Cybersecurity: Why Your Employees Are Your First Line of Defense

By LNS Solutions | 5 min read

Cyberattacks are an ever-growing threat to businesses of all sizes, especially with the rise in AI and automation software enabling cyber criminals to rapidly target more and more people and businesses. A recent study found that 68% of data breaches come from human error, while only 15% of companies provide ongoing cyber awareness training to their employees. And many industry experts think even that is generous, estimating human error to account for more than 90% of data loss and security incidents.

Not Providing Cybersecurity Training Is Like Leaving the Front Door Wide Open

Thieves really appreciate it when you don’t secure your valuables, and not providing cybersecurity training for your staff is like leaving your home unlocked with the front door wide open.

Of course, you wouldn't leave your home this way, so why aren’t you helping your team better understand how to protect your business? Many employees lack the knowledge and awareness to identify and avoid cyber threats. Phishing emails, social engineering tactics, and malware attacks are becoming increasingly sophisticated.

The Cost of a Cyberattack

A successful cyberattack can be devastating for your business. In fact, the average cost of a data breach in the U.S. is over $9 million, and over $4 million globally. This includes not just the cost of recovering lost data, but also the regulatory fees, legal fees, and reputational damage, and it doesn’t account for downtime, opportunity costs, and many other costs associated with a security breach.

Needless to say, you really want to avoid one. So let’s take a look at what you can do to lock the front door, close the windows, and better protect your business. 

Cybersecurity Training: An Essential Investment

Cybersecurity training is an essential investment for any business that wants to protect itself from cyberattacks. Regular, ongoing training can equip your employees with the knowledge and skills they need to:

Here are a few steps you can take to help prepare your team and shore up your business’s vulnerabilities.

  1. Use a cybersecurity training platform. There are several good platforms that will send a monthly short simple training video to your staff. Why monthly? Because thieves change their methods. Gits cards, bank wires, and tools like Venmo have all been compromised. New methods of stealing are created and your team needs to know about them. Talk to your MSP or IT team for their platform recommendations.
  2. Test your team with phishing emails. Phishing email attempts lie to your staff and get them to divulge information or go to a bad actor’s website. Help your team understand who is knocking on the front door and simply press delete on these junk, harmful emails.  You can also report these malicious emails pretty easily to help protect the neighborhood so to speak, not just your home.
  3. Checks and balances. People make mistakes—sometimes one person clicks a bad link and gets compromised. A good process to mitigate damage is to have a multi-step process to verify the intended recipient of a money transfer is legitimate. Is the vendor actually who they say they are? Is the invoice real? Did you call a number you know is real and verify it? Simple steps will save a lot of time and money.

Promoting cyber hygiene across your organization, including encouraging employees to discuss cyber safety with their families, can further strengthen your overall security posture.

Beyond Training: Implementing Other Security Practices

Cyber awareness training is really just the first step in securing your business from cyber threats. For example, implementing security measures like multi-factor authentication (MFA) can quickly add an extra layer of protection for your business.

Don't wait until it's too late. Invest cybersecurity training today to save your business time, money, and a lot of headaches down the road. Additionally, work with your IT team or MSP to discuss other measures you can take to strengthen your cybersecurity.

If you’d like to learn more about how you can bolster your business’s security, contact us for a free security consultation. We know how to help you protect your business. Or take our free cyber assessment quiz today.

For more information, visit our Cybersecurity page to learn how we can help businesses like yours.

Related Article "Is Your Business Vulnerable from a Hidden Cyber Threat?"

 

Is Your Business Vulnerable from a Hidden Cyber Threat?

Did you know a staggering 54% of organizations face attempted cyberattacks on internet-connected devices (IoT) every single week? These aren't just your computers and servers—it’s your Wi-Fi, cameras, printers, Bluetooth speakers, Alexa devices, cell phones, access points, even fax machines. With the number of IoT devices projected to explode to over 207 billion by the end of the year, are you sure your business is properly protected?

The Internet is Using You

You use the Internet for work and personal reasons every day, but have you stopped to consider the Internet uses you in return? Yes, that's right, you use the Internet, and it uses you. Before you wave off the thought, take stock of the numerous internet-connected devices that populate your personal and professional life—any one of them might be hiding a cyber thief you can’t see. But they can certainly see you.

Every device connected to your network uses the Internet, and every one of these devices poses a potential risk to cyberattacks. Many companies, especially smaller businesses, might not even realize how many devices are connected to their network. This creates a hidden security blind spot that cybercriminals can exploit to steal your valuable data and disrupt your operations.

The Point of Entry for Hackers is Only Increasing

With the continual rise in remote work and learning environments, more and more IoT devices are being utilized to streamline efficient workflows. While these devices offer convenience and automation, they introduce new security vulnerabilities to your network.

These vulnerabilities can stem from weak default passwords, outdated firmware, or a lack of encryption. Hackers can exploit these weaknesses to gain access to your network, steal sensitive data, and disrupt your operations.

For instance, a relatively recent cyberattack targeted an unsecured, Internet-connected fish tank in a North American casino. Hackers gained access to the casino’s network through the fish tank and stole 10 gigabytes of data. Malicious actors can be extremely resourceful.

Your data is valuable and needs to be protected. An unsecured security camera (or fish tank!) can be exploited by hackers to gain access to your entire system, costing you downtime, lost productivity, and potentially millions in damages.

