ICYMI: Cyber Security 101
Last week, we were treated to a truly informative presentation and panel discussion!On September 19, the Emergency Preparedness and Emerging Professionals Committees hosted the seminar, "Cyber Security 101". Over the course of the morning, our esteemed speakers --Chris Tallerico of MNetworks, Kellyn Wagner of NCRIC, Anthony Murrilo of AT&T, and FBI Agent John Cha-- shared their knowledge of the biggest cyber threats to buildings and companies, as well as how to protect against them.
- Social Engineering - manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.
- This has happened in the past to people in high-ranking positions, who typically know better; they are typically contacted by phone or email asking initially for seemingly innocuous information before graduating to asking for something that will gain them access, such as screen-sharing.
- The fact is, these attackers seem legit, and thus are able to manipulate their targets into granting access.
- Phishing and Spear Phishing - emails purporting to be from reputable companies in order to induce individuals to reveal personal information
- Classic example: The "Nigerian Prince" email
- Spear phishing is targeting one specific, very important person within an organization in the scam
- Hacking unpatched or outdated systems and software
- especially BMS systems!
- Baiting - occurs when victims are told they are downloading or running a piece of safe and legitimate content or advertising which is then switched (usually by way of a redirect) to something malicious
- Stolen login credentials
- Don't have your passwords on a post-it on your desk!
- Cross Site Scripting - malicious scripts are injected into otherwise benign and trusted websites
- If you haven't already, implement a cyber security policy
- Provide employees with security awareness training
- Implement and update tech defenses
- Perform vulnerability assessments
- Document security patch management processes
- Monitor, log and alert on any and all attempted intrusions
- Reevalutate your public wifi
- Due to the Digital Millennium Copyright Act, you're liable for any violations users commit on your wifi
- The Communications Assistance to Law Enforcement Act requires telecommunications providers and equipment manufacturers to allow law enforcement agencies to intercept communications with a warrant. So, if law enforcement is intercepting communications on your network in pursuit of criminals, your company's and/or tenants' information can be compromised.
- The speakers advise having a third party company manage your public wifi, and assume the inherent liability
- Cyber liability insurance