Category Archives: Backup

The Professional’s Role in Understanding Cybercrime 

Posted on by

Beyond Armchair Expertise, The Professional’s Role in Understanding Cybercrime

Understanding Cybercrime.

In the dynamic world of cybersecurity, the divide between professional expertise and armchair opinions is stark. 

For managers, owners, C-suite executives, and board members of SMEs and nonprofit organizations, distinguishing between these two can be the difference between safeguarding their digital assets and facing a catastrophic breach.

Cybercrime, often underestimated in its complexity and impact, is not a realm for casual speculations or surface-level understanding. 

This underestimation stems partly from the mystification of cybercrime in popular culture, where it’s often portrayed as a nuisance rather than a serious threat. 

The reality, however, is far more grave. 

Cyberattacks can cripple entire systems, lead to substantial financial losses, and irreversibly damage reputations.

This is where professionals in the cybersecurity field make a critical difference. 

Unlike armchair experts, whose knowledge might be based on sporadic reading or superficial experience, professionals are immersed in the nuances of cyber threats. 

They understand the ever-evolving nature of cyber risks, the sophistication of cybercriminals, and the intricate web of legal and compliance issues surrounding cybersecurity.

For businesses and nonprofits, engaging with these professionals is not just a wise decision, it’s a necessity. 

Cybersecurity professionals bring to the table a depth of knowledge honed through continuous learning and real-world experience. 

They can navigate the complex landscape of digital threats, implement robust security measures, and offer strategic advice that aligns with the organisation’s specific needs.

Furthermore, these experts can dispel common myths about cybercrime, provide accurate risk assessments, and develop comprehensive strategies to mitigate these risks. 

Their insights are invaluable in an age where cyber threats are not just IT issues but strategic business concerns.

As cyber threats become increasingly sophisticated, the need for professional expertise in cybersecurity cannot be overstated. 

For leaders in SMEs and nonprofits, relying on armchair experts is a gamble with high stakes. 

Investing in professional cybersecurity expertise is not just about protection, it’s about ensuring the resilience and longevity of your organisation in the digital era.

Help us spread our message by sharing this post with your network.

Start your journey now at https://vciso.scoreapp.com 

𝐑𝐞𝐡𝐞𝐚𝐫𝐬𝐢𝐧𝐠 𝐟𝐨𝐫 𝐑𝐞𝐚𝐥𝐢𝐭𝐲: 𝐖𝐡𝐲 𝐌𝐨𝐜𝐤 𝐃𝐢𝐬𝐚𝐬𝐭𝐞𝐫𝐬 𝐁𝐞𝐚𝐭 𝐭𝐡𝐞 𝐑𝐞𝐚𝐥 𝐃𝐞𝐚𝐥!

Posted on by

Ever watched a play where actors flawlessly recite lines, embody characters, and captivate you with their performance?

It’s mesmerizing, right?

But what you don’t see are the countless rehearsals, the forgotten lines, and the tripping over props.

All of that happens behind the scenes.

By the time they’re on stage, they’ve mastered their act.

Enter the world of tests and trials in cybersecurity!

Annoying?

Absolutely.

As vexing as an actor forgetting lines for the tenth time.

But oh, so necessary.

Because when the actual cyber threats try to Gatecrash our systems, we want to be ready, not left fumbling for our lines or our defences.

Sure, in our ‘rehearsals’, things can go awry.

Unexpected glitches pop up, simulations may unveil problems we never considered.

A little chaos here, a little mayhem there.

But isn’t that the point?

To stumble, fall, and rise before the final act?

So, the next time a cybersecurity drill feels like a bothersome rehearsal, remember this: better a hiccup in practice than a disaster during the live show.

After all, in the grand theatre of cybersecurity, we’re aiming for a standing ovation, not stage fright! 

𝐒𝐩𝐨𝐭𝐭𝐢𝐧𝐠 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 – 𝐔𝐧𝐯𝐞𝐢𝐥𝐢𝐧𝐠 𝐭𝐡𝐞 𝐒𝐢𝐥𝐞𝐧𝐭 𝐒𝐚𝐛𝐨𝐭𝐞𝐮𝐫

Posted on by

Imagine this – you’re having a regular day at work, but your computer seems a tad slower.

You brush it off as another technological glitch.

However, the next day, a chilling reality hits you – all your data is encrypted.