Take Steps to Secure Your Network

Set up some time with your MSP or IT partner to discuss your current network security measures in place. As the landscape of cybersecurity is constantly evolving, this is something you should be doing regularly. In the meantime, here are some tips toward securing your network and data: 

  1. Remove Admin level from your standard user PC accounts. Your users might think they need it, but they don’t in a properly managed network.
  2. Update device firmware regularly. Just like your computers, ensure all your IoT devices have the latest firmware updates to patch vulnerabilities. You’d be shocked to learn that many people may update their PC operating system, but forget about everything else on the network.
  3. Segment your network. Isolate IoT devices from critical systems on your network to limit the potential damage if one device is compromised.
  4. Deploy Advanced Security Solutions. Deploy Endpoint Detection Response (EDR), Managed Detection Response (MDR), and Security Awareness Training (SAT) for all users. If you don’t know what these acronyms are, ask your MSP provider about them. They should already have these deployed to protect your business.
  5. Educate your employees. Train your employees to identify and report suspicious activity on the network, such as unexpected login attempts or unusual device behavior.
  6. Enforce strong password policies. Change default passwords on all devices and enforce strong, unique passwords for each device. Also, ensure everyone is using Multi-Factor Authentication (MFA) for any of their devices and accounts.

You are not going to become a security expert from a simple blog, but our hope is to get you to challenge your internal IT staff or MSP.

Do you have the right protections in place? Are you confident in them? The crucial question then becomes, “On what grounds is your confidence based?” Relying on hope is not an effective approach for managing IT security. It’s essential to secure your network proactively before cyber intruders find certainty in their ability to compromise it.

Work with a Trusted Cybersecurity Provider

There is quite a bit you can do on your own, mostly by being vigilant and aware. But to create a truly secure network, you should work with an MSP or IT security expert to ensure the best protections and practices are in place.

Even if you already have an IT partner, it doesn’t hurt to get a second opinion on your MSP security set up. We’re glad to discuss how we can properly protect you and identify any gaps in your security protection.

Visit our Cybersecurity page to learn how we can help businesses like yours.

 

How to Get Your Law Firm’s Cybersecurity House in Order

How to Get Your Law Firm’s Cybersecurity House in Order

 

This is the 2nd in a 3-part series about IT Services and Security for Law Firms. Please click here for the 1st article.

As the legal services field continues to embrace technology at an unprecedented pace, law firms worldwide are also facing increasing pressure from cyber threats.

According to Checkpoint Research, global cybercrime saw an 8% year-on-year increase in Q1 2023, with insurance and legal services experiencing the second highest year-on-year change.

On average, 1 out of 31 legal services firms faced an attack in the first quarter of this year.

From confidential client documents to legal strategies, law firms possess massive amounts of sensitive data, which makes them ideal targets for criminals. The ability to safely handle and protect sensitive client information needs to be a top concern for any law firm.

With financial stability, reputation, client trust, and the threat of severe legal consequences all hanging in the balance, it’s time for law firms to ask themselves if they are doing enough to keep hackers and cyber threats at bay.

Here are 8 important steps law firms should take to ensure their cybersecurity protections are up to standard.

Is someone currently logged into your cloud services?

Law firms have been slow but steady adopters of cloud platforms. When deployed correctly, cloud applications can help improve collaboration, streamline efficiency, and reduce network complexity.

However, the cloud can also make it hard to know who has access to your network and who doesn’t. Ensuring the security of your cloud systems requires vigilant monitoring and response mechanisms.

Have you addressed old vendor usernames and passwords?

Old vendor usernames and ineffective password management practices can make it easy for attackers to infiltrate a law firm. Here are some of the steps you can take to ensure that account management processes aren’t creating new cybersecurity vulnerabilities.

  1. Identify and Deactivate Inactive Credentials
    It’s important to regularly scan active directories and identity management systems to identify old or inactive vendor accounts and credentials across your organization. These accounts must then be disabled to prevent threat actors from misusing abandoned accounts.
  2. Ensure User Management Best Practices
    After ensuring that outdated credentials can no longer be misused as an attack vector, talk with your technology vendors to ensure that new credentials meet security best practices. This may include enforcing complex, unique passwords and encouraging the use of passphrase-based authentication or multi-factor authentication. Additionally, good password policy includes alerting mechanisms, so your administrators know when hackers have launched a password-based attack.

Have you fixed old email accounts that are still active?

Inactive emails are a security concern for law firms, as they may still contain residual customer data and other sensitive information that don’t fall under the category of classic personally identifiable information (PII). They can be used by attackers to leak data, harvest credentials, or take over accounts.

Have you overlooked office devices logged into admin accounts, including copiers, scanners, and other operational technology?

Administrative accounts on copiers, scanners, and other office equipment connected to your law firm’s corporate network must be secured, but many law firms simply overlook these “dumb” devices, assuming they pose no serious threat.

In fact, they can serve as an entry point for attackers.

Have you implemented multi-factor authentication with conditional access?

Multi-factor authentication (MFA) enhances security by requiring multiple forms of verification, and when combined with conditional access policies, it provides dynamic and context-based security.

Have you restricted access to high-risk countries and zones?

Limiting access to specific geographic regions can significantly reduce the attack surface of your law firm’s network.

Has your firm already been compromised?

With hackers moving quietly through your network, many law firms don’t even know that they’ve been infiltrated. Proactively monitoring the dark web can help you detect compromised credentials and information quickly, take corrective action, and prevent unauthorized access.

Are your employees pasting sensitive information into ChatGPT?

The use of AI-driven chatbots introduces unique security and ethical considerations, especially in the legal context. As more law firms turn to templatized documents created by ChatGPT and other large language models, now is the time to get proactive about ensuring that those applications are always deployed with security as a priority.

A Cybersecurity Partner with Deep Commitment to the Legal Service Community

Cybersecurity can’t be disregarded as an afterthought anymore. LNS Solution has been helping Tampa’s legal services community with cybersecurity consulting and services for decades. If your firm wants a guide to bring clarity and focus to your cybersecurity efforts, contact us any time at (813) 393-1626 or info@lnssolutions.com.

Law Firm Cybersecurity: Insurance Questionnaires

Law Firm Cybersecurity: Insurance Questionnaires

 

This is the 1st in a 3-part series about IT Services and Security for Law Firms. Please click here for the next article.

