On Monday, May 7th, Equifax submitted Equifax’s Statement for the Record Regarding the Extent of the Cybersecurity Incident Announced on September 7th, 2017 to the Securities and Exchange Commission. They divulged that names, social security numbers, birth dates, addresses, and some drivers license numbers, were all publicly exposed impacting almost 150 million people during their consumer data breach last year. This enormous attack is not the first, nor the biggest data theft we’ve seen in the 21st century, and unfortunately, it will not be the last. Companies such as Yahoo, eBay, and Target have all been victims of cybersecurity attacks within the last 5 years. Leaving many of us to wonder, if billion-dollar organizations who can pay for the best security in the world, are not safe, who is?
In the association space, cybersecurity is at the forefront of everyone’s minds. Not only do associations have to think about the security of their organizations and employees, but they need to focus on the protection of their many members as well.
Two types of cybersecurity attacks being seen at the corporate level are phishing and ransomware. Phishing is the practice of trying to obtain personal information using false or deceptive emails and websites. Ransomware is a type of malicious software that, upon gaining access and taking over your computer, threatens you, usually by denying access to your own data. The attacker will then demand a ransom from the victim to restore access once payment is received.
Knowbe4, a security awareness training and simulated phishing platform, sponsored an Osterman Research White Paper in September of 2016, titled, Best Practices for Dealing with Phishing and Ransomware. Within this paper, findings show that not only are phishing and ransomware getting worse but “for many organizations, key security solutions are either not improving over time or their performance is actually deteriorating.”
In a research study done by ASAE in partnership with SCIPP, titled Association Data Breach Preparedness, they set out “to explore how associations are preparing for cyber attacks, and to describe the processes and actions that can help them improve their defenses.” In their conclusions, they found that CEO’s and CIO’s consider an attack virtually inevitable. Their studies also found “that many associations do not have sufficient security in place, and may not have a plan to effectively manage a future breach.” Many association leaders claimed they found the process of improving security “daunting, preventing them from actively taking these steps.”
In Knowbe4’s white paper they assure that “There are a variety of best practices that organizations should follow in order to minimize their potential for becoming victims of phishing and ransomware.” And many of them are simple, easily obtainable, and something that every association can implement.
First and foremost, associations need to understand the risks they face. “Decision makers must understand that they face threats across all of their communication and collaboration systems.” Being knowledgeable on these issues will assist in leading to cyber-attack prevention and minimizing security risks. They also signify the importance of developing detailed policies when it comes to email, website, social media and other digital tools and keeping all systems up to date. Make sure your organizations have backups on all data. Not only is this good business practice, but it creates a safety net when recovering from a ransomware attack, for a quick bounce back. A large focus for organizations should be user behavior and implementing best practices. This includes enforcing strong passwords, applying robust security awareness training, maintaining anti-malware defenses, and making sure there are policies in place for when sensitive information needs to be transferred or communicated.
Knowbe4’s white paper makes it very clear, “phishing and ransomware are very serious threats that can cause enormous damage to an organization’s finances, data assets, and reputation.” However, associations don’t need to sit back and wait. There are actions that can be taken to reduce the chances of an attack and alleviate the effects of one.
Visit https://info.knowbe4.com/whitepaper-osterman-bp-phishing-16 to download Knowbe4’s white paper in its entirety. You can also visit their resources page at https://www.knowbe4.com/resources for a wide range of free tools, white papers, and more.