The Pulse Blog

Cybersecurity Awareness Month is an annual event held in October to educate and inform the public about the importance of cybersecurity and how to stay safe online. It is a time for businesses and individuals alike to take stock of their security posture and identify areas where improvement is needed.

Cybersecurity is more important than ever. Cyberattacks are becoming increasingly sophisticated and common, and businesses of all sizes are at risk.

Pulse Technology recommends taking these steps to beef up your cybersecurity

1. Educate and regularly train employees on cybersecurity best practices. This includes teaching employees about common cyber threats, such as phishing, malware, and ransomware, as well as how to identify and report them. It is also a good idea to introduce and enforce a Bring Your Own Device (BYOD) policy. 
   
   
2. Review security policies and procedures. Businesses should ensure their security policies are updated at least once a year. However, you can update it more frequently depending on changes within your business. Businesses should also test their security procedures on a yearly basis to ensure that they are effective. Your frequency may be different depending on compliance rules and your specific business needs.
   
   
3. Update software and systems. Businesses need to make sure to update all software and systems on a regular basis. This includes operating systems, security software, and applications. Software updates often include security patches that can help to protect businesses from known vulnerabilities. The frequency of updates will depend on what you are updating and when patches are being pushed out by the company.
   
   
4. Implement security controls. Businesses should implement security controls, such as firewalls, intrusion detection systems, and access control systems, to protect their data and systems from cyberattacks.
   
   
5. Back up data regularly. Businesses should back up their data on a regular basis and store the backups in a secure location. This will help to ensure that businesses can recover their data if it is lost or corrupted due to a cyberattack. We recommend following the 3-2-1 rule when backing up and storing your data.
   
   
6. Use multi-factor authentication (MFA) for all accounts, including email, social media, and financial accounts. MFA is a method by which a user is required to use two or more verification factors to access an account. This could be a username and password AND a PIN that is texted to you.
   
   
7. Create strong passwords that are at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols. Require employees to follow these strong password rules as well.
   
   
8. Have a Cybersecurity Emergency Response Plan (CERP) in place in case you do become the victim of a cyberattack. This plan should include steps for containing the incident, investigating the cause, and recovering from the incident. Learn how to create a CERP.
   
   
   

Common Cyber-Attacks Affecting Small to Medium-Sized Businesses

1. Ransomware attacks: These are a type of cyberattack in which attackers encrypt a victim's data and demand a ransom payment in exchange for the decryption key. Ransomware attacks have become increasingly common in recent years, and small to medium-sized businesses are often targeted because they may not have the same level of security as larger businesses. Learn more about ransomware double extortion.
   
   
2. Phishing attacks: Phishing attacks are a type of cyberattack in which attackers send fraudulent emails or text messages that appear to be from a legitimate source. These emails or text messages often contain links or attachments that, when clicked, can install malware on the victim's device or steal their personal information. Learn how to spot phishing emails.
   
   
3. Supply chain attacks: Supply chain attacks are a type of cyberattack in which attackers target a company's suppliers or vendors in order to gain access to the company's data or systems. Supply chain attacks can be very difficult to detect and prevent, and they have become increasingly common in recent years. Supply chain attacks are similar to island hopping attacks.

New cybersecurity compliance rules enacted in 2023

• Financial Services
  • SEC Cybersecurity Rules: These rules require public companies to disclose information about their cybersecurity risk management, strategy, governance, and incidents. The rules went into effect on September 6, 2023.
• Healthcare
  • Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule: This rule updates and expands the HIPAA Privacy and Security Rules. The rule went into effect on March 26, 2023.
• Education
  • Family Educational Rights and Privacy Act (FERPA): This law protects the privacy of student education records. FERPA requires schools to obtain parental consent before disclosing student education records to third parties.
• Online/E-commerce
  • Children's Online Privacy Protection Act (COPPA): This law protects the privacy of children under the age of 13 online. COPPA requires websites and online services to obtain parental consent before collecting or using personal information from children under the age of 13.

Cybersecurity is a critical issue for all businesses, regardless of size or industry. By following Pulse Technology's recommendations, businesses can beef up their cybersecurity and protect their data and systems from cyberattacks.