Law firms are struggling with next-generation malware threats, social engineering attacks, and other forms of cybercrime that disproportionately target the legal services industry. To protect themselves against potentially catastrophic data loss or major downtime, many firms in the Tampa area have turned to cybersecurity insurance.

However, picking the right insurance plan and navigating the application process are often stressful for law firms, especially when it comes time to self-report on your cybersecurity defenses with the questionnaire they provide.

Those forms are filled with technical terms, such as multi-factor authentication (MFA), end-point detection and response (EDR), and “ransomware control.” Is your firm struggling to understand the boxes that your insurance questionnaire is asking you to check? Let’s take a deeper look.

Question 1: Can your users access e-mail through a web application or a non-corporate device? If “Yes,” do you enforce MFA?

All users accessing email should be required to use what’s known as multi-factor authentication (MFA).

MFA is a multistep account login process that requires users to enter more information than just a password. After entering a password, users might be asked to enter a temporary code, answer a secret question, or scan a fingerprint. A second form of authentication is one of the most effective ways to prevent email breaches, with Microsoft finding that it can help reduce password-based attacks by up to 99%.

Question 2: Do you allow remote access to your network? If “Yes,” do you use MFA to secure all remote access to your network?

MFA is extremely effective in preventing ransomware attacks, as well as traditional hacks. A ransomware attack begins when an attacker acquires account credentials. However, with MFA, the attackers lack the additional information required to gain access to the target account. This prevents the attack and keeps it from entering the system.

It’s worth noting that not all MFA systems are built the same in terms of the practical level of protection that they offer.

In recent years, there’s been a spate of attacks specifically targeting MFA solutions, including a very high-profile breach at hardware company Cisco. In that attack, criminals flooded users with requests to verify their identities on a mobile security application (in this case, Duo) until the overwhelmed party verifies the access out of sheer frustration. In other cases, hackers can use fraudulent landing pages or social engineering attacks to undermine an MFA system.

This makes it important to understand that MFA should be complemented by a robust cybersecurity awareness training program, but more on that topic later.

Question 3: Do you use an endpoint detection and response (EDR) tool that includes centralized monitoring and logging of all endpoint activities across your enterprise?

Endpoint detection and response (EDR) is an integrated security solution that combines real-time continuous monitoring and collection of data from your endpoints (PCs, laptops, and tablets) with rules-based automation to respond and analyze threats.

There are 4 primary functions of an EDR security system:

  1. Continuously monitor and collect data from your network endpoints
  2. Analyze data to identify anomalies or threat patterns, not just known malware or attacks
  3. Automatically respond to or remove those threats, then notify your security team
  4. Perform forensics analysis to research threats and understand their impact and reach

Having an EDR system is something we strongly recommend for our clients in the legal services field, though it’s worth noting that there are new concepts in detection and response technology that complicate answering this question.

If you have a managed detection and response (MDR) solution—like the kind we offer here at LNS Solutions—then you have greater protection than a standard EDR, which means you can confidently answer yes to the question above. MDR solutions add the vigilant support of human personnel to weave the EDR system into a larger security plan and analyze the data.

Question 4: Do you prescreen emails for potentially malicious attachments and links?

If “Yes" to the above question, do you have the capability to automatically detonate and evaluate attachments in a sandbox to determine if they are malicious prior to delivery to the end user?

Another security tool that we strongly recommend law firms adopt is advanced email scanning, which offers protection against malicious URLs and weaponized attachments. The latest generation of email security tools are tuned to help mitigate not just phishing, but also account-based takeover (ATO), impersonation, and business email compromise attacks.

The second part of that statement, “malicious links,” is equally important. In recent years, hackers have started to get creative about the ways in which they leverage fake domains to trick people into clicking on malicious links. Lookalike domain names are one such strategy that is designed to look like legitimate domains, but in fact provide a way for hackers to enter your systems.

Examples

Are you confident that your staff is going to notice the differences above while they’re busy working?

Cybercriminals are banking on the idea that they won’t, and statistics show that they’re often right. To mitigate this problem, there are tools you can employ, but your security team should also be vigilant about identifying high-risk domains, scanning for lookalikes during regular security maintenance, and training your staff on how to watch out for this form of attack as they work.

Cybersecurity Insurance Questions You Might See

The above are the questions that our legal services clients ask us about most often, but there are several other confusing questions that you may encounter during the cybersecurity insurance process. Here are some of the other common questions that give our legal services clients trouble:

When in doubt, the best way to shop for and purchase cyber insurance is with the help of a trusted cybersecurity partner, who can help you navigate all the ambiguity.

LNS Solutions – 30 Years of Legal IT and Cybersecurity Expertise

For decades, we’ve helped Tampa’s legal services firms take control of their IT and face cybercriminals with confidence. If you’re struggling with security concerns or the questions around your cyber insurance, contact us any time at (813) 393-1626 or info@LNSSolutions.com. We look forward to speaking with you!

 

Small Business Cybersecurity: The 5 Most Common Mistakes

Small Business Cybersecurity: The 5 Most Common Mistakes

There was a period long ago when small businesses could (partly) rely on their size to hide them from hackers. But the time for “security through obscurity” has long passed, and cyber criminals are now targeting small-and midsize businesses at almost the same rate as enterprises.

According to statistics from penetration testing company Astra Security, approximately 43% of cyberattacks target small businesses annually, with an alarming 46% of these attacks being directed at companies with 1,000, or fewer employees. The average attack costs $25,000 per incident.

While designing and building a comprehensive cybersecurity strategy takes high level expertise, there are some relatively simple cybersecurity issues that we find routinely contribute to a high number of hacks here in Tampa.

 

Here’s what businesses can look out for, and some tips for keeping yourself safe.

1 - Weak Passwords and Poor Password Management

Here’s a terrifying security factoid: the password “123456” has been consistently at the top of the list of commonly used passwords for several years in a row. Even in 2023, after decades of articles, training sessions, and face-to-face advice, poor password practices continue to cause massive trouble for many small and medium businesses.

