Considering the increasing frequency of insider threats and the severity of data breaches resulting from them, it goes without saying that all organizations need to take proactive steps to combat this serious security risk.

Before taking any preventative security measures, it is necessary to understand who causes these risks and why. In this blog, we’ll discuss all aspects of insider threats including the motivations behind them, potential actors, primary targets, consequences and more.

Actors Behind Insider Threats

Anyone with access to critical information can pose a potential insider threat if the information is unknowingly or maliciously misused, resulting in a data breach. Businesses need to identify these actors if they want to curb insider threats effectively.

Insider threat types can be classified as follows:

• Negligent insiders – This may include careless executives or employees with access to privileged information. These insiders don’t have any motivation – money or otherwise. They are simply careless in their actions or may have fallen victim to a scam. For instance, in one particular incident involving an apparel manufacturer, a careless employee clicking one phishing link from his laptop was enough to compromise the entire network.
• Malicious insiders – These are insiders who intentionally abuse their credentials for personal gain. These actors have an advantage over external attackers since they have access to privileged information and are aware of the security loopholes. They may be motivated by monetary gain or may have a personal vendetta against the company.
• Contractors or vendors – Sometimes, even third-party vendors and contractors who have temporary access to an organization’s IT network can cause a data breach. The motivation in this case could also be money or vengeance. The US Army Reserves payroll system was once targeted in a similar attack, where a contractor who lost his contract activated a logic bomb to create a delay in delivering paychecks.

Motivations Behind Malicious Insider Threats

Malicious insiders are usually motivated by one or more of the following reasons:

• Money or greed – Most cases of non-negligent insider threats are motivated by money and personal financial gain. A greedy insider with access to restricted information is most often the culprit in this case. For example, two employees of General Electric stole the company’s intellectual property about calibrating turbines and started a competing firm with this information. After years of investigation, they were convicted in 2020.
• Revenge – Another familiar reason for insider threats involves revenge. Disgruntled employees, who believe they have been wronged by the company they once worked for, are usually behind this type of threat. In August 2020, a disgruntled former employee of Cisco deleted hundreds of virtual machines and caused about $1.4 million in damages to the company.
• Espionage – Many large organizations across the world have been victims of economic espionage from competing firms. This is mainly done to gain a competitive advantage in the market. A state-owned Chinese enterprise perpetrated espionage against American semi-conductor firm Micron by sending compromised insiders and stole valuable trade secrets.
• Strategic advantage – Intellectual property theft against large corporations is most often a result of trying to gain a strategic advantage in the market. Korean smartphone giant Samsung became a victim recently when its blueprint for bendable screen technology was stolen by its supplier.
• Political or ideological – There have been many documented cases of insider threats motivated by political or ideological factors. These cases often concern national pride or revenge against another nation for the attack.

Why Insider Threats Are Dangerous

Insider threats often have a massive impact on your data, primary assets and your bottom line. On top of it all, these threats are often hard to detect and contain. A study by the Ponemon Institute estimates that it takes 77 days on average to contain insider threats once detected.

• Targets primary assets: Insider threats often target the primary assets of an organization including proprietary information, product information, business plans, company funds, IT systems and more.
• Results in huge costs: The same study by the Ponemon Institute estimated that the average cost of insider threats has increased 31 percent to $11.45 million in the last two years. These costs include downtime losses, loss of business transactions, loss of business opportunities and more.

Don’t Wait to Protect Your Business

Although the consequences of insider threats may be disastrous, you don’t have to face this problem alone. If you are wondering how you can mitigate these threats and prevent losses, we’ve got you covered. Reach out to us today to understand the different ways by which you can build a resilient cybersecurity posture against insider threats.

Article curated and used by permission.

Data Sources:

• Bitglass 2020 Insider Threat Report
• https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/
• https://www.theregister.com/2017/09/22/it_contractor_logic_bombed_army_payroll
• https://www.fbi.gov/news/stories/two-guilty-in-theft-of-trade-secrets-from-ge-072920
• https://www.bankinfosecurity.com/ex-cisco-engineer-pleads-guilty-in-insider-threat-case-a-14917
• https://www.justice.gov/opa/pr/prc-state-owned-company-taiwan-company-and-three-individuals-charged-economic-espionage
• https://edition.cnn.com/2018/11/30/tech/samsung-china-tech-theft/index.html
• IBM Cost of Insider Threats: Global Report 2020

The post The Dangers Within: Understanding Insider Threats appeared first on Overwatch Cybertech.

