Frequently Asked Questions

To prepare for a potential ransomware attack, organizations should do the following:

1. Implement security measures that include:
   1. Deploying antivirus and anti-malware software.
   2. Utilizing email filtering and security protocols to block phishing and other malicious emails.
   3. Limiting user access and permissions to only what's necessary for their roles.
   4. Dividing your network into segments to limit the spread of ransomware in case of an infection.
   5. Keeping all operating systems, applications, and software up to date with the latest patches and updates.
   6. Requiring strong passwords and multi-factor authentication
2. Regularly back up all critical data and systems. Store protected backups offline or in an isolated environment to safeguard them from ransomware encryption. Regularly test the effectiveness of your backup and recovery procedures.
3. Create a detailed incident response plan that includes incident detection, containment, eradication, communication, and recovery. Conduct Tabletop exercises to test your plan and identify areas for improvement.

After discovering a data breach, organizations’ top priorities should be containment, damage assessment, and notification.

Containment: Immediately disconnect any systems or network segments where the breach is believed to be active to prevent further spread. Change the passwords of compromised accounts and disable remote access. Secure any physical areas related to the breach.

Damage assessment: Identify the compromised data, determine affected services or resources, and the potential impact of the breach. Collect and preserve evidence from the breach, including log files, system snapshots, and other relevant data. 

Notification: Notify the people whose data was impacted, the regulatory bodies as required by law, and the relevant stakeholders within the organization.

Penetration testing should be done at least once a year. Organizations may want to conduct more frequent testing depending on:

• Their risk profile and the sensitivity of the data being handled.
• Regulatory compliance: Certifying against infosec frameworks (ISO 27001, PCI DSS, etc.) or complying with laws (HIPAA, GLBA, etc.) could require additional pen tests.
• System or web application changes: Additional penetration testing may be necessary to account for changes to your IT infrastructure, such as new hardware, software or after significant changes to your web application.

Learn more

The responsibilities of a Virtual Chief Information Security Officer (vCISO) can typically be tailored to meet the needs of the business the vCISO is serving. Common responsibilities businesses will task their vCISO with include:

• Trusted advisory and leadership support
• Security strategy and governance
• Security architecture and program development
• Risk management and vulnerability identification
• Incident response development and management
• Audit preparation
• Certifications and compliance

Learn more

Small businesses can manage cybersecurity risks with some basic security measures, including:

• Requiring strong passwords and multi-factor authentication.
• Regularly updating all software and operating systems to patch security vulnerabilities.
• Installing anti-virus and anti-malware software.
• Implementing data in transit and at rest encryption.
• Providing employees with security awareness training that teaches them how to identify and avoid security threats like phishing, ransomware, and social engineering. Training should be conducted at least annually.

Businesses that can’t hire a full-time employee dedicated to cybersecurity can use a third-party vendor for additional support. Hiring a Virtual Chief Information Security Officer (vCISO) allows businesses to leverage the knowledge of experienced cybersecurity professionals to target high-priority tasks for an agreed-upon number of hours.

Learn more

Balancing cybersecurity with user convenience can be tricky. A risk-based approach that implements controls based on the sensitivity of data and systems. Multi-factor authentication is a way to add an extra security layer without overly burdening the user. Single Sign-on (SSO) lets users access multiple applications with a single set of login credentials, minimizing password fatigue that can result in weak passwords. Automating software updates can ensure users are on the most secure versions of platforms without requiring them to take any action.

Here are some popular and effective tools for monitoring security threats:

Security Information and Event Management (SIEM): SIEM solutions can be used for continuous monitoring, and collecting and analyzing log data from sources like firewalls, intrusion detection systems, and applications to provide real-time threat detection and correlation.

Endpoint Detection and Response (EDR): EDR solutions monitor endpoint activities, detect suspicious behaviors, and respond to threats. They leverage behavioral analysis and machine learning to identify threats.

Network Monitoring Tools: These tools can analyze network traffic, identify anomalies, and provide real-time alerts when security incidents occur.

Threat intelligence Platforms: These platform solutions are designed to aggregate, analyze, and manage threat intelligence data from multiple sources to help organizations detect, understand, and respond to cyber threats more effectively.

When vetting third-party vendors, have them complete a questionnaire to gather information about their governance, organizational structure, security controls, and technology. The line of questions should include:

• Who in the organization is responsible for cybersecurity?
• How is C-suite leadership involved in cybersecurity?
• How does your business protect customer information?
• Is your business utilizing AI do deliver services?
• Do you have AI Usage Policy and Procedures
• Do you outsource any IT services?
• What are your security training practices?
• What are your security measures for software and hardware?
• What are your data recovery capabilities?
• Do you conduct penetration testing and vulnerability scanning?
• Is an incident response plan in place?

• Have you experienced a cyber incident? If yes, please describe.
• How do you monitor for unauthorized access?

When you select a third-party vendor, include your cybersecurity requirements in the contract. Some requirements to consider are:

• Maintaining Security Certifications: If the vendor holds a security certification like ISO 27001, SOC 2, or PCI, put in the contract that they’re required to maintain that certification. Consider requiring a copy of the report or assessment that was conducted to maintain the certification.
• Incident Notification Timeline Requirements: The SEC requires public companies to disclose material cybersecurity incidents within four days of their discovery. If a vendor experiences a data breach or other cyber incident involving your data, you must know about it quickly to meet the SEC requirement. Specify a timeline in the contract that will give you at least 24 hours to report the incident.
• Technology Changes: Require your vendors to notify you of any significant IT infrastructure changes they make. For example, moving services from a data center to a cloud provider.
• Termination Clauses: Your contracts should clearly state that failing to adhere to the cybersecurity requirements will result in the partnership's termination.

Learn more

Training employees to identify and react to potential cyber threats is vital to an effective cybersecurity program. Studies of cyber incidents consistently find that human error is the leading cause of data breaches.

Here are three ways organizations can improve their cybersecurity awareness training program:

1. Implement a bi-annual Security Awareness Program focused on interactive role-based training. Conducting cybersecurity training sessions twice a year, instead of just once, will demonstrate to employees the importance of this initiative and keep what they have learned fresh in their minds.
2. Implement a quarterly phishing campaign that evaluates and reports on the organizational effectiveness of the employee Security Awareness Training Program. The goal is to ensure 100% employee saturation through the campaigns.
3. Enhance your incident response team’s training by introducing breach and attack simulations that allow your organization to evaluate the efficacy of its security controls.

Learn more

Organizations can assess the effectiveness of their cybersecurity strategy by analyzing the following key performance indicators (KPIs):

• Security incidents/intrusion attempts
• The average time to detect (TTD) a cyber threat
• The average time to respond (MTTR) to a threat
• The average time to contain a threat
• Security Program Maturity Score: Based on frameworks like NIST CSF, ISO 27001, or CIS Controls.