Why? Weak passwords contribute to a host of serious security issues, such as increased vulnerability to “brute-force” attacks in which hackers simply try to guess your password to gain system access, phishing attacks, internal unauthorized access to sensitive data, and compliance problems.

One way to overcome this problem is multifactor authentication (MFA) and password managers.

MFA adds an extra protection layer beyond the password by requiring users to provide two or more forms of identification other than a password before being able to access an account. This may include biometric data (facial recognition, fingerprints, etc.) or a one-time password (OTP) on a trusted mobile device.

MFA is the single most effective cybersecurity step you can take, as it solves over 99.9% of authentication-based attacks, according to Microsoft.

It is also never advisable to use the same password for multiple accounts, a fact that you should make clear to your staff on a regular basis. Password managers help create and manage multiple passwords for different accounts helping automatically enforce password best practices.

2 - Not Preparing your Staff for Cybersecurity Success

Employees are considered the weakest link in an organization and the number one cause of infiltration and data loss.

In light of this statistical fact, it becomes critical that you have a cybersecurity training program in place that makes them aware of potential threats and prepares them to counter those dangers.

This is especially true as ChatGPT and other AI models enable attackers to gather and analyze vast amounts of data about potential targets from various sources, such as social media, public databases, or previous breaches. This information is then used to craft highly personalized and convincing phishing messages.

By allowing criminals to tailor the content of their attacks at scale, hackers increase their chances of success and dramatically raise the bar for security training programs. Businesses must implement regular cyber awareness training, which includes testing their employees’ abilities, tracking progress, and making targeted improvements to proactively stay ahead of those threats.

3 - Poor Patching and Updating Procedure

Unpatched software and hardware are a common source of cybersecurity attacks, although most businesses without internal security staff don’t fully realize what that means or how vital this security measure is.

The SolarWinds attack in December 2020 that made national headlines was the result of unpatched software, which allowed hackers to insert malicious code into unpatched software. That infected software was then distributed onto SolarWinds customers.

In this case, hackers used that access to gain unauthorized access to both private and government organizations, resulting in several massive data breaches that did millions in damage.

Another high-profile, infamous attack that resulted from unpatched software was the WannaCry Ransomware Attack in May 2017. This highly successful ransomware exploited a vulnerability in Microsoft’s Windows operating system, which the company had already released a patch a few months before the attack.

Because organizations had not installed the security updates, they left their systems vulnerable, and the ransomware spread across the globe with amazing speed, causing up to $4 billion in damages.

4 - Neglecting Disaster Recovery Maintenance

Your business needs to have a plan for responding to disasters of all kinds, including natural disasters such as an earthquake or a flood (which are happening with greater frequency), or a man-made disaster such as a cyber-attack.

According to Accenture’s Cost of Cybercrime Study, small businesses are targets of 43% of cyberattacks, yet only 14% are prepared to protect themselves and recover.

Having a disaster recovery plan (DRP) is more than just backup. It’s being able to use well-maintained backups to restore services after an attack to minimize disruption and contain financial damage. It’s a combination of IT systems, people, processes, and careful planning.

Testing is an area of particular weakness for many organizations.

To properly test your DRP, you must define a clear set of objectives and create a comprehensive test plan that outlines the scope, methods, roles, and timelines for the test. Then isolate the test environment to avoid impact on live systems and simulate all the disaster scenarios that you’re trying to prepare for.

Monitoring and documenting the recovery process, then evaluating the results against predefined objectives, will give you a clear picture if you’re as ready for cyberattack as you feel you are.

5 - Not having an Incident Response Plan

A cybersecurity incident response plan is a documented set of procedures and guidelines that enable you to efficiently handle and mitigate cybersecurity incidents within your organization.

What happens if your network gets infected with malware? Or, if an employee steals a password as they leave your company? What if someone loses a cell phone? These are just some of the scenarios that a properly designed incident response plan (ICP) will prepare you for.

Building an incident response plan can be a complex process, but here are the steps you can build a viable ICP:

 If that process feels overwhelming to you, we encourage you to reach out to the friendly LNS Solutions team for help. In our 20 years of cybersecurity service to Tampa businesses, we’ve developed a streamlined process for incident response planning that takes all the guesswork and uncertainty out of the process.

Tampa’s Trusted Cybersecurity Expert

For 30 years, the LNS Solutions team has been helping businesses in Tampa defend themselves against cyber criminals, malware, ransomware attacks, and more. If your business is struggling to achieve the resiliency and confidence you need, contact our helpful team any time at (813) 393-1626 or info@LNSSolutions.com. We look forward to speaking with you!

 

Why is Cybersecurity Awareness Training So Important?

Why is Cybersecurity Awareness Training So Important?

All it takes for a hacker to breach your company’s network is one of your employees opening a phishing email and clicking a link.

This means that before your IT team focuses on advanced measures like vulnerability testing and encryption, they need to strengthen their first line of defense by training your employees to identify, prevent, and combat cyberattacks.

This is why cybersecurity awareness training is so important. Security awareness training helps to educate employees in your organization on the different types of attacks, how hackers launch them, and what they can do to detect a threat. Making all your employees aware of cyberattacks significantly reduces the chances of hackers taking advantage of human errors.

Let’s explore the importance of cybersecurity training for employees, the direct benefits it provides, and the topics you should make sure to cover in your training program.

Benefits of Cybersecurity Awareness Training

Conducting comprehensive cyber security awareness training for employees will significantly reinforce your organization’s cybersecurity posture. Here are some of its key benefits:

What Topics Should Cybersecurity Awareness Training Cover?

A security awareness training program must be specialized and even a bit enjoyable to be effective. Thankfully, that no longer means dry, day-long training seminars that ask your teams to memorize and retain dense information all year.

Instead, businesses should be looking for regular, engaging online sessions that explain advanced technical topics in simple terms that everyone can understand, regardless of their technical expertise.