Your first reaction?

Utter disbelief.

You’re caught in the silent grip of ransomware, and it’s too late.

Ransomware attacks don’t announce themselves with a grand fanfare.

They silently creep into your system, nesting in the corners and subtly sabotaging your daily operations.

By the time you notice the slowdown or encounter encrypted data, your system is already in the stranglehold of these cyber criminals.

Think of it like this: you wouldn’t wait for your house to be engulfed in flames before you consider installing smoke detectors.

The same logic applies to ransomware.

Subtle signs,

like a slow computer, might be your only hint of an imminent ransomware attack.

But in today’s evolving digital landscape, we need more robust early warning systems.

By the time the ransom message appears, it’s often too late to prevent significant damage.

That’s why your business needs proactive and advanced cybersecurity measures.

These could include threat detection systems, regular data backups, and continuous network monitoring – tools designed to catch and mitigate threats before they strike.

The truth is, relying on ‘my computer is slow’ or ‘my data is encrypted’ as a ransomware warning is akin to closing the barn door after the horse has bolted.

Don’t wait for the flames.

Protect your business against the silent saboteur.

Invest in a ransomware detection system today and safeguard your tomorrow.

Don’t leave your business vulnerable to cyber attacks – sign up for our 10 minute tech and cyber check (URL In my Banner) and get the knowledge you need to stay ahead of the cybercriminal.

𝐅𝐫𝐨𝐦 𝐂𝐫𝐢𝐬𝐢𝐬 𝐭𝐨 𝐂𝐚𝐥𝐦 – 𝐓𝐮𝐫𝐧𝐢𝐧𝐠 𝐓𝐢𝐝𝐞𝐬 𝐰𝐢𝐭𝐡 𝐚 𝐃𝐢𝐬𝐚𝐬𝐭𝐞𝐫 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲 𝐏𝐥𝐚𝐧

Posted on by

Picture this: It’s a Monday morning.

You stroll into your office, coffee in hand, ready to conquer the world, only to be met by chaos.

The server crashed.

All your data – poof – vanished!

And just like that, your world grinds to a halt.

Sounds like a nightmare, right?

The unfortunate reality is, it’s not a matter of if this will happen, but when.

In today’s digital landscape, the unexpected looms at every corner.

System failures, cyber-attacks, natural disasters, you name it.

Without a disaster recovery plan, your small business or nonprofit is like a ship sailing uncharted waters without a compass.

The truth is, many organizations focus on sailing smoothly – ensuring day-to-day operations run seamlessly, deadlines are met, and budgets are maintained.

These are important, of course, but what about the inevitable storms? Should we not prepare for them?

Now, you might ask, how does one prepare?

Well, let’s delve into a single component of the ACTION plan: operational resilience.

The O in ACTION stands for operational resilience, a key player in disaster recovery.

Having a robust data backup system is essential.

With a reliable backup, you can restore your systems and continue operating even in the face of disaster.

A good backup strategy encompasses not just regular backups, but also off-site or cloud backups that secure your data from localized incidents.

But remember, the operational resilience aspect isn’t limited to backups.

It involves having redundancy in your crucial systems to ensure you’re never left in a lurch.

Additionally, it calls for regular testing and updating of your recovery procedures, ensuring that when the storm hits, you’re not caught unprepared.

When disaster strikes, time is of the essence.

With each passing minute, the costs mount, and recovery becomes more difficult.

That’s why a swift, efficient recovery process powered by technology isn’t just a good-to-have; it’s an absolute necessity.

So, let’s replace Monday morning chaos with confident control.

Equip your organization with a disaster recovery plan, and turn the tide from crisis to calm.

After all, being prepared isn’t just about surviving the storm; it’s about learning to dance in the rain.

How does a non profit organisation recover from a cyber event?

Posted on by

Recovering from a cyber event can be challenging for any organization, including non-profit organizations in Australia.

Here are some steps that non-profit organizations can take to recover from a cyber event:

Containment and assessment:

The first step in recovering from a cyber event is to contain the incident and assess the damage.

This may involve disconnecting affected systems from the network and determining what data has been compromised.

Response plan activation:

Non-profit organizations should have a response plan in place for cyber incidents, which outlines the steps to be taken in the event of an attack.

This plan should be activated as soon as the incident is detected to ensure a timely and coordinated response.