You should, of course, and you can’t beat free. Overwatch Technology offers a free on-site security assessment that takes from 30 minutes to two hours or so, depending on the complexity of your network and the number of connected devices. The security check includes:

• Antivirus protection
• Firewall
• Open ports
• User devices
• And much more

Depending on your industry, other types of checks can be performed. For medical practices and other healthcare-related companies, for example, the security check includes a scan for unencrypted Social Security numbers that could lead to a HIPAA violation and a large monetary fine.

Computing devices are ubiquitous in modern life, at home, and at work. Unfortunately, malware is nearly as common. In a year-over-year survey, the number of organizations reporting malware that spread from one employee device to another jumped from 64% in 2018 to 71% in 2019. Reasons cited for the double-digit increase include evolving malware strategies that are becoming more subtle and a lack of employee cybersecurity training.

IT governance organization ISACA reports that 62% of cybersecurity professionals believe their organization’s IT cybersecurity function is understaffed, according to the 2020 State of Cybersecurity report. Fifteen percent believe that function is “significantly” understaffed, while 47% believe the function is “somewhat” understaffed.

At the same time, demand for IT staff across the cybersecurity spectrum continues to outpace the growth in those workers who have the requisite skills.

Think about it: More malware. Not enough IT staff with cybersecurity experience. More jobs than there are workers. This is why Overwatch Technology should be your security partner. Even if your company has IT staff, no one can keep up with every aspect of IT security. Our specialties include:

• Custom IT solutions that build on your current clients’ businesses and IT infrastructure
• High-level security structures that protect you and your customers
• User-focused tools and training that make implementing new systems easy
• Long-term management of IT systems and infrastructure for clients

Do you fix your own car or roof your house? Unless you have particular skills in either area, the answer is “no.” Likewise, IT security is a specialized field that requires constant learning and constant adapting to keep pace with hackers, ransomware, malware, phishing attacks, and much more.

It makes perfect sense to trust the experts at Overwatch Technology with the security of your network and devices.

The post Can’t Beat Free! Get Security Check on Your Computer Network, Devices appeared first on Overwatch Cybertech.

Strong security isn’t just about the cyber domain of strong passwords, blocking malware, and managing permissions. You also safeguard sensitive information with physical security and cautious behavior. Here are some non-technical security tips:

1. Keep an eye on your devices and never leave them with strangers. In addition, never walk away from a device you’ve logged in to. Companies that routinely handle protected health information or other personally identifiable information have policies that require employees to log off before leaving the device – even while working from home.
2. Look for privacy in places like airports and coffee shops. Sit where no one can see over your shoulder. That may be difficult in especially busy places or at peak travel times, but do you really need to check your email or work on that presentation now?
3. Dim the screen on your device or get a privacy filter. If you are in a public place and can’t find privacy, this will make it more difficult for strangers to see what’s on your device.
4. Don’t discuss sensitive information in public areas. We’ve all heard the sales exec in the airport gate area loudly trying to close that deal. You’ve heard that, haven’t you? Recordings in public places are ubiquitous these days, so don’t say anything in a public area you wouldn’t want to see or hear on the internet.
5. Get a case to protect your devices. How many times did you crack your cellphone’s screen before you bought your first protective case? A sturdy case or a cushioned bag for your laptop or tablet can soften any blows if your device is dropped or protect it if something is spilled on it.
6. Bring a portable charger. Much like public Wi-Fi has been universally panned over security concerns, so have public charging stations like those at airports. Plugging in can download malware to your device, potentially opening you up for a hack of sensitive information. A portable charger could be the answer, but remember to make sure it has a full charge before hitting the road.
7. Consider alternatives to the public USB recharger. If you need to charge your phone, consider plugging the USB port into your laptop. It’s not optimal to top your phone to 100% power, but it should be enough to handle your immediate computing needs. You also can buy a data blocker for under $10, which, as the name implies, blocks the transfer of data from a charging station to a device.
8. Carry your own AC adapter. If you use your laptop in a dock, for example, you may not remember to bring the AC adapter with you when you travel. If you issue laptops and docks to your employees, spend a little extra for a second adapter they can keep in the laptop bag. And for those with only one AC adapter, keep it in your laptop bag when not in use. Same goes for any portable chargers or other devices you use at home/office and also on the road.

The post 8 Tips to Maintain Physical Data Security appeared first on Overwatch Cybertech.

The reliance of technology holds true in the business world, too. Few companies rely on physical spreadsheets and manual processes when technology can deliver a better user experience quickly and cheaply. We are accustomed to relying on third-party suppliers of, well, nearly everything. We don’t hail taxis anymore – we use an Uber or Lyft app. Hotels are passé, while Airbnb remains in vogue.