The focus should be on practical, specific measures for employees to put into action and periodic testing to test their real-world ability to manage various threats. Here are the essential topics that must be covered in a security awareness program:

Phishing Training

Because phishing attacks are so commonplace, this is one of the most important aspects of any training program. Employees must be trained to identify phishing emails and spoofed domains in the training. Misspellings and poor grammar used to be dead giveaways for phishing emails, but with ChatGPT, hackers can easily create grammar-proof emails.

Still, there are other ways that employees can be taught to detect signs of phishing, such as generic greetings, fake sense of urgency, analyzing the overall tone of the email, and avoiding clicking any links from unknown senders. As mentioned, it’s not just education but practical phishing simulation with company-wide reporting that will move your needle here.

Social Media Hygiene

Despite the fact that nearly half of U.S. employers block access to social media sites, most people still use social media while at work, either on company-owned or personal devices. This has major implications for your business’s security.

You must not only set clear guidelines for employees on what they should publicly on social media, then train them on how to use social media responsibly. Even if no one shares confidential information or user credentials on social media, seemingly harmless information can become useful for hackers.

Hackers can easily use the name of new software your company is using, or casual mention about their company’s technology, into leverage to gain access to your network.

Data Handling

Most industries are now struggling with compliance standards on data handling, which makes it a must-have feature of your cybersecurity awareness training. Staff must be informed of the rules and practices laid down by the regulatory bodies governing your industry and thoroughly trained on the best and safest practices for handling, storing, and sharing data within your organization.

Malware and Attack Response

All cybersecurity awareness training must instruct your team on what to do when malware strikes. There are crucial moments right after an attack that can make the difference between a few PCs being affected and a company-wide infection.

Training in this area teaches them specific actions to take an attack, such as how to properly disconnect a device from a network, safely shut down an affected computer, and how to preserve all the evidence of an attack, such as phishing emails, for future forensic work.

Mobile Device Security

Mobile devices have become a major part of many businesses, but they are are also a common target for attackers. All employees (especially those working from home) should be trained on proper mobile device usage, including safeguarding devices with strong passwords, utilizing encryption and two-factor authentication, and being cautious of public Wi-Fi networks.

This includes familiarizing your staff with which mobile device management (MDM) you’ve deployed in your network, so they know what data is safe to store on their mobile devices and how.

Remote Work Security

More and more companies are adopting the remote work culture and its many benefits without having fully accounted for the unique security risks it poses. Businesses with remote workers must provide cybersecurity awareness training that touches on these topics.

This includes how to avoid connecting to public Wi-Fi, how to properly use virtual private network (VPNs), ensuring that security software antivirus is up to date, working with multi-factor authentication systems (MFA), and a wide range of other critical security topics.

How Often Should I Conduct Cybersecurity Training?

In the past, cybersecurity training programs were infrequent and in-person, conducted a few times each year for days at a time. That approach simply doesn’t meet the needs of businesses now, who face attacks that change and evolve on a daily basis.

The most effective approach to security awareness training is to conduct regular online training all year round in short and targeted modules. Not only does this approach give your employees information on the latest cyber threats, conducting sessions online also gives your leadership access to metrics and dashboards that quantify your cyber readiness into improvable metrics.

Florida’s Cybersecurity Team

For over 30 years, the LNS Solutions team has been helping companies in Tampa defend themselves against cyber criminals and malware. If your business is struggling to achieve the resiliency and confidence you need, contact our helpful team any time at 813 393 1626 or info@LNSSolutions.com. We look forward to speaking with you!

 

How ChatGPT and AI are Changing Cybersecurity

How ChatGPT and AI are Changing Cybersecurity

Heated discussion about artificial intelligence (AI) has been a feature of the business media since ChatGPT was first released in late 2022.

While most of the media discussion revolves around which jobs ChatGPT is going to eliminate, there’s been a quieter but equally important discussion in the cybersecurity community about how AI is going to affect business security.

We’ve written this article to provide businesses in Tampa with everything they need to know about the coming generation of AI, how it’s going to make achieving lasting cybersecurity harder, and what you can do about it.

Hackers Leverage AI to Generate a New Breed of Malware Attack

One of the most discussed use cases for ChatGPT is in computer programming. Even in this relatively immature state, ChatGPT is already pretty good at generating simple code snippets for simple functions, allowing programmers to focus on more complex aspects of software development.

This means a more efficient development process and lower costs for companies. However, there are also nefarious uses for automatically generated code that business owners must familiarize themselves with.

Bypassing the Security Features of AI Models
In its current state, ChatGPT (and specialist AI models like AlphaCode) are designed not to generate code that could be used for malicious purposes. However, in just the few months since the software was released to the public, hackers have devised multiple ways to bypass those protections.

One hacking group has used ChatGPT’s application programming interface (API), in particular one called davinci-003, which’s specifically designed for chatbot applications. It turns out that the API doesn’t enforce the same restrictions on malicious content as the web version, meaning that hackers can bypass ChatGPT’s protections and generate any code.

The price of this service? A mere $5.50 for every malicious 100 queries on ChatGPT.

AI models that can generate malware code at basically no cost will likely lead to a rapid expansion in the number of threats, just as the commodification of Ransomware on the dark web did in 2019 and 2020.

“Polymorphic” Malware Threats
Hackers have already started to use the power of AI to create new and intelligent forms of malware as well, by embedding specialized forms of “polymorphic,” or mutating, code into their viruses. By changing its composition or “signature,” smart malware avoids endpoint detection and response (EDR) systems and is thus much harder for businesses to detect and isolate.

Polymorphic malware has existed for decades, but the new strains powered by ChatGPT are more dangerous and harder to detect.

