At Hash Labs and Coro, cybersecurity is our highest priority.
October was Cybersecurity Awareness Month, but we think cybersecurity awareness should be maintained throughout the year. Cyber threats and cybersecurity defense / counter-measures are constantly evolving. In the coming weeks, we will be posting about cybersecurity– from the basics to quantum computing. Our goal is to provide relevant and timely information.
Adobe, Inc., Capital One, Facebook (twice), Zynga, Quest Diagnostics are just a few of the companies that experienced major cybersecurity breaches this year. There have been nearly two dozen breaches in total. This past January, Collection #1 was posted to the dark web– it contained more than 773 million unique emails and 21 million unique passwords.
Just about everything we do involves the internet, from online banking and education to ordering DNA tests, to purchasing groceries to playing video games, etc. It is critically important to realize the importance of cybersecurity and be aware of the risks involved.
Here are 3 basic things everyone should know about cybersecurity:
The biggest challenge to the future of IT is cybersecurity.
IT and the Internet of Things (IoT) is a simple enough concept to understand. It is how people communicate with machines, and with one another through machines as well as how machines communicate with one another. There are inherent risks associated with machine communication, 70% of our most commonly used devices contain security vulnerabilities, as Ernst & Young Global reports.
The larger problem is the PEOPLE using these machines.
We rely heavily on computers, software, hardware, networks, etc. Sometimes, we are passing along critical information. Cybersecurity can be threatened when we are not careful with how we are using these tools.
For example, a government employee may leave their laptop with classified information exposed in public. An employee may use public Wi-Fi to check their work email or have weak passwords for account login. Those are unintentionally careless scenarios. However, targeted threats such as shoulder surfing, phishing, card skimming, are malicious attacks and prey on those that are vulnerable or careless.
Companies must remain vigilant about cybersecurity and work to ensure that their employees are compliant with best-use practices. One such practice is SOC 2 compliance. SOC is an independent, 3rd party auditing system that was developed by the American Institute of CPAs (AICPA). SOC is based on the principles of security, availability, processing integrity, confidentiality, and privacy.
In 2014 the AICPA established the higher SOC 2 certification standard. It is specifically designed for service providers storing customer data in the cloud. That means SOC 2 applies to every SaaS company, as well as any company that uses the cloud to store its customers’ information. Now, any company storing customer data in the cloud must meet SOC 2 requirements in order to minimize risk and exposure to that data. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements. As companies increasingly leverage the cloud to store customer data, SOC 2 compliance is becoming a necessity for a wide variety of organizations.
Rest assured, we completed our SOC 2 audit in and received our certification during Q1 of this year.
The biggest challenges to cybersecurity right now:
Some of the biggest threats to cybersecurity are social engineering, supply chain, and mobile authentication.
Social Engineering – Cybercriminals use AI to scan social media accounts of employees who may inadvertently post sensitive company information. It is important to guard against employees posting anything sensitive on social media that could be used in scamming or phishing attacks.
Supply Chain – An organization’s cybersecurity may be best in class, but what about the vendors you work with? Another line of attack many organizations are falling victim to is the targeting of less secure elements within a company’s supply chain. It is important that your vendors also have their own SOC certification. At a minimum, you must ensure all vendors operate their IT and data security on a basis that is SOC compliant.
Identity & Mobile Authentication – We are all connected to the internet, across multiple devices. Because our personal information is more frequently stored on the cloud, a strong password may not be sufficient. Continue using strong passwords, but also limit the use of free/public Wi-Fi networks. Remain mindful of the information you are exposing to public Wi-Fi, and consider multi-factor authentication. This type of security system uses two or more factors: a password, security token and/or biometrics.
At Hash Labs and Coro, we focused on cybersecurity threats and challenges on day one. We established our business strategy and IT infrastructure on a strong cybersecurity foundation.
Chief Information Security Officers (CISOs) are critical positions. As Fortinet says in its recent article, The CISO and Cybersecurity: A Report on Current Priorities and Challenges, “CISOs can no longer afford to simply be technologists, but rather must become drivers of business strategy.” A CISO should be included in shaping business continuity, compliance and risk assessment.
Much of the information out there regarding cybersecurity comes from large corporations, but it is just as important for small businesses and startups. In fact, these companies may be even more vulnerable, due to the lack of resources, the over-reliance on manual security measures and the complexity of cybersecurity.
Cybersecurity is also a part of underlying technology architecture that needs to start from the top down. Security should not be the focus of IT alone, but should also become a focus of senior executives. CISOs should work in tandem with the C-suite so that security measures don’t thwart company growth, and throughout that growth (and on-going) weaknesses or vulnerabilities in cyber defense systems are addressed.
Security is Hash Labs’ top priority!
We are acutely aware of how interwoven cybersecurity must be in every level of our company, from employee training in security measures to a CISO and business leaders whose security measures and business informs one another.
Having already achieved our SOC 2 Type I Certification, we look forward to receiving SOC 2 Type II Certification in Q1 of 2020. This is the most coveted – and hardest to maintain – information security certifications. It validates adherence to security measures and guidelines at every level of an organization.
Stay tuned for our next news alert.
We will be talking about cybersecurity issues in the fintech/banking space.