This past year has been some of the most challenging times for individuals and companies. Many of us changed the way we conducted business overnight and had to settle into a ‘new normal’. Luckily, it appears as though the dust has settled, and we are getting back to the way things were before the pandemic.
Through these times it became even more apparent the importance of having good policies and procedures in place as well as having a good IT Security company to help navigate through the overnight changes to how business systems were accessed.
While these unprecedented times created challenges for all of us, it created opportunities for attackers and continues to do so.
There was a 424% increase in small business cyber breaches in 2020.
Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case? Most small businesses do not have layers of security in place to protect them, so attackers consider them low hanging fruit.
According to Verizon’s 2020 Data Breach Investigations Report, 28% of all cyber-attacks and data breaches in 2020 occurred in small businesses. Roughly 60% of all small businesses that are victims of a cyber-attack go out of business within six months.
As many of you are aware, the title industry remains in the attacker’s direct line of fire. We have seen an increase in wire fraud through email breaches and phishing emails as well as an increase in ransomware. We have also seen an increase in title agents being held accountable for these breaches by lenders and their clients. The best line of defense is to maintain an up to date and followed Information Security Program as defined by ALTA’s Best Practices.
The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.
Implementing a network firewall with Intrusion Detection and Prevention capabilities (IDS/IPS) is crucial. A firewall protects your network from malicious traffic and an IDS/IPS properly monitored can stop an attacker in their tracks. Unmanaged systems do not provide adequate security. Attackers are working around the clock and so should your security.
Performing regular network vulnerability testing, internally and externally, can identify risks giving you the opportunity to remediate before being hacked. Many of the common vulnerabilities identified include legacy or otherwise unsupported operating systems, poor patch management, and exposed systems.
It is essential that workstations, servers, and laptops are updated and patched on a regular basis. The WannaCry ransomware attack quickly infected 150 countries and targeted computers that were unpatched. It is important that not only Microsoft updates/patches are consistently applied but also third-party software such as Adobe, JAVA, and Anti-Virus programs need to be maintained. There are managed systems available to ease administration and ensure timely and consistent updating/patching occurs.
Having a backup and understanding where your data is stored is critical. There are several backup scenarios available. Whichever scenario fits your business the important factors remain the same: Make sure your data is in a secure location, is encrypted during transit and storage, and regularly test that the data can be restored. You do not want to be in the position where your back up is needed and find that hardware is not available, the time to recover is days or weeks longer than expected, or it will not restore properly. Consider keeping backups of your backups.
Security Policies and Procedures
With the ongoing concern about keeping business and client data safe it is vital to have security policies and procedures in place. Employees need to understand what is expected of them and be given the proper tools and technology to safeguard business and client data. For many businesses writing security policies and procedures can seem like a daunting task. There is no reason why you cannot start small and add to them. One simple yet very important policy is a password policy. According to Verizon’s 2020 Data Breach Investigations Report, 81% of hacking-related breaches leveraged either a stolen and/or weak password. Every password can be hacked it is just a matter of how much time it takes. A basic 7-character password consisting of lower-case letters can be cracked in seconds. The longer and more complex a password is the longer it takes to crack. Make it difficult for the hackers and they will move onto lower hanging fruit.
ALTA announced at the end of last year that they have added a requirement, effective January 2020, to the ALTA Best Practices for multi-factor authentication (MFA) to be enabled on all remotely hosted or remotely accessible systems storing, transmitting, or transferring non-public personal information. Multi-factor authentication provides another layer of security as it requires a code to be put in when you are logging into a system or email from a different location. In the event an attacker is trying to log into your systems or email you will be sent a notification with a code that someone is accessing your systems from a different location. Without this code the attacker will not be successful, giving you time to go in and change your password and make sure your systems are secure. This announcement from ALTA shows that the Best Practices are not going anywhere and are more important than ever.
Security Awareness Training
Security Awareness Training, which is a required layer of security, is the missing link across many small businesses. All the previously mentioned layers of security can be implemented, however, if your employees are not trained on how to recognize and handle everyday security risks your business is still at serious risk. Employees are the number one target of attackers who expect they have not been given the necessary training and tools. One of the main problems the title industry is facing now are phishing emails. Implementing a comprehensive and ongoing Security Awareness Training program is your best line of defense against these attacks. Educate and empower your employees; everyone is part of the security team!
It is very important that small businesses take pro-active approaches to IT security. Avoiding the necessary steps is only going to increase your chances of falling victim to an attack. Implementing and maintaining the proper layers of security can be complex and requires knowledge of the ever-changing landscape of the IT security world. When choosing a company to assist your business, it is important to choose a company with proven expertise in IT security. Cybersecurity threats are continuing to rise, now is the time to take action to protect your business and client data!
How SME Can Help
SME has been working with businesses in the title industry for several years, and our team of professionals not only understands the industry, but all the risks that the industry faces. The importance of protecting the information of customers is crucial for the title industry. Title Agents are expected to meet the ALTA (American Land Title Association) Best Practices to the protect non-public personal information of their customers. To find out more about our compliance solutions, or any other IT/security related questions, please give us a call at 703-378-4110 or email firstname.lastname@example.org.
Melissa Ellis, VP/CFO
Melissa Ellis is a co-owner of Systems Management Enterprises, Inc. (SME). SME is a Virginia based Information Technology and Security Company providing data center services, managed security, compliance solutions, and technical support to businesses nationwide.
Melissa has worked with businesses in the financial, medical, and professional services industries in a support and training role. Over the last several years she has specifically worked within these industries on compliance initiatives and provided security awareness training. Melissa’s background includes studying Criminal Justice at Radford University and obtaining a better understanding of compliance by becoming a CHP. Melissa is passionate about educating businesses on how they can put the necessary layers of protection in place to safeguard their data.