Blog

ICYMI: Cyber Security 101

Last week, we were treated to a truly informative presentation and panel discussion!
On September 19, the Emergency Preparedness and Emerging Professionals Committees hosted the seminar, "Cyber Security 101". Over the course of the morning, our esteemed speakers --Chris Tallerico of MNetworks, Kellyn Wagner of NCRIC, Anthony Murrilo of AT&T, and FBI Agent John Cha-- shared their knowledge of the biggest cyber threats to buildings and companies, as well as how to protect against them.
 
Methods that Hackers May Use to Gain Access Include (in no particular order):
  • Social Engineering - manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.
    • This has happened in the past to people in high-ranking positions, who typically know better; they are typically contacted by phone or email asking initially for seemingly innocuous information before graduating to asking for something that will gain them access, such as screen-sharing.
    • The fact is, these attackers seem legit, and thus are able to manipulate their targets into granting access.
  • Phishing and Spear Phishing - emails purporting to be from reputable companies in order to induce individuals to reveal personal information
    • Classic example: The "Nigerian Prince" email
    • Spear phishing is targeting one specific, very important person within an organization in the scam
  • Hacking unpatched or outdated systems and software
    • especially BMS systems!
  • Baiting - occurs when victims are told they are downloading or running a piece of safe and legitimate content or advertising which is then switched (usually by way of a redirect) to something malicious
  • Stolen login credentials
    • Don't have your passwords on a post-it on your desk!
  • Cross Site Scripting - malicious scripts are injected into otherwise benign and trusted websites
What We Can Do
  • If you haven't already, implement a cyber security policy
  • Provide employees with security awareness training
  • Implement and update tech defenses
  • Perform vulnerability assessments
  • Document security patch management processes
  • Monitor, log and alert on any and all attempted intrusions
  • Reevalutate your public wifi
    • Due to the Digital Millennium Copyright Act, you're liable for any violations users commit on your wifi
    • The Communications Assistance to Law Enforcement Act requires telecommunications providers and equipment manufacturers to allow law enforcement agencies to intercept communications with a warrant. So, if law enforcement is intercepting communications on your network in pursuit of criminals, your company's and/or tenants' information can be compromised.
    • The speakers advise having a third party company manage your public wifi, and assume the inherent liability
  • Cyber liability insurance

Comments

There have been no comments made on this article. Why not be the first and add your own comment using the form below.

Leave a comment

Commenting is restricted to members only. Please login now to submit a comment.