Cyber Safety Where You Work

8 Essential Tips to Boost Cyber Safety In and Out of the Office

Introduction:

In today’s digital age, cybersecurity is a paramount concern for organizations of all sizes. With employees increasingly working remotely, it’s imperative to implement robust measures to safeguard sensitive data. This comprehensive guide outlines eight essential tips to enhance your organization’s cyber safety, both in the office and when working remotely.

1. Strong, Unique Passwords and Multi-Factor Authentication:

  • Reinforce password security: According to Verizon’s 2020 Data Breach Investigations Report, 81% of data breaches involve weak or reused passwords.
  • Enable multi-factor authentication (MFA): Add an extra layer of protection by requiring multiple forms of verification.

2. Secure Your Wi-Fi Networks:

  • Protect home networks: Ensure routers have strong, unique passwords and use WPA3 encryption.
  • Secure office networks: Connect only to trusted, encrypted networks, especially for organizations handling sensitive data.

3. Stay Up-to-Date with Software Patches:

  • Mitigate vulnerabilities: Regular patching helps prevent exploits.
  • Research shows: The Ponemon Institute found 60% of data breaches could have been prevented with timely updates.

4. Be Wary of Phishing Scams:

  • Recognize phishing attempts: Be cautious of suspicious emails, links, and attachments.
  • Verify senders and avoid clicking on unknown links.
  • Stay informed: Proofpoint’s 2022 Threat Report indicates 83% of organizations faced phishing attacks in 2021.

5. Lock Devices When Unattended:

  • Prevent unauthorized access: A simple yet effective measure to safeguard data.

6. Use a VPN for Remote Access:

  • Encrypt your internet connection: Protect sensitive data from eavesdropping on public Wi-Fi.
  • Access company networks securely: Use your organization’s VPN for remote work.

7. Implement the Principle of Least Privilege (POLP):

  • Limit access to sensitive information: Grant employees only the necessary permissions.
  • Reduce the risk of insider threats and accidental data breaches.

8. Report Security Incidents Promptly:

  • Early detection is crucial: Train employees to recognize and report potential threats.
  • Minimize damage: IBM’s Cost of a Data Breach Report shows early detection can save over $1 million.

Conclusion:

By following these cybersecurity best practices, organizations can significantly reduce their risk of data breaches and other cyber threats. A proactive approach that involves strong passwords, secure networks, regular updates, employee awareness, and incident reporting is essential for safeguarding sensitive information in today’s digital landscape.

References:

Navigating Your ARPA Tech Project Before the 12/31/24 Deadline

The American Rescue Plan Act (ARPA) provided $350 billion in funding for state and local governments to aid in their recovery from the COVID-19 pandemic. This includes funds allocated for rebuilding public sector capacity, which encompasses technology infrastructure.

Here’s what you need to know:

  • Deadline: Governments must obligate the funds by December 31, 2024 and spend them by December 31, 2026. Don’t miss out!
  • Eligible Uses: You can use ARPA funds to purchase technology to address negative economic impacts, including:
    • Rebuilding public sector capacity by rehiring staff or investing in data analysis and technology infrastructure.
    • Implementing economic relief programs through tools that manage applications and reports.
  • Multi-year contracts: ARPA funds allow for multi-year contracts, giving you peace of mind for your project’s future.

HCH Enterprises can help:

  • Navigate ARPA guidelines: We can help you understand the rules and ensure your technology project aligns with eligible uses.
  • Develop a strategic plan: We work with you to craft a plan that demonstrates how technology addresses your specific challenges.
  • Implement the solution: We offer expertise and resources to ensure successful implementation and continued support.

Additional Resources:

How other cities are using their ARPA spend on technology

The National League of Cities, National Association of Counties, and Brookings Institution’s Brookings Metro program have teamed up to create an interactive dashboard that tracks how 152 municipalities are using this relief money. The dashboard allows you to see how cities are investing in a variety of areas, including funding for improving broadband internet access, cybersecurity measures, and tools to help government employees work remotely.

Don’t let this valuable opportunity pass by! Contact HCH today to discuss how we can help your organization leverage ARPA funds for technology solutions.

Grant Opportunity: Connect Your Community

By Chelsea Levesque, Director, Marketing and Communications, HCH Enterprises

In a groundbreaking move, the Broadband Equity, Access, and Deployment (BEAD) program has allocated a staggering $42.45 billion in grants to states, the District of Columbia, and territories. This monumental investment, a key component of the “Investing in America” agenda put forth by the Biden-Harris Administration, aims to provide affordable and reliable high-speed internet access to every American. By bridging the digital divide, this initiative, aptly named “Internet for All,” will reshape our digital landscape, unlocking new opportunities and enhancing competitiveness on a nationwide scale.

