their playbook to help them guide their company through it, other than to ask, “who’s got this? Is this an IT thing?”
The issue is as basic as it gets.
If the leadership learns cyber, then the requirements go from vague and "someone else’s problem" to front and center. Any business with an online presence needs an internal leader addressing cyber; both by deed and by example.
Why aren’t leaders learning cyber workforce issues? The best analogy I can come up with is how Ronald Reagan learned foreign policy.
Reagan asked his aides to dumb down the topics as much as was necessary for him to understand them, but not more. Then, he asked them to create “lessons,” none lasting more than 10-20 minutes at a time, so he could make time to learn them in such a way that they fit into his busy schedule.
According to NASDAQ, more than 90% of corporate executives say they can't read a cybersecurity report and aren't prepared to handle a major attack. The market is begging for someone who can teach them, the way they can learn it.
A leader who takes ownership of cyber risk is a cyber leader who understands the needs of the users but doesn’t cut corners internally to keep information and devices secure. He leads by taking cyber training alongside his employees, and he complies with all corporate policies as if he were an entry level user, new to the company. He doesn’t ask to be made an exception to the online filtering rules, scanning rules or backup requirements. He does exactly what he expects his users to do as he leads by example. He knows that his account, after all, is the one that the hackers are most likely going to target.
He is also getting feedback not only from his employees and customers but from the vendors he trusts who keep him safe. He is aware that the bad guys need not invest either much time or much money to end his operations, as he knows that only one bullet will kill him and all that he has built. And he is aware that the bullet can be fired from a place so far away that there is no chance of revenge or restitution for his suffering. He knows that the criminal will get away with their act, and he won’t be able to do anything to prevent it from happening a 2nd time if he doesn’t make it a prioritize from making it happen the first time.
Without a cyber leader, every company’s future is compromised. Are you going to be a cyber leader?
The Network Team is hosting a Cyber Security Seminar specifically targeting small business leaders. Learn more and register by clicking below.
Most of us connect to public Wifi nearly daily. Part of the process includes agreeing to the terms and conditions. But have you ever read those terms? What do they really say about WiFi security?
A travelling salesman at a TNT client company connected to an unsecured public WiFi in the Denver airport. He agreed to the terms and conditions (as we all do), without realizing that one of those terms is that, essentially, there are no police on the WiFi, meaning the airport is not responsible for what hackers might do to you through the WiFi. Hackers were able to access his email password through the WiFi on his phone. It’s important to note that public WiFi doesn't encrypt data.
Once the hackers had his password, they logged into his email remotely, and for two weeks, they simply monitored his email. Finally, they went through his contacts and emailed many of them an email that included an infected attachment. To ensure the salesman didn’t catch wind of these emails, they set up a rule in his email that did the following: if anyone replied to their email asking if it really was from the businessman, an auto generated reply went out that said yes it was from him. The hackers then set up another rule that deleted those emails so the businessman wouldn’t see them. They also deleted contacts going back to 2010. As you can imagine, this would be disastrous for a salesman.
These were not small time clients either. These were big companies like Nike. Imagine if someone from Nike had clicked on the attachment, and not had the proper cyber security. It would be the Target hack all over again.
TNT’s Senior Network Engineer Dylan Clifford is an email rules master, and this is how he discovered the attack and stopped it. He found the new rules, and could see where the hackers had logged in from another IP address. Dylan changed the email password, turned off the rules, and restored deleted email and contacts.
As you can see, the sophistication hackers are using for their attacks is more extreme than it’s ever been. TNT recommends adding with 2 Factor Authentication to your security strategy. Had the businessman had this in place, while the hackers still would have been able to get his password, they would not have been able to hack into his email, preventing this attack.
Small businesses often feel like they are not a target because they are small, and/or don’t have much customer data. But, like in the Target incident, hackers will go after smaller companies because they know their security is likely weaker, and they can use the smaller company to get into larger enterprises. The company this salesman works for has fewer than 200 employees.
A multi-layered approach can shore up defenses for small businesses, regardless of the WiFi security (or insecurity) you are dealing with. The Network Team has a full suite of security offerings that can help protect your company and customer data.
We are also hosting a free small business cyber security seminar to teach you about the tactics hackers are using to get into your network, as well as what you can do to mitigate the cost of an attack.
For most modern companies, their network is the backbone of their business. When they lose access to resources because of network connection issues, it often leads to costly downtime and even data loss. While downtime caused by hackers locking your network gets a lot of attention, the most common causes of network outages are more common than you may think.
58% of downtime for businesses is due to human error.
The number one cause of data loss is human error.
What do we mean by human error? Patrick from Marketing tripping on an essential power cord or accidentally deleting an entire folder worth of customer records. It doesn’t matter how up-to-date and flashy your technology is, it only takes one mistake by an employee to damage data.
The consequences of a network connection issues include far more than wasted time as employees wait for IT to get the network back up. Although, it’s important to note that small business employees suffer a 34% loss in productivity during network downtime. Here are some other consequences of network downtime you may not have realized.
