On March 5th, the Federal Trade Commission (“FTC”) proposed amendments to the Safeguards Rule and Privacy Rule under the Gramm-Leach-Bliley Act (“GLBA”). These amendments are significant in several ways. However, the most impactful will be the changes to the Safeguards Rule which governs the information security programs of financial institutions.
With all the talk surrounding cybersecurity, it is easy for the owner of a small business to be overwhelmed. The good news is that you don’t have to feel overwhelmed. While there are no magic bullets, using a layered approach to securing your network is still the most effective way to protect it. Below is my common sense checklist, based loosely on the CIS Controls and broken into three sections based on complexity, for securing your small business.
Supply chain attacks are on the rise and putting many companies at risk. Microsoft and F-Secure Service Technology have provided statistics that show these types of attacks are on the rise and are causing billions of dollars in losses to global firms. Maersk Shipping was hit by NotPetya through the injection of the malware into an ME Doc software on one machine. This one machine caused an estimated $200-$300 Million in damages to the organization. Had some fundamental practices been in place, the organization could have reduced the damage from the infection.
Account takeover has skyrocketed in the past year, partially because phishing emails continue to evolve and many organizations simply lack the tools to monitor unusual account behavior with cloud services. Below is a list of signs your Office 365 account may be hacked.