Companies of all sizes increasingly rely on managed service provider (MSPs) to remotely monitor and manage their IT infrastructure, from workstations and servers to network connectivity, firewalls and much more. Such an arrangement is often cheaper than employing staff directly and such arrangements are governed by service level agreements to support service quality, uptimes and response times for critical issues.

MSPs also should be providing cybersecurity, but finding (and affording) qualified cybersecurity staff has long been a challenge. That’s why MSPs rely on Overwatch Technology to provide a comprehensive artificial intelligence approach to scan networks and devices for anomalies in system behavior, including detection and prevention of viruses, malware, spyware and data breaches.

If you use an MSP to manage your network, Overwatch Technology could be hard at work behind the scenes, because some MSPs choose to hide their association with a third-party supplier. Other MSPs prefer that the association be out in the open. If the latter arrangement, an MSP client with a cybersecurity issue calls us directly.

Even if your company has its own in-house IT staff, is cybersecurity a specialty of anyone in that group? Cybersecurity is a highly specialized field, so much so that as many as 3.5 million cybersecurity jobs will go unfilled globally by 2021. The U.S. Bureau of Labor Statistics says that the cybersecurity field is expected to grow 32% between 2018-2028 versus a general job growth of just 5%.

Qualified cybersecurity professionals are as rare as hen’s teeth, so make sure that any MSP you use has qualified cybersecurity personnel on staff. Better yet, rely on Overwatch for all of your cybersecurity needs. We only hire the best and make sure that your company’s computing assets and network stay clear of viruses and malware.

That’s our promise to you.

The post Outsourced Cybersecurity for MSPs: We Can Do That appeared first on Overwatch Cybertech.

Sure enough, the device had two viruses on it that would allow full administrative access to the bank. We ran a scan on all devices connected to the bank network and locked all outside ports.

What did the report show? In addition to more than 250 viruses on every machine, a dark web search for bank employee email addresses found that 65 had been hacked, including details on the CFO. If my company had accounts there, I would have closed my accounts and run in the opposite direction.

Yes, it seems that cybercrime is everywhere and that dealing with issues is just part of the price for being in the business world. But certain industries have a much greater responsibility to keep data protected, and financial services ranks among the most regulated.

Here’s a sampling of the regulations that banks, credit unions and other institutions that handle money must adhere to:

• Bank Secrecy Act. This has been the primary anti-money laundering tool since its inception in 1970. The act got more teeth in the form of the USA Patriot Act, enacted following the Sept. 11 bombings that requires banks to verify the identities of those opening accounts.
• Fair and Accurate Credit Transactions Act (FACTA). Although its primary purpose is to improve the accuracy of credit reports and allow consumers one free report each year, the act has identity theft measures and requires security regarding the disposal of consumer information.
• Financial Crimes Enforcement Network (FinCEN). A bureau within the U.S. Treasury Department, the agency analyzes financial transactions to combat financial crimes.
• Gramm-Leach-Bliley Act. Passed in 1999, the act enforces rules regarding the security of personal financial information related to how financial institutions collect and protect such information.
• Office of Foreign Assets Control (OFAC). This organization maintains the Specially Designated Nationals List (SDN List), entities that U.S. businesses are forbidden to engage with financially.

Oh yeah, and there’s some global pandemic out there, which has roiled financial markets and left financial institutions struggling to make a profit amid record low-interest rates. At times like these, it’s no wonder that the bank manager lost sight into the well-being of her work laptop, but that’s not a risk that banks and credit unions should be taking.

Overwatch Technology can help banks and credit unions carry the burden of regulatory compliance without the high overhead associated with in-house IT staff. We find that banks often aren’t on top of compliance management, with written documentation in place regarding how an institution safeguards information and business associate agreements in place with vendors.

Technology and compliance management are required to truly keep data safe and customers protected. Fortunately, you can find both services at one place: Overwatch.

The post Banking IT Security Lapse Enough to Make One Cry appeared first on Overwatch Cybertech.

The Office of Inspector General (OIG), which is part of the U.S. Department of Health and Human Services, has identified seven basic elements considered fundamental to any compliance plan. Below you will find each step in OIG’s “The Seven Fundamental Elements of an Effective Compliance Program.”

Implementing written policies, procedures, and standards of conduct. Having a written plan is a foundational step in any compliance effort. Outline what should happen in the event of a data breach, an intruder, a misplaced laptop, and other likely scenarios for your business. Other potential issues to deal with include physical building security, how to handle visitors and vendors. Policies and procedures should be reviewed periodically and shared with employees.

