Al Alper
This past October marked the 14th year of National Cyber Security Awareness Month (NCSAM), an initiative originated by the U.S. Department of Homeland Security and the National Cyber Security Alliance. NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources needed to stay safer and more secure online while also protecting their personal information.
While collaboration between government and the private sector is something that typically sparks a great deal of discussion and debate, the merits of this kind of cooperation against cyberthreats is something that is hard to argue against. Insurance agencies in particular (and other businesses that deal with safeguarding large amounts of personal data) can reap the benefits of this relationship and apply the resulting knowledge toward an overall improved cybersecurity posture.
Of all the areas for government and business to collaborate on, cybersecurity may be one of the most important. On one side, the federal government has formidable resources relative to the broader cyberthreat landscape seen around the world; businesses simply don’t have access to that intelligence or the tools used to gather and interpret it. That said, the government is not the organization best equipped to farm this data and use it to develop protective measures quickly and efficiently; the free market offers much better means of making sense of the data compiled and leveraging it to develop next generation tools.
Given these circumstances, collaboration makes sense.
Additionally, both sectors face the same types of threats from cybercriminals, albeit the philosophies behind the attacks might be different. While government is threatened by cyberattacks to infrastructure or government information, businesses are typically attacked to achieve financial gain. Either way, hackers are using the same tools and behaving similarly to carry out these assaults.
This public-private partnership allows businesses to inform government what the cybercriminals behaviors look like on a broader scale, including its nuances and targets; government, with its smaller attack vector, might not otherwise be able to recognize these patterns and its dangers. The private sector, on the other hand, can then benefit from the big data government gathers to mine and develop next-gen tools to ward off these newly realized attacks.
Protection For Small Businesses
Some of what has already been learned from this collaboration can and should be put into practice today, especially for smaller businesses like many insurance agencies. After all, in 2016 approximately half of the Internet attacks worldwide targeted firms with less than 250 employees. Believing that “you’re too small to be a victim” is a foolhardy philosophy.
Instead, insurance agencies and other small businesses should be implementing cybersecurity strategies that protect them against hackers. And contrary to what many business owners and executives might think is the biggest obstacle to good protection, many of these initiatives don’t cost a lot of money. In fact, simply putting policies and plans in place that promote a security-centric environment and following through on these with training and refreshers will go a long way toward potentially saving an agency money and time associated with recovering from a data hack.
One of the most basic steps organizations can take is requiring longer, more complex passwords. Employees who use something like their last name for the password (e.g., Lawson) are securing their data (and their agency’s network) with a lock that a sophisticated hacker can instantly break. Writing it backwards and you’ve only delayed them by a few hundred milliseconds. By adding in symbols and numbers – e.g. N0$w@l4 – an employee has now created a password that would take a hacker seven minutes to figure out. However, a simple sentence turns out to be a password that is easy to remember and hard to break: something like “Our Last name is Lawson” would take a hacker three septillion years to figure out!
That said, keeping the same password for months on end increases the chances for hackers to decipher a password. Requiring a 45-day password rotation helps to eliminate this likelihood, and adding this policy to other plans that support a secure environment – like 10-minute screen savers, individual logins, backup and disaster recovery plans, acceptable use and other similar efforts – and these simple steps add up to a much more secure operating environment.
Finally, continually emphasize an agency’s cybersecurity posture by training employees frequently. These efforts don’t have to be overwhelming – a quarterly review of policies, routine security announcements (that could be included in a staff meeting’s agenda, a message on a paystub or a popup when they log on in the morning), and perhaps incorporated as part of an employee’s annual review all add up to an environment where employees are always thinking about keeping their own data – and their agency’s data – safe.
The intersection of public and private sector efforts toward increased awareness about staying cybersecure and recognizing cyberattacks can offer a number of benefits to all involved, especially as cybercriminals become more sophisticated in their attacks. Initiatives that lead toward thwarting the efforts of hackers are something that everyone can unite behind.
Al Alper is CEO and founder of Wilton, Connecticut-based Absolute Logic and CyberGuard360. He may be reach at al.alper@absolutelogic.com or (855) 255-1550.