Consequences of data loss from network connection issues
- Loss of Data: 62% of mid-sized businesses say they have lost access to critical data during outages. Remember when Mecklenburg County was hacked? Without access to its network, the county couldn’t access permit records, leading to delays in building projects for homeowners and businesses across the county.
- Loss of revenue: According to self-reported data, downtime can cost small businesses up to $8,600 an hour. The inability to make sales, or access customer data can drive that cost up. Business owners also have to think about the cost of employees working overtime to recover data, or deal with issues from downtime. Returning again to the Mecklenburg County hack, the County decided not to pay the hackers, and rebuild applications and data. That means overtime for IT employees. Some businesses may also see a negative effect on their supply chain caused by downtime, causing delays and fees.
- Risk of Security Breach: When the network is down, or even when employees have a difficult time connecting to it, they will often turn to third-party services that are not secured or approved by IT. This opens the company up to the risk of a data leak or hack. In one survey, 45% percent of employees admitted to using Dropbox during downtime.
- Loss of reputation: Some of the costs of downtime are difficult to quantify, such as loss of reputation. Downtime could cause your company to miss deadlines, or be unavailable to customers, which could lead to lack of trust. It could also mean decreased employee satisfaction. Frequent downtime can lead to frustration and stress for employees, causing low morale, or even high turnover.
The Network Team has an easy to use tool to help you determine the cost of downtime at your business, as well as solutions to help reduce downtime and data loss. Contact us today to help reduce costly downtime at your business.
This blog is misnamed. Instead of '7 Technology Predictions for 2018,' it should really be “what are the technology trends between now and the end of the 2nd decade of the 20th century.
As I view the last third of the decade, I see that there are political drivers outside that will impact our IT focus.
1. Political and Technology Gap will Widen
More than ever, the gap between political power and knowledge of the current state of IT widens. The average age of a House member is 57 and a Senator is 62. This demographic embraces technology at a marginal rate compared to groups only 10 years younger. They will not see the importance of standards for cybersecurity, Internet of Things, and crypto currency until others have already made decisions. To complicate matters, those providing them what they deem to be knowledge of the issues (Warren Buffet, et al) have no conviction that they need to be overly concerned with these matters. This has nothing to do with the political party in control. It has to do with the disconnect in values placed on technology. Heck, I got an email from a Congressional assistant that I have repeatedly worked with earlier this week, and it was obviously a phishing attack that used information from their account to target me. If they aren’t safe, they won’t get overly concerned whether or not we are safe. I was hoping the Hillary Clinton email fiasco would draw a positive light to the issues associated with cybersecurity, but they didn’t. Shame on me for thinking otherwise.
2. Increase in IoT Devices
Human propensity to take the easy way will lead to the creation of more IoT devices, controlled by mobile devices that aren’t secure. On my cell phone (Samsung Galaxy), I have apps that control light switches, fans, a thermostat, and my garage door opener. These apps aren’t getting updated when my operating system is, and I can only imagine that exploits are already out there/under way to make it possible for people to get into my house. As part of this technology prediction, privacy concerns may be the only item that drives government to really get serious about creating standards and regulating communications between devices created with GoFundMe capital and my safety.
3. Shift in Passwords
Passwords, as we know them, will go away. An ever-growing industry exists to manage the overt password management issues that we all face. Tools that allow you to get back to a single password to get into everything are nearly as commonplace as the devices that they operate on. In essence, we are migrating back to a world of negligible security, once you get through the front door. As facial recognition/fingerprinting technology becomes commonplace, we will see an end of Pass@words as part of the use of technology.
4. Shift in Medicinal use of IoT
Medicinal use of IoT will be the catalyst behind the medical industry’s drive to address HiPPA concerns and the need to keep down costs. Health insurance costs will not decrease without the ability of providers to offer more services via automation than they currently do with office visits and procedures. IoT is the Obi-wan Kenobi of that movement. Expect some take-your-breath-away applications of IoT in the medical devices that we use.
5. Networking Migration will Continue
Networking will continue on its migration away from the wired world to the wireless world. I anticipate that 5G will be immediately adopted, and many individuals will go to work and bypass the company’s network altogether as the access cloud based apps that they use to do their jobs. Why use a 1 GB network that is being shared when you can have your own 1.2GB network that doesn’t have any restrictions? It will demand that companies offer services to the users that are better than 5G or give up on offering anything at all. Bring your own lunch will be as common as bring your own cloud connection. Bank on this one happening beneath the sheets, when none of the executive management are watching.
6. Cyber Jobs will Increase
Jobs in cyber will grow at record-setting rates, and attract far more than the stereotypical tecno-geek types portrayed in movies and on TV. Cyber and counter cyber represents a way to add another venue for social equality that folks on the edge of society living 20 years ago couldn’t dream of.
7. Technology Services will Shift
Technology services are on a path not much different than automobile maintenance. Early on, everyone learned how to change their own oil, brake pads and alternator. Now, with computers knowing more about what is going on under the hood than even the designers, it makes nearly no sense to learn how to diagnose issues and fix a car. This is coming from a former motorcycle mechanic. People will have technology services companies like mine take care of everything possible, so they can focus on business. No more “who is going to change the oil on the network” conversations. Folks like us will do it, every time.