Your Email Was Hacked…Now What?
It’s Cyber Security Awareness Month!
In the last few weeks several people mentioned they were hacked: both personal and work email. I wanted to share few tips that could not only prevent this from occurring, but help you respond to it.
When this happens, the first question I usually get is: how did this happen? The truth is it can happen in multiple ways: a compromised website link, another affected email account within your network at work, public Wi-Fi network, or your phone was compromised. It’s typically hard to pin down exactly.
Here are 3 top prevention tips:
- When you change your password (try to have at least 18 characters).
- Complete the latest security updates on your computer (and phone) when prompted.
- Try to not use public Wi-Fi networks.
What to do after your email is hacked:
- Check any related accounts (for example, if you have a PayPal account connected to your compromised account, or the company bank account linked to that email account).
- Continue to be weary of links on emails, even if it comes from trusted source.
- Have your IT team scan for malware.
- You will want to let your IT team know in case another company account or network is affected.
YOU’VE BEEN HACKED: HOW DOES YOUR FIRM RECOVER?
I was honored to be feature in this ACEDS article. Please see the full article below.
This week, intelligence agencies have told the White House they now have “high confidence” that the Russian government was behind the theft of emails and documents from the Democratic National Committee. The breach was a high-profile embarrassment for the organization, forcing DNC chair Debbie Wasserman Schultz to resign. But it is only the latest sign that many organizations are vulnerable to a data breach.
Recovering from a data breach is a technical question. But it is also an ethical, practical question. For example, what is your duty to make your clients whole? How do you repair your reputation? And how can a law firm or business protect against financial losses following a hack? … Click here for full article.
ESRM Security Philosophy: A View from the Top
It was great to hear security industry thought leader Brian Allen, Chief Security Officer at Time Warner, and his colleague Rachelle Loyear, Director of Operational Business Continuity Management, discuss Enterprise Security Risk Management (ESRM) at the Spring ASIS International Conference in New York City.
The philosophy of Enterprise Security Risk Management, an integrated model, can address important concerns for private sector entities when it comes to communication and role clarity challenges. This is no small matter. Integration of this process into company culture will help make companies, particularly large companies, be more nimble and agile in responding to organizational threats. Allen and Loyear discussed their partnership, and philosophy, in managing through a crisis within their respective roles.
Key takeaways from the discussion:
- When managing through a crisis understand the business issue you are trying to solve (technology, customer, financial).
- When an incident occurs, which members of your enterprise team are at the table and what does ongoing, sustained communication look like with business partners?
- Small controllable table-top exercises are a good way to bridge gaps and build a crisis management team. Know the difference between an incident and a crisis. Also, know when to get your Cyber Response Team involved or when to elevate the concern to your Executive Cyber Response Team.
- Security awareness programs are needed in all organizations large and small.
- Have a “considerations checklist” versus just an execution or incident response plan checklist. Think about the most important considerations for your business when responding to a crisis (cyber, natural disaster, active shooter). This allows more flexibly in responding to an incident in a world where we can’t plan for everything.
Essentially, the security leader’s role in managing a crisis is the same in any crisis management concern. This is a simple statement, with many nuances, when it comes to managing a data or cyber crisis.
Jessica Robinson, is a writer and Founder & CEO of PurePoint International. She has worked with a top 40 company and with the 2015 US Open. As a security & risk management expert and outsourced CSO (Chief Security Officer), she advises and consults with small and medium sized businesses on cyber prevention and response. Learn more at www.the-purepoint.com.
Law Firms and Cyber Breaches: Three Things to Know
I was honored and thankful to speak at the ACEDS Conference. It was a wonderful opportunity to learn the deeper security challenges to companies and to share my insights of working with small and medium sized businesses in bridging the gap between physical & cyber concerns.
What to consider:
1. Almost 80% data breaches arise from internal staff – train your staff.
2. Law firms have to be part of the cyber solution. (i.e, Panama Papers). Know the threat landscape for your industry.
3. How are you collaborating with internal and externals partners (IT, Managing Director, computer forensics experts, and other stakeholders).
Stay tuned for my upcoming article detailing what law firms need to know to prevent breaches.
Jessica Robinson, is a writer and Founder & CEO of PurePoint International. She has worked with a top 40 company and with the 2015 US Open. As a security & risk management expert and outsourced CSO (Chief Security Officer), she advises and consults with small and medium sized businesses on cyber prevention and response. Learn more at www.the-purepoint.com