It seems that every day or every week, we wake up to the news of another organization that has fallen victim to a cyberattack of some sort.  If we are not learning of a new security breach, then perhaps it is the hefty fine that is being imposed on a business that was previously attacked and breached.

Barnes and Noble joins the list of breach victims with their announcement to customers that a hacker group had gained access to computer systems, exposing and possibly compromising customer data. In the Barnes and Noble incident customer addresses, phone numbers and purchase histories could be at risk with no indication that passwords and payment information were at risk.

After nearly eight months under COVID pandemic restrictions and telecommuting, many businesses are trying to return to some semblance of pre-COVID working conditions, while many organizations have come to accept that a large remote workforce is the new normal.

Is your IT department ready for disruption?

Arguably, many organizations relaxed remote access policies to allow for the rapid deployment of the workforce. Without best practice policies in place and with large numbers of employees working from home, corporate IT departments must have layers of business security to be prepared for the potential introduction of malware into their environment. Likewise, new or existing policy enforcement may result in discovery of installation of unauthorized applications or worse, malware. IT departments must be positioned and ready to implement remediation solutions quickly and effectively to reduce and eliminate risk.

It is worth asking if your IT department was well-positioned for the disruption of COVID.

  • Did you have existing policies to manage the seamless transition to remote work?
  • Were your users well trained on remote work practices?
  • Did your remote workers have the proper infrastructure at home to support working for prolonged periods?
  • Was multi-factor authentication part of your remote access standard?

If your IT department was not prepared for extended telecommuting, have they made changes to your environment to support that going forward, or have you, perhaps, remained complacent?  In fact, after eight months of operating under COVID restriction, if your answer is still “no” to any of those questions, you are be categorized as complacent and that is a very dangerous position.

Don't become another news headline

You may not be the size of Barnes and Noble, but the protection of your institutional information, especially the protected personal information of your customers, should be a top of list item for you and your management team. Failure to respond or safeguard vulnerable information positions your organization for the next newsworthy event. The risk exists regardless of your sector – healthcare, financial services, energy, education, publishing, retail – all have data that the bad actors would love to grab and exploit.

In the healthcare sector, the impact can now be deadly. In September, a German hospital in Duesseldorf under a cyberattack had to refer an urgent admission to another city for treatment resulting in the death of that patient. This is thought to be the first case of a healthcare breach resulting in death.

As the strange year 2020 rolls along, one constant thing is that those who want to disrupt technology are increasing their efforts to do so.  A world in a pandemic, elections in the US, social justice movements, and general unrest create the perfect playing field for bad actors to leverage fear in unsuspecting recipients of messaging (often via email) that in seconds can compromise millions of dollars of intellectual and system assets. It presents an additional economic strain on organizations that are dealing with new margins and attempting to stay in business.

Managing cybersecurity risk in small and medium businesses

The risk for cyberattack seems greatest with small to medium businesses. We often see successful organizations growing out of entrepreneurial innovativeness with robust products or services.  We also see many of these businesses fail to establish sound processes or an enterprise approach to IT security infrastructure to keep their data protected.  With threats ever-present, leadership teams must not become complacent to the need to keep systems and protected information secure.

At LBMC Technology Solutions, we offer a comprehensive Current Situational Assessment (CSA) through which our team of strategic leaders and engineers will assess your IT infrastructure and present best-practice recommendations.  A Technology Solutions CSA is written with the Executive or Strategic Decision maker in mind.  Contact us via email or call 615-377-4600 today to talk with a member of our team to discuss your specific needs.

Sources:https://www.nbcnews.com/tech/security/german-hospital-hacked-patient-taken-another-city-dies-rcna125