Designating a compliance officer and compliance committee. Every business that handles PHI should have a compliance officer. Everyone should know who the compliance officer is, and that person should take the responsibility seriously. Fines have been levied at companies without compliance officers.

That person (or, ideally a group of people) should be responsible for day-to-day security issues. For example, users should log off computers when they leave—even for a minute. If patient data is displayed on an unsecured computer where visitors, vendors, or unauthorized users can access it, that is considered a breach.

Conducting effective training and education. Privacy and security issues should be part of new employee training, but smart companies require annual training for all employees on data privacy and security. It might be the same basic information year over year, but the reinforcement is critical to underscore the importance of keeping data safe.

Developing effective lines of communication. How does your company communicate security policies? In even the smallest offices, email security reminders and tips frequently to keep top-of-mind awareness among employees. These emails should come from the compliance officer and include that person’s contact information.

Conducting internal monitoring and auditing. Enforcing security policies daily might make you lose sight of the need for longer-term monitoring and auditing. However, both are important. Don’t overlook the physical security of your computing devices, your network, your firewall, and other computing components. A security system is only as strong as its weakest link, be it an employee who leaves a door unlocked or one who clicks on an email to release malware into your computer system.

Enforcing standards through well-publicized disciplinary guidelines. A major security lapse or intentional misuse of PHI should be a firing offense. While no one wants to take such drastic action, information privacy and security is that important. Depending on the severity of the infraction, consider a verbal warning for a first offense, a written warning on second offense, and termination for another lapse. 

Responding promptly to detected offenses and undertaking corrective action. While you hope never to put a data privacy and security plan into place, you must have one. The OIG looks for dynamic data security plans that get reviewed and tested, not those that sit on shelves. No company can anticipate every possible data security or privacy event, but proper and continual education goes a long way toward creating a security-first mindset among your employees and managers.

The post Healthcare Providers Should Take Protecting Patient Information Seriously appeared first on Overwatch Cybertech.

Any article on basic cybersecurity tips and advice inevitably focuses on habits to protect against external threats, which provides a necessary foundation. In that way, think of security as a moat, protecting assets from outsiders. 

However, not all security threats come from outside. A company’s workers can be threats as well, in incidents ranging from accidents to negligence to malicious behavior. Taking the medieval analogy further, think of insiders like the envious nephew who plots to steal the crown or the inattentive servant who leaves a critical door open at the wrong time.

A recent survey of IT leaders showed that 78% think employees have accidentally put data at risk in the last 12 months, and 75% believe workers have risked data intentionally. When asked about the impact of a breach, 41% indicated financial data would be the greatest impact area. Four in 10 employees from the same survey said they had accidentally leaked data because of a phishing attack, and one-third said they had caused a breach by sending information to the wrong person.

According to a 2019 breach report, nearly one-half of all breaches were caused by malicious or criminal attacks. And attacks cost companies more to remediate than system glitches or human error/negligence, about $30 more per record.

Finally, most companies are reactive, rather than proactive, in their detection capabilities. Only 29% of organizations said they successfully prevented an attack through proactive discovery, but they were successful less than 10% of the time.  

Any employee with network permissions can inadvertently delete or compromise data. Although this would be characterized as an accident, rather than malicious, the impact can be nearly as bad. Then there’s negligence. Sometimes employees violate security policies or best practices through well-intentioned, but harmful, actions or inattention.

Lastly, there are malicious insiders. The classic example is the fired employee who absconds with sensitive data to sell or who uses still-active login credentials to access and harm business accounts.

Single sign-on and multifactor authentication can go a long way toward keeping data safe. When properly configured, single sign-on validates authorized users to access company resources. If an employee quits or is terminated, deleting the sign-on cancels employee access to company systems.

Configuring single sign-on based on a user’s job title or area of authority can create additional barriers to protect company data. If you’re not in the Finance office, for example, you have no business being in general ledger files. If you are a manager, you may need more access to certain files than your direct reports.

Multifactor authentication takes security to the next level, requiring an additional step before allowing access to data.

Overwatch Technology can help businesses manage single sign-on and control data access. Even one incident can tarnish the reputation of a business and leave it open to federal, state or local scrutiny, depending on the industry.

Organizations should take insider threats into account when formulating security plans because any breach—regardless of the cause—is one too many.

The post Beware the Criminal (or Idiot) Within appeared first on Overwatch Cybertech.