Today, high-speed internet is no longer a luxury but a necessity, indispensable for work, education, and healthcare. The “Internet for All” program will enable communities to connect, fostering economic growth and empowering individuals across the country.

Through the allocation of funds, states, the District of Columbia, and territories can establish grant programs specifically designed to deploy or upgrade broadband networks. This critical step ensures that affordable and dependable internet service becomes accessible to everyone.

For comprehensive information on funding allocations tailored to each state, as well as further details on the Biden Administration’s high-speed internet portfolio, we invite you to visit InternetForAll.gov. Stay tuned for the formal allocation notice, which Eligible Entities will receive on June 30, 2023.

At HCH, we are proud to be a part of this transformative initiative. Our organization champions equity and facilitates the grant process for communities. From acquisition to disbursement, we are dedicated to unlocking the full potential of our nation through the power of high-speed internet.

Join us on this journey as we pave the way towards a more connected and inclusive America. Together, we can harness the transformative power of high-speed internet, bringing us closer to a future where opportunities know no bounds.

#InternetForAll #NTIA #InvestingInAmerica #BroadbandEquity #PublicSectorConsulting #ConstituentsFirst #GrantHelp

SecureWorld Boston — Closing Thoughts

By Donald Borsay, Director of Security Solutions, HCH Enterprises

After a prolonged absence due to COVID-19 lockdowns and contract assignments, I was finally able to return to Boston’s Hynes Convention Center for SecureWorld Boston in late March. It was a great opportunity to reconnect with my New England peers, catch up on the latest products and best practices, and even share my thoughts on the next steps of threat intelligence.

I was reassured to see many of my long-lost friends on the speaker list and on the Advisory Council. One of my colleagues pointed out that I had spent two straight hours on the exhibit floor without moving, — as one longtime colleague departed another came. Each of us is busy working hard to tackle cyber risk.

I spent a significant amount of time on the exhibit floor or in special roundtable discussions within the Advisory Council. I learned a lot about the impact of artificial intelligence on cybersecurity and about the recent SEC rulings that may give the Board greater access to the chief information security officer (CISO). I also discovered new products and vendors that are ready to help in the battle for network security.

I had the privilege of leading a threat intelligence panel discussion on “The State of InfoSec Today.” The main takeaway: that with a clear vision, fewer false positives, and continued effort, we can eliminate threats. I offer special thanks to Katherine Chipdey and Jason Albuquerque for the answers and a packed, lively crowd that built upon the seed questions I offered. It takes a village!

When refining your InfoSec program, it’s important to consider how threat intelligence reveals your critical assets’ exposure. Also, be sure that asset vulnerability and remediation are equally prioritized within threat intelligence. If what you have lacks this clarity, seek the capability to add intelligence.

In the threat intelligence arena, it is important to derive both high-level strategic and operational information, as well as low-level technical and tactical information. The devil is in the evolving technical details, so it’s essential to integrate and transform other domains instead of creating threat management silos.

SecurityBeat: Culture Driven Cybersecurity

By Donald Borsay, Director of Security Solutions, HCH Enterprises

At HCH Enterprises, there is no one-size-fits-all approach to cybersecurity. While we all recognize the customs, arts, social institutions, and achievements framed within the culture of a particular country, we likely lack a perspective on cybersecurity. As digital transformation takes over every aspect of our lives, the core enabler remains people. HCH knows how to bring cybersecurity into the culture of your business.

According to ISACA’s The Business Model for Information Security, culture is the first factor that makes cybersecurity part of everything we do. Culture improves through a steady emergence of process.  Management recognizes the culture gap and supports incremental advancement.  According to the Security Cultures Report from Tessian, the proper security culture directly impacts employee behavior. 

The people also use technology directly and must have the skills to support their access and instincts to know when something is wrong.  These human factors of technology must be part of the plan. As a result, our People embrace the use of technology and operate it securely by applying their newfound awareness and skills and by following policy and procedure where appropriate.

Sounds good, right?  Unfortunately, 45% of users don’t know who to report a security incident to and only 30% of employees believe they play a personal role in cybersecurity. We have so much work ahead of us!

Delivering on the promise of cybersecurity can be a daunting task for high-risk startups, small businesses, and local government when faced with the typical one-size-fits-all toolbox persisted by other providers. HCH’s approach is purposefully tailored to fit your culture.  We will partner in your journey to a more mature cybersecurity posture.