In addition to a model that uses the API listed above, another recent proof of concept from Jeff Sims, principal security engineer at threat detection company HYAS InfoSec, demonstrates another possible approach. His software, called BlackMambo, logs keyboard strokes on a host computer, changing its shape every time it runs to avoid detection. According to the HYAS blog:

“BlackMamba utilizes a benign executable that reaches out to a high-reputation API (OpenAI) at runtime, so it can return synthesized, malicious code needed to steal an infected user’s keystrokes… Every time BlackMamba executes, it re-synthesizes its keylogging capability, making the malicious component of this malware truly polymorphic. BlackMamba was tested against an industry leading EDR which will remain nameless, many times, resulting in zero alerts or detections.”

Criminals Upgrade Phishing Attacks with the Power of AI

According to the  FBI’s 2022 Internet Crime Report, email attacks are the most common IT threat in America.

People are already falling for today’s email phishing scams, which are notorious for poor grammar and misspellings. As hackers adopt ChatGPT and other large language models (LLMs), criminals in Russia, India, and other countries will be able to create error-free emails on demand, making them harder to detect and more impactful.

As phishing emails become more impactful, and that impact is extrapolated out over millions of attacks that take place each day, we can expect to see a significant impact on the number and efficiency of phishing attacks.

But AI doesn’t just help with email writing; hackers have also started ChatGPT and other AI models to develop new phishing strategies, scan attack surfaces, and alter their cybersecurity attacks to respond to your phishing defenses in real time.

Businesses in Tampa must be ready to adjust their security to compensate.

What Can Tampa Businesses Do About It?

The good news is that generative AI has as many applications for cyber defenders as it does for attackers.

Arm Yourself with the Right Tools
IT services firms like LNS Solutions are using tools with built-in machine learning and artificial intelligence to find network vulnerabilities and proactively address the threat of malicious AI.

To reap the benefits of those tools, it’s important to work with an IT services firm with a track record of cybersecurity success. If you’re not partnered with a cybersecurity firm, then it’s critical that you keep your security software up to date. The cybersecurity arms race is always intensifying, and we’re facing a situation in which ChatGPT and other AI models will create malware that only other AI systems can detect.

Use AI to Extend Your Cybersecurity Team
There’s a well-documented lack of cybersecurity talent in the U.S. The country is estimated to lack about 1 million people in the cybersecurity field, putting countless companies in the U.S. at risk. By arming themselves with AI tools, businesses can extend the capabilities of human cybersecurity staff and enhance the efficiency and sophistication of their defenses.

For example, the cybersecurity company Sophos found that spam filters using ChatGPT, compared with other machine learning models, were more accurate, enabling them to catch far more threats than without. Integrating next-generation spam filters with other “ChatGPT” detection capabilities could help your business not just mitigate the rise in AI-powered attacks but also to win a competitive edge and reduce overall attacks.

Similarly, AI is now being used by a variety of LNS Solutions’ cybersecurity vendors to reduce false notifications and detections, speed up the security forensics process, and eliminate labor intensive security tasks.

Improve Your Cybersecurity Awareness Training
The largest source of cybersecurity vulnerability is an unprepared staff. Now is the time to double down on your cybersecurity awareness training and bring your entire team—from cleaning people and front desk staff to executives and boards of directors—up to task on the changing AI landscape.

Proactively facing the threat of AI head-on is the best way to establish a confident foundation for what’s sure to be a turbulent future full of dynamic AI-powered attacks.

Florida’s Cybersecurity Team

For over 30 years, the LNS Solutions team has been helping companies in Tampa defend themselves against cyber criminals and malware. If your business is struggling to achieve the resiliency and confidence you need, contact our helpful team any time at (813) 393-1626 or info@LNSSolutions.com. We look forward to speaking with you!

 

Business Continuity vs. Disaster Recovery

What is the Difference Between Disaster Recovery and Business Continuity?

This is the third installment in a 3-part series on hurricane preparedness and business continuity. 

Business leaders in Tampa that are preparing for hurricane season will likely encounter two terms, disaster recovery and business continuity, in their search for stability.  Though the two concepts are related in that they help you respond to the threat of natural or man-made disasters, they also differ in important and sometimes confusing ways.

Here’s what businesses in Florida should know about both approaches and how to combine them to minimize the chance that a hurricane will cause lasting damage.

This blog is part of a series on storm season preparedness, read the first part here.

Disaster Recovery is Focused on Business Technology

Disaster recovery is a plan that enables your business to anticipate catastrophic downtime and regain access to and functionality of your technology as fast as possible. Unlike business continuity—which helps your entire organization plan redundant human resources, workspaces, vendors, and technology—disaster recovery is tightly focused on IT systems.

Important metrics that you can use to measure the effectiveness of your disaster recovery plan include the following:

Recovery time objective (RTO)
How long can a system stay down before it starts to impact your business negatively. This metric gives you a limit to how much downtime you can tolerate, which you can use to guide the DR planning process.

Recovery point objective (RPO)
How much data loss is acceptable to your organization? Is a backup that’s 24 hours old enough to get your business back on track, if a tropical storm should strike? 12 hours? This metric helps you understand how frequently your backup systems should be creating redundant copies of your data.

Read more about RPO and RTO on TechTarget.

Why Disaster Recovery is Important

There are multiple beneficial outcomes of having disaster recovery plan, including the following:

Ensure data security
Disaster recovery isn’t just about hurricane protection. Integrating data protection and backup into your disaster recovery plans can provide your organization with a valuable backstop against ransomware and other forms of malware so that if your systems do ever get deleted, you’ll have recent production data to restore operations.

Reduce recovery costs
By being proactive about disaster and having a clear, organization-wide plan for responding to it, you can dramatically lower the cost of responding to downtime.

Responding to those events reactively means hiring hourly IT consultants to perform forensics on your damaged systems, building a plan for saving your network, then marshalling the resources to do that time-consuming work. Each of those steps comes with the potential for costly overtime charges.

Being proactive eliminates much of that reactive work, enabling you to budget for storm preparation with greater confidence.

