Pub. 7 2017-2018 Issue 6

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S May • June 2018 9 above exploited vulnerabilities that were well known and documented. Up- dating ensures that known vulnerabil- ities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cy- bersecurity expertise and dramatically reduce your exposure. Assets. Update and confirm your inventory of all assets attached to your network. This should include phones, tablets and other mobile devices. It should also include your ecosystem of partners and contractors that have access to your network. We are all familiar with the Target hack in which access was gained through an HVAC contractor. Proper asset hygiene helps an organization confirmonly authorized assets are accessing your network as well as identifying unusual activity by assets that are authorized. Passwords. Review your Pass- words and connect to a gradient trust model. All it takes is one mistake for the gate to be opened but designing a series of privileges into your systemwill ensure that only the right device using the right connection by the right personwill verify users can only use what they are meant to. Inmany cases it just requires a simple content filter on access so the content isn’t opened when someone may acci- dentally click onmalware. The final step in gradient trust is building permissions from the bottom up using concepts like application whitelisting. Authentication. We also high- ly recommend the use of Two Factor Authentication for access to online banking applications, mobile banking applications and any online accounts that have PII or financial information. Two-step verification is an extra layer of security that is also known as “multi factor authentication” that requires not only a password and username but also something that only that user has or would know. Using a username and password together with a Two Factor Authentication makes it harder for po- tential nefarious actors to gain access and steal that person’s personal data or identity. Security Assessment. Finally, validate that your security is working to the level you expect it to. Talk to members of the @RISK team today and learn how measurement and constant improvement is important for your organization to plug the holes in your network before an attacker has the opportunity to exploit them. n how too many customers find that trust shattered by cyber breaches. At a time of heightened threat activ- ity, there are some simple things we all can do to avoid tragedy before sacred trust is broken. Small business owners throughout Colorado may be at even greater risk of a cyber-attack than you might realize. Approximately 31% of all data breaches occur in companies with 100 or fewer employees. Research shows that cyber-attacks cost small and medium-size businesses an average of $188,242, and almost two-thirds of victimized companies are forced out of business within six months of being attacked. With new threats to computer sys- tems and data emerging every day, it pays to be prepared. Each of us can join the ranks of Digital Minutemen. Every- one can follow a marksman’s approach to cyber and “aim small, miss small.” Vigilance is something everyone can contribute. With the latest massive Intel vulnerabilities Meltdown and Spectre, and last year’s Bad Rabbit attacks in Ukraine coming on the heels of Wanna- Cry, Petya and NotPetya, we expect to see some variants manifest this year. We are also seeing some increases in alerts pertaining to DYRE and TRICKBOT, a couple of older malware attacks that are targeted to the Financial Sector. Backups. There are some simple things each one of us can do to main- tain the security of data and keep up with today’s increasingly sophisticated threats. We all know to not download files or click on links when we aren’t 100% sure of their origin, but there is a simpler way to defeat ransomware’s impact on your organization: make sure you’re backing up your files remotely to a place not connected to the internet. If you have a recent, clean backup of all your critical systems, you can avoid having to pay ransomware. Backing up your ownworkstation or laptop regularly is also very important. Patches. Have a plan to keep your patches up to date. Update your soft- ware, phones, tablets and computers, both business and personal. As a rule, don’t useWindows XP, asMicrosoft is no longer providing security updates. This seems like simple common-sense but the latest ransomware viruses mentioned With new threats to computer systems and data emerging every day, it pays to be prepared. Each of us can join the ranks of Digital Minutemen. Everyone can follow a marksman’s approach to cyber and “aim small, miss small.”