Attorneys have a reputation for being Luddites, those who get dragged into the modern era
kicking and screaming. And results from the American Bar Association’s 2019 Cybersecurity
Report bears this out:

• Nearly 40% of respondents didn’t know whether their systems were protected from
  viruses and malware
•  36% had been infected
• 26% don’t know if they had been affected.

Firm that experienced infections reported downtime to deal with the incident (40%),
consulting fees and remediation (32%) and loss of network access (23%).

Regarding data breaches:

•  26% reported a breach
•     19% didn’t know
•     55% declined to answer the question

Not only is data security good business, it’s also codified in three Model Rules of
Professional Conduct and a Formal Opinion. Rule 1.1 regards “competent representation to a
client.” Comment 8 on the rule says an attorney should keep up with changes in the law and
its practice, “including the benefits and risks associated with relevant technology.”

Rule 1.4 regards client communication, which increasingly occurs through electronic means
that must be kept secure. Rule 1.6(c) is more explicit still: “A lawyer shall make reasonable
efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to,
information relating to the representation of a client.” A comment on this rule weighs
reasonable efforts versus the sensitivity of the information and the cost/difficulty of
employing safeguards. Few would argue that commonplace data security methods used in
other industries would represent either a difficulty or cost challenge.

• Finally, ABA Formal Opinion 477 says that attorneys may need to employ heightened
  security precautions when required by a client agreement or a law or when the nature of the
  information requires a higher degree of security. Seven factors to consider to determine the
  right level of cybersecurity include:
• Nature of potential threats
• How client confidential info is stored and sent
• Use of reasonable electronic security measures
• Protecting electronic communications
• Need to label client information as privileged and confidential
• Training for lawyers and nonlawyer assistants
• Due diligence on vendors who provide technology services

Whether you’re a sole practitioner or part of a 500-plus attorney law firm, keeping company
and client information secure should be a core competency. At Overwatch Technology,
helping law firms manage their technology assets and keep their data secure is one of our core

competencies. We help law firms large and small, providing top-notch security at a reasonable price.

What do you have to lose? Only your reputation and the trust of your clients.

The post Cybersecurity for Law Firms Is No Laughing Matter appeared first on Overwatch Cybertech.

The post ‘Don’t Be Stupid’ the First Rule of Cybersecurity appeared first on Overwatch Cybertech.

Does your automobile have a backup camera? Even before the National Highway Traffic Safety Administration mandated backup cameras in 2018, 97% of 2018 models already were compliant, compared to just 6% of models in 2006. It’s a great idea whose time had come.

So what about your business files? Are they properly backed up as part of a disaster recovery plan and a protection against ransomware? Although data security is as critical as vehicular safety, I’ll guess that much fewer than 97% of businesses are properly protected.

Every computer user should have a data backup plan, but it’s critical for business users. While you may have taken a break while sheltering at home, hackers did not. They are working 24/7/365 to access your data. Between February and April, cyberattacks aimed at financial institutions increased 238%.  

Should your data get hijacked, you may think about paying the ransom, but studies show that taking steps to restore or recreate your data costs one-half of what paying the ransom does. You may get your data back, but you may not. In any case, paying a ransom plus incurring remediation costs indicate that it’s cheaper to restore your data from a backup.

Overwatch can help devise a backup solution for your business and make recommendations on the best backup services.

For financial institutions, we recommend Datto. This backup is hardware-driven on premise or in the cloud. If an institution loses or employees are working from home, data can be accessed in the cloud. Two other backup vendors we’re keen on are Unitrends and Veeam. Unitrends is geared from the SMB to the enterprise with a variety of backup options. More than 80% of the Fortune 500 use Veeam, which has 375,000 customers.

The recommendation we make depends on many factors, including your industry type, the special data security/privacy needs of your industry, and your specific objectives. We constantly research vendors to discover the best ones that meet the needs of our clients.

Putting the possibility of ransomware aside, every business should have a comprehensive data backup plan as part of its security protocol. The backup rule of thumb is 3-2-1.  

You should have three copies or versions of company data. Most good backup systems make multiple copies, which will become important should you need to revert recordkeeping to a time period prior to an attack or a data loss.

This data should be stored in two different ways. For example, you could have two cloud copies from different time periods and a server backup. 

One copy of your data should be stored in an alternate location. If you backed up your data in your company’s server room and kept a hard-drive copy in your desk, for example, a fire would wipe out everything.

To recap, three copies, two different data types and one alternative location will go a long way toward safeguarding your data.

Contact Overwatch Technology for help determining what the best backup solutions are for your business. 

The post Backing Up Your Data a Smart Move to Thwart Ransomware appeared first on Overwatch Cybertech.