Notification:

If personal data has been compromised, non-profits may need to notify affected individuals and regulatory authorities, such as the Office of the Australian Information Commissioner (OAIC), under the Notifiable Data Breaches (NDB) scheme.

Non-profits should follow the guidelines set out by the OAIC regarding the content and timing of data breach notifications.

Communication:

Non-profits should communicate with stakeholders, including donors, partners, and staff, about the incident and its impact.

This can help maintain trust and transparency with the organization’s supporters and minimize reputational damage.

Recovery and restoration:

Non-profits should work to restore affected systems and data, including implementing data backups, patching vulnerabilities, and updating security measures.

Non-profits should also review their response plan and security measures to identify areas for improvement.

Review and prevention:

Once the organization has recovered from the cyber event, it’s important to review the incident and identify areas for improvement.

Non-profits should also take steps to prevent future cyber incidents, including implementing stronger security measures and providing ongoing training and education to staff.

Recovering from a cyber event can be a complex and time-consuming process.

Non-profits can benefit from working with cybersecurity experts and seeking advice from relevant regulatory authorities to ensure they are taking appropriate steps to recover and prevent future incidents.

Ransomware and why it has the impact it does

Posted on by

Ok incoming RANT

On the last 3 Mondays, we have had to clean up 5 fully encrypted networks.

Small to Medium organisations, non-profits and businesses.

Each with a server with more than 10 computers and some cloud-based systems.

Their IT department or person who knows computers was in charge.

They were telling management that they were secure.

No tested backup

No resilience

No awareness training

No management systems.

No anti-virus

No updates

Where does that leave them?

At the moment, in a heap of trouble.

When it comes to cybersecurity, talk to an expert.

Everyone is a target of cybercrime, just some are more secure than others.

Not sure what to do – start with this audit here: https://Action.scoreapp.com

Why 2022 could be a bad cybersecurity year for SME’s

Posted on by

SME’s are a prime target for cybercrime.

They have reduced expertise, minimal money, and an attitude, we are too small to be a target, that leaves them wide open to a cyber event.

Our industry, the people who know and think we understand the bad guys have been pushing for an attitude change for the last 10 years. In a large number of ways, we have failed, especially in the SME space.

In some, we have failed significantly.

By the time we get called in, after a cyber event, it is way too late.

To late to recover, too late to respond and definitely too late, in a number of organisations, to get back to business as normal.

Most SMEs, after a cyber event and especially after a ransomware attack, have but 3 choices,

  • pay the ransom,
  • recover from backup and hope you have a decent backup (a decent, tested backup is vital, no matter the situation)
  • or go out of business.

Here are 3 cybersecurity strategies that every SME should implement to be more secure and avoid that devastating cyber event.

Training users

Increased awareness of business security in a workplace is vital in today’s business world.

Not many businesses know where to go to get that training.

Training needs to be done as an ongoing process.

Once or twice a year is inadequate. But training and education has to be easy, bite-size pieces, easily digested, easily implemented and easily followed.

In addition to ongoing training, you also need to incorporate business security into your onboarding process to instill the required cultural elements into new people on staff.

Want some free cybersecurity training, here is something that will definitely help
https://wizer-training.com/partner/caremit

Risk management and gap analysis

SME’s have a limited understanding of the new risks delivered to the business via our digital components.

The game has changed significantly in the last 10 years and we, as small and medium businesses, are constantly playing catch-up.

We are significantly hampered and handicapped by the impact and scale of our digital usage.

It is everywhere, used in every component and used all of the time.

To understand the risks without understanding the systems you need some help.

Here is some help for you.
Https://CareMIT.scoreapp.com

With the report, you can now implement a gap analysis and work out what you need to do to increase security around your organisation.

The report also ties in well with:

Implemented a framework

If you are looking for a better way to manage security within your Organisation, you need to look no further than a framework.

A framework is a documented system that allows an organisation to follow the bouncing ball and tighten up the security in a regimented way.

The more the components of the framework are implemented the more secure and mature the organisation.

Frameworks are easy to follow and implement and the one I recommend is the National Institute of Standards and Technology (NIST) cybersecurity framework.
https://www.nist.gov/cyberframework

Answer the 98 questions, honestly, and you now have a road map to implement cybersecurity in a significant way.

The NIST cybersecurity framework also gives you a number.