Business Continuity Keeps Your Organization Productive

As mentioned above, business continuity planning (BCP) is larger in scope than disaster recovery. It’s designed to give you a clear plan for not just responding to a disaster but weathering that disaster and staying productive, no matter how big a storm hits our state.

To build a business continuity plan, you’ll need to coordinate people and resources from across your organization. Here are the most important steps that go into developing a business continuity plan:

Perform a business impact analysis
Start by analyzing your organization to identify critical business activities and their associated dependencies. This helps you understand which systems you need to protect to keep the business operating and where to target your work.

Develop plan and controls
Depending on your tolerance for business downtime, the next step is to develop a clear system for maintaining the health of the critical business operations.

For some small businesses, this could be as simple as sharing access to cloud-based systems. Large, more complex organizations will want to explore alternative office locations, backup telecom infrastructure, and define redundant lines of communication and chain of command to ensure smooth operations when a hurricane or other disaster strikes.

Monitor and test the BCP
The BCP isn’t a static document that you can create and then leave unattended. Your organization changes every day as personnel come and go, business functions change over time, and priorities shift. You should revisit your BCP at least once a year to keep it aligned with your goals and to make sure it still functions properly.

We’ve recently written an in-depth piece about the business continuity planning process, which explains in detail what you can do to make each step of the BCP process efficient and successful.

Business Continuity Outcomes

Important outcomes of a business continuity plan include the following:

Regulatory compliance
The benefits of business continuity extend far beyond hurricane preparation. Businesses in regulated industries like financial services and healthcare are often subject to regulatory compliance standards, like FINRA, HIPAA, and HITECH, which require business continuity in place.

Stronger customer retention
If your business takes weeks to return to normal operations, customers may go looking for other suppliers to help them, compounding the hurricane’s impact on your business. In today’s business climate where between 70% to 80% of a business’s value comes from hard-to-assess assets like brand equity and reputation, being a beacon of stability can have serious returns.

Lower insurance premiums
Businesses in Florida rely on their insurers to protect them from natural disaster and cyber threats. Many forms of insurance require businesses to demonstrate a business continuity plan to purchase insurance or to get the lowest possible premium possible.

Creating Business Continuity and Disaster Recovery Synergy

To clarify, the most important difference between the two concepts is when they’re triggered.

A business continuity plan is triggered at the outset of a hurricane or tropical storm so that your team can work through the disaster with as little interruption as possible, while a disaster recovery plan is typically triggered after a disaster has taken place, allowing your team to begin the process of restoring your technology systems as quickly as possible.

But the reality is that the two concepts play an important, synergistic role in helping to keep your business safe from natural disasters. Here’s some of the benefits of combining the two strategies:

74% of surveyed organizations have faced a disruptive event with third parties in the past few years.

You can find the first installment here in our 3-part series on hurricane preparedness and business continuity.

Tampa’s Business Continuity and Disaster Recovery Partner

For 30 years, the LNS Solutions team has been helping businesses in Tampa defend against hurricanes and other natural disasters. If your business is struggling to discover the resiliency it wants, contact our helpful team any time at (813) 393 1626 or info@LNSSolutions.com. We look forward to speaking with you!

Contact Us!

The Complete Guide to Business Continuity Planning

The Complete Guide to Business Continuity Planning

This is the second in a 3-part series on hurricane preparedness and business continuity. 

Serious interruptions to productivity can be a catastrophe for unprepared businesses. Even a single day of downtime can cause a small or midsized business tens of thousands of dollars in lost opportunity, revenue, and reputation.

For larger businesses, IDC estimates that operational downtime can cost up to $100,000 per hour on average.

The most effective tool that businesses have to maintain their operations when a hurricane or other disaster strikes is a business continuity plan (BCP). We wrote this article to help Florida get started with the planning process, understand how it benefits them, and answer any questions they might have.

What is Business Continuity Planning?

Business continuity (BC) planning is a tested plan that outlines everything a business must do when it faces abnormal business interruptions, such as hurricanes and natural disasters, ransomware attacks, or human error.

It is a holistic process that covers every aspect of your business, including your network technology, communications, human resources, physical workspaces, and each of their dependencies.

Triggered before disaster even strikes, think of a BCP as your first-line defense against downtime. As opposed to reactive planning, such as disaster recovery, your BCP helps you proactively maintain normal business operations with as little operational downtime as possible.

The Elements of Comprehensive Business Continuity Plan

A business continuity plan varies from company to company. But here are the components that a successful BCP will contain:

Risk Scope Analysis
Developing a business continuity plan starts with understanding the risk’s scope. This means identifying which critical business functions you are trying to protect, and what dependencies each of those functions have that might be affected by a disaster.

Keep an open mind when thinking of “unprecedented events.” While natural calamities like floods and tropical storms are top of mind in Florida, you should also consider all other risks, such as technological outage, regulatory changes, cybersecurity, and human error as well.

The scope of your plan will be the foundation for all subsequent components of the BCP.

Business Impact Analysis (BIA)
Another major component of the BCP is a detailed analysis of how every identifiable risk will impacts the core business functions from the scope analysis. Running a BIA will help you understand in detail what must be done by whom to sustain those functions when a disaster strikes.

Unlike a risk assessment, which identifies threats and the likelihood of them harming your business, the BIA goes further to define the severity of each threat and how they affect your business operations and finances.

A BIA should analyze each threat in 5 dimensions:

Communication Strategy
Communication is paramount when mitigating an unforeseen event. Your BCP should outline how employees should communicate with one another, their superiors, their subordinates, and third-party stakeholders.

In most cases, you can’t have to rely on the hierarchy you have during normal workdays, which means you may need to grant provisional autonomy to certain team members or restrict access to certain systems until your systems have been restored.

You may also choose to implement external communications and public relations as a part of your continuity plan so you can proactively manage your customer expectations and any reputational damage.

Controls and Mitigation
Disaster mitigation, among other things, requires quick decision-making. After analyzing the risks, affected personnel, location, and service delivery requirements, you can now create an action plan.

