nesae eNews
Facebook Twitter LinkedIn

Cyber Attacks – Is Your Association Prepared?

Print Print this Article | Send to Colleague

By Pam McKenna, CAE 
 
I recently had the opportunity to hear Former White House CIO, cybersecurity authority, and expert on identity theft and the Internet of Things Theresa Payton deliver a session at an ASAE meeting. 

Marketing databases, customer analytics, open source intelligence, and behavioral patterns are easier to manage with big data – but are these data elements safe from hackers? What is the impact of new technologies, from Pokémon GO to the Internet of Things? During this session, Payton explained how to harness big data to achieve business goals while incorporating safeguards to fight cybercriminals and how the Internet of Things may be the driver of global change. 
 
Here’s what I learned:
  • 95 percent of the last two years’ worth of data breaches were due to human error;
  • 78 percent of cyber attacks start with the attacker tricking the recipient; and 
  • Everything connected to the internet can be commoditized, compromised and sold.
With these statistics in mind, what should you do? 

1. Do some homework.
  • What are your association’s two most critical assets? Your answer to this question will tell you what you should be insuring
  • You can’t protect all of your digital assets and they don’t all have the same value.
2. Segment it to save it.
  • Theresa separated the president’s network into five different networks.
  • Save differently – have non-public facing domain names (and non-public facing e-mail accounts).
  • Be sure to have a guest network in place at your organization – including for any "smart" equipment and appliances you use.
  • Once a quarter, practice digital disasters – what’s your greatest nightmare?
Yahoo had a major cyber-attack in September – more than 500 million accounts were hacked. Did you know that if you’ve ever had a Yahoo account, all those security questions and answers have been stolen? Change them.

3. Are you still using XP?  
  • Get rid of it!  
  • There are no security patches.
4. Say no to free Wi-Fi. 
  • The provider of the free Wi-Fi can spy on you the whole time that you are using their network.
  • You’re downloading malware.
5. Assess your cloud services provider.  
  • Look for resiliency, reliability, scalability and security.  
  • You need a prenup with your cloud services provider. Negotiate up front, and ask about the cost to get your data back. 
  • The clock starts ticking when data is stolen, not when you find out about it. Many contracts say you’ll be notified in a "reasonable amount of time." If there is an incident, when will you be notified? Get specific timelines.  
6. Understand your cyber liability insurance.
  • In the event of hack, what do you pay for?
 

Back to nesae eNews

Share Share on Facebook Share on Twitter Share on LinkedIn