Between 0 – 4, it can be used as a comparison between businesses, supply chain components, and government departments so you can do business with like-minded organisations.

What can SME’s do?

It is not too late to implement any of these strategies. The bad guys are getting more and more clever, so time is running out.

They are targeting everyone who is connected to the digital world, the internet, with more sophisticated systems, a number of them are now fully automated.

Some of those automated systems have minimal human involvement after the initial set up.

From initial social engineering attack, all the way through to payment of ransom everything is automated and driven by machine learning.

Every SME should be implementing a training and education process, doing a risk and gap analysis and implementing a cybersecurity and business security framework.

With that everything else will follow.

The business will be more stable, the culture of the organisation will change and getting back to business as normal after an attack can be significantly easier.

The impact of a cyber event for an organisation implementing these 3 components or not is significant.

If you haven’t implemented these 3 strategies in the last 12 months, 2 years or 5 years then 2020 is going to be a bad year.

But it’s not too late.

Thinking you are immune to a cyber event is a regular occurrence for SME’s

Posted on by

Even if you think you are immune to a cyber attack these ideas are critical to restricting the impact.

I want to talk about some of the problems we have encountered when being called into a cyber event situation for a new client.

Have you looked at all of our business risks?

Risk is the biggest invisible issue in today’s business world.

Most Organisation does not know how to evaluate the risks that their digital component brings to the Organisation because they cannot visualize the risk.

Only by looking at the digital risks will it become apparent that more is needed to be done.

Get some good legal advice!

We regularly come across businesses that do not know what their legal obligations are when it comes to protecting data that they are the custodian of.

If your Organisation collects information about a person or a business you are now the custodian of that data.   The legal implication of being the custodian need to be understood before you make the decisions concerning the information or type of information collected.

Always err on the side of less.  If you cannot justify it do not collect it.

Check your response plan!

When it comes to SME’s, they think they are Bulletproof.

It will never happen to us, we are too small, yadda yadda!

Well, NO.   A cyber event can happen anytime and to anything digital.   When it comes to a true cyber attack you need to have a breach plan.

A plan that tells everyone in your Organisation what you expect them to do, how they will do it, who they report to and the process needed to preserve evidence and get back to business as normal.   Without it, chickens missing heads, running, lots of running, come to mind!

Test your systems with a tabletop war game.

This is absolutely essential to any Organisation with more than 5 staff.

Run some hypothetical scenarios.    Think of a problem and make sure that everyone knows what to do if it ever occurred.   Especially test disaster recovery, business continuity and breach plans.

After testing the system do both a hot wash up (debrief) and a report.

Implement any discovered failures.   Things that could be done better.   Things that were done badly.

You do not want a real emergency to be the first test of these plans.

Test some “what if …” plans.

Another alternative is to come up with some unusual issues.

A fire in the building that does not impact your business but your business is in the same location and your staff can no longer get to the office, showroom, shop for a week.

What is the impact?   What is your solution?

Tested our backup, we have.

We have a rule.   When it comes to backups we have the 3-2-1 rule.

There are 3 copies of all data.   The original data plus 2 other copies.   Those 2 copies consist of an on-site incremental data copy and an off-site copy.  There is always 1 copy of the data stored off-site.

Once again a backup is useless unless it has been tested.    A regular restore copy of a couple of files should be documented every month.   A full-blown restore of the system should be done every year from both locations.

Who do we have to report to?

When it comes to a breach there also needs to be a reporting structure.   Part of your business continuity plan should be a list of people who are allowed to talk to the media, post on social media, talk to vendors or talk internally and to who.

Reputation always impacts needs to be controlled as much as possible in today’s live world.   The policies, plans, and tests will ensure that everyone knows what they need to do.

Does anyone know how to preserve evidence?

If you are knee-deep in a cyber event the last thing that anyone is going to think about is the preservation of evidence.

Once again if the breach plan has been tested then you will know what has to be done.   If would be cold comfort to know that someone who has ruined you life will not face the consequences because there is no evidence against them.

Preservation of digital evidence can also include the information and machine learning that comes from your System Information and Event Management system (SIEM).

Train everyone, security should be part of everyone’s role in the organisation.

Social engineering is the process of targeting people.

It is used to great effect against everyone in business.   Social engineering is a 2 fold process – the bait, the email SPAM, phishing and the bad technology – link, application or attachment.