You need clear instructions on what must be done at the minimum level by every person involved in the mitigation process. The controls are also likely to vary for each disruption scenario.

Leave some room for improvisation. Since you can’t plan for everything well in advance, you should grant limited authority to your “boots on the ground” to work off the prescriptions as they see fit to meet the challenges they face.

Test and Refine Business Continuity Plan

After the continuity plan is in place, it’s time to test it. Run the teams through each disaster scenario as if your business was experiencing a real-life crisis. Repeated testing allows you to measure the plan’s effectiveness and iron out any weak points.

Testing isn’t a one-off event. Regular testing and refinement of the plan will help you achieve a more efficient and consistent result. Communicate the plan and its results throughout your organization so employees can get acquainted with each scenario and what you have in terms of expectations.

The Benefits of Having a Tested Business Continuity Plan

Business continuity planning may seem like a lot of work. But it’s well worth it, given the potentially ruinous costs of facing disaster unprepared. Here are some of the key outcomes that you can expect to reap from a well-tested BCP:

Read the third blog of our 3-part series on hurricane preparedness and business continuity.

Florida’s Trusted Business Continuity Consultant

For 30 years, the LNS Solutions team has been helping businesses in Tampa defend against hurricanes and other natural disasters. If your business is struggling to discover the resiliency it wants, contact our helpful team any time at (813) 393 1626 or info@LNSSolutions.com. We look forward to speaking with you!

Contact Us!

Protecting Your Business Technology in Hurricane Season

Protecting Your Business Technology in Hurricane Season

This is the first in a 3-part series on hurricane preparedness and business continuity. 

Every year, the Florida business community must gird itself for hurricane season, a significant trade-off for living in a uniquely beautiful state.

Since 1980, the total cost of damage done to coastal Florida by storms has totaled $450 billion in total, with Hurricane Ian alone doing over $100 billion, the costliest disaster in the history of Florida’s history.

As we approach storm season, the team at LNS Solutions thought businesses in our area would benefit from a checklist that helps them take stock for the best practices around disaster preparation and review what they should be doing to protect to minimize downtime that storms cause this year.

Becoming Proactive About Hurricane Protection

The single best thing a business can do to protect itself is take the threat seriously and start the planning process now, before hurricane season starts.

1 - Inventory Your Network
Start by creating a detailed list of all the devices connected to your network. The inventory serves the dual purpose of helping you understand your areas of greatest vulnerability while also helping you successfully file any insurance claim for damaged hardware, if the worst were to occur.

2 – Devise an Escape Plan for Portable Equipment
It’s relatively easy to secure personal computers, workstations, and company mobile devices during a hurricane. The forewarning should give you enough time to power those devices down and move them out of your premises to a safe location.

Deal with any technical hurdles you might face during that process now, which include who’s going to disconnect and move their devices and which safe, inland space they can bring them to wait out the storm.

3- Secure Servers and Immovable IT Infrastructure
For systems that cannot be moved, you can improve their chance of weathering a major storm with the following guidelines:

Beware of what’s known as “optimism bias” in the behavioral sciences field. “I’ve been lucky so far” and “It won’t happen here” are all versions of this bias, which can be enormously costly if a disaster does strike. Assuming that your business is vulnerable saves your stress and expense.

According to the Uptime Institutes 2021 Annual Outage Analysis, 40% of business interruptions or outages cost between $100,000, and $1 million.

Disaster Recovery Systems

Strong backup and disaster recovery (BDR) planning is crucial for businesses under any circumstance. For businesses in Florida, it’s even more important that you have a functioning, tested system in place to help you recover sensitive data after a disaster.

4 - Start with the 3-2-1 Backup Strategy
The 3-2-1 backup strategy says that you should have 3 copies of your data (production and two backups) on two different forms of media, with one copy stored offsite.

When working with your cloud backup, pay attention to the vendor and ensure that the data centers that your backups are being stored in a stable location outside Florida so that your data is safe there no matter what happens.

Some businesses may want to move beyond just a single backup in the cloud, so speak to your vendor and make they provide an acceptable level of redundancy on their systems. Security-minded businesses will build even further protection into their strategy by replicating their backups to two providers.

5 - Test Your BDR System
The ability to backup data isn’t what’s going to save you from the next Hurricane Ian, it’s the ability to restore that data quickly and use those backups to restore operations at your business. We’ve seen too many businesses neglect their BDR plans, only to find that when they need them most, they’re not working as well as they need.

When testing your BDR solution, here are some things to look out for?

Build and Test Your Business Continuity Plan

How long can you go without serving your customers before the damage this downtime causes becomes permanent?

Answering this question will help you guide your business continuity strategy and set appropriate goals. For example, small professional services firms may be able to tolerate a day or two of downtime as they get their technology back to operational, while midsized financial service firms and healthcare providers often have only minutes or seconds to spare before they fall afoul of regulators or experience a significant loss of reputation and money.

To help mitigate this, you’ll need not just a plan for recovering your technology after a hurricane strikes but for keeping your team productive through a hurricane. This is known as a business continuity plan, or “BCP.” There are several steps in the continuity planning process, including the following:

  1. Identify critical systems
  2. Business impact analysis
  3. Develop continuity procedures
  4. Communicate
  5. Test & Train

There are important differences between business continuity and disaster recovery, though they’re often confused. For more information about what each of the steps in the BC process means, we encourage you to read this in-depth guide, which will help you understand the entire process.

Read the second of our 3-part series on hurricane preparedness and business continuity.

Weather Hurricane Season with a Veteran Technology Partner

For 30 years, the LNS Solutions team has been helping businesses through Florida achieve maximum stability in hurricane season and beyond. If your business could use a partner to help build disaster-proof IT, contact our team any time at (813) 393 1626 or info@LNSSolutions.com. We look forward to speaking with you!

 Contact Us!