A PERSONAL NOTE
By amending the Data Breach Law, Massachusetts is increasing protection of their residents personal information. This law requires businesses to expand their WISPs (Written Information Security Plan) to include a detailed ‘incident response process’.
In the April issue of our security update, I wrote about the three things you cannot avoid – death, taxes and now cybercrime/data breach. I found the new state requirements as another confirmation of such by saying, “You are going to have cyber security incidents, you need to handle them properly.”
I find two camps when dealing with cyber security – the ones who believe it is important but fail to change their behavior, and those who do change. Unfortunately, a very large percentage of people do not change. They may have great intentions, but it never happens.
It is easy to say, why bother, we all have to deal with it anyway. There is a little truth to that, but how an incident negatively impacts you is what this is all about. Many businesses will be held hostage this year. Those who have not prepared will have no option but to be victimized because they failed to change, whereas others will be hit and it will only be a short nuisance with minor financial impact.
KNOW YOUR ENEMY!
We all know that cyber security is a concern, but until we know the details, it is really hard to understand how it can destroy us. Most of the time we learn more than we want to because we have been breached. Starting this month we have added this section to provide a definition or two of key cyber security terms and concepts.
The more educated we all are, the better decisions we make:
Exploits are programs or a piece of computer code that takes advantage of a security flaw in an application or system.
Known exploits are “errors” in software/hardware that have been identified. They are publicly documented but have not been resolved yet. To protect yourself you will need a solution that overcomes that failure of the software/hardware.
Zero Day Exploits
A cyber attack on a software or hardware vulnerability before they are known by the producer. These kinds of exploits are particularly dangerous because a user’s security can be breached even when using fully updated software.
LEGAL CHANGE! – Massachusetts companies need to update their WISPs with more documentation and structure around the “Incident Response Process”. Is your WISP in compliance?
Instagram Breach! – another great example why you should always use strong unique passwords. Unique means each account you have has a unique password. That way, when someone gets breached, it will not unlock access to your other sites.
The State of Massachusetts is putting over 1/2 Billion to improve its technology. A very large portion of that amount is earmarked for cyber security.