Combined together they are an effective attack system for the bad guys.

To counteract the social engineering you need to educate everyone.   There are free online courses but additional resources can include competitions, posters.

Get a framework and implement it.

One of the best protective strategies any business can implement is a framework.   I recommend the National Institute of Standards and Technology (NIST) Cybersecurity framework.

By answering the 98 questions, you get an instant base level indication of where your Organisation is in regards to the security maturity.

A framework does a number of things.   It gives you a base level, it gives you a score between 0 and 4, it ensures that you do not forget anything and gives you a road map for business security within your Organisation.

As a flow-on effect, it gives you a score that you can compare apples with apples (security maturity with security maturity) against other Organisations.   When it comes to data sharing you can make informed decisions on how secure the other Organisation will be in regards to data protection.

You have done a vulnerability assessment

Every device that is connected to a network has the capability of compromising the whole network.   The first law of Cybersecurity is “if there is a vulnerability it will be discovered and it will be exploited – no exceptions”.

To ensure that those vulnerabilities are addressed you need to do regular vulnerability scans on the network.

This can be achieved with expensive or free systems.   Either type it is important that vulnerability scans are completed and mitigated and vulnerabilities are patched and managed correctly.

Cybersecurity is not easy!

There’s no such thing as set and forget when it comes to protecting your Organisation from a cyber event.

It is a diligent and continuous process that needs to be done correctly to protect the integrity of the data within your custodianship.

Keep it safe, protect it, monitor it and ensure that if something does happen you have a way back to business as normal.

How fast will your business be back to business as normal after a disaster?

Encryption and Backups are your fall back position

Posted on by

When it comes to business security there are 2 systems that will save you after the impact of a cyber event.   The first is a good backup and the second in encryption.

Neither of them is as foolproof as business owners think.

Understanding the importance of backups.

The whole point of a comprehensive back up regime is to be able to get back to business as normal as fast as possible.

A good backup will help you achieve that.   So will a good disaster recovery plan, a decent business continuity plan as well as building in as much resilience as possible into the organisation itself.

Like any plan or solution it has to be tested, it has to be stressed and more importantly, everyone in the organisation needs to know what to do, where information is and how to implement those plans.

Failing to test or improve from the experiences of real-time tests and war-games is usually where an organisation fails.

You cannot improve a system unless it is tested regularly.   Once tested you can rectify issues discovered during the testing.

You DO NOT want to have the cyber event as the first test of system failure and recovery.

What to do with backups.

When it comes to a backup it needs the following items in place.

  • A copy of all critical and non-critical data stored in another location.
  • A copy of that information only connected to the system when it is doing a backup
  • A process that has no human requirements except to check it has happened and fixing it when it fails (immediately)
  • A system that is regularly tested and improved.  In business everything changes, the systems and data need to be tested but the people involved as well.

Protecting your encryption keys

The second component is encryption.   Seen by many as the silver bullet of data security, it is just another deterrent.   If your data is stolen then encryption will ensure that the data is unreadable, unless the bad guys have the keys.

The most important component of encryption is the security of those keys, if the keys are stolen or get out the encryption is useless.

So protecting those keys is more important than protecting the data the keys are securing.

When it comes to SME’s, not for profit organisations and charities we often find the security keys, especially for securing websites, just lying around a system.   Usually, they are saved in a folder called certificates with no added security around those files.

Protecting your encryption

There are many ways of using encryption and all of them cannot be discussed here so here are a few ideas.

  • Make sure your encryption key is not hardcoded into the applications using it.
  • Make sure your encryption key is your property and not owned by a third party.
  • The encryption keys should never be stored on or in the same system using them.
  • Make sure there is an audit trail in their use.
  • Only use one administrative account to encrypt data, record that account and the password in an out of band location, only used for that specific role.
  • Your keys can be encrypted!
  • Cryptographic keys change regularly, create a policy, process and procedure around that requirement.
  • Back them up.   The keys can be stored on an encrypted thumb drive and stored in a secure location. IE – a safe (part of the policy?)

To stop a cyber event instead of just recovering from one you also need to implement other components.   To survive the onslaught of cybercrime, follow and implement the best practices documented all over the internet.

A plan B is important, just like insurance is important.   When everything else fails your recovery is critical.

The CareMIT Security Methodology will help you secure your systems, people and data.