gone phishing

Understanding Cybersecurity Without Getting Technical

Understanding Cybersecurity Without Getting Technical

Tennessee’s Utility District Association (TAUD) is helping its members comply with the state comptroller’s cybersecurity regulations and helping UD’s maintain efficient operations for its customers across the state. Last week, general managers, office managers, board members and commissioners joined together in Gatlinburg, TN to learn best practices to run a successful utility district today.

Of course, this included several topics on cybersecurity and protecting customer data from malicious cyber criminals. One of the sessions was led by Zelvin Security’s Managing Partner, Lisa Atkinson who spoke to the Friday morning audience in a friendly, conversational, and educational tone about the complex topic of cybersecurity. Atkinson’s session focused on low cost, key cyber initiatives the districts can do to reduce risk and maintain operations for its members. The audience included more than 150 utility district managers, commissioners, and leaders who are actively taking steps to reduce cyber-risks.

Here is a recap of the session: Utility districts and other critical infrastructure are under attack from cyber thieves. Malicious hackers know that water, gas, and wastewater utilities are essential to communities, families, and the state. They also know that these departments are often small organizations with a minimum IT budget which makes them “target rich and resource poor.” The educational program began by uncovering the definition of cybersecurity, citing this is often the cornerstone of confusion.

The dictionary defines ‘cybersecurity’ as a noun which implies it is a person, a place, or a thing. But it is not something you can talk to, go, or hold in your hand. It is not a destination, but rather a journey.
Next, the audience learned that there is no such thing as a cybersecurity solution or protection against all threats. The audience looked at some marketing to see that businesses advertise that they offer “affordable” cybersecurity solutions, which is impossible.

Not all threats are preventable, however, there are several steps a utility district can take to harden the environment to reduce cyber risks.  

Provide Security Awareness Training

All employees should participate in an effective security awareness training program on a regular basis. Implementing prevention training brings awareness and helps the employees understand the importance of their role in protecting the organization from cyber threats.   This training should include information on the types of common attacks, such as smishing, phishing, and how to spot malicious or suspicious activity. This includes the best practices for reporting potential malicious activity, and what to do in an emergency.      

Use Complex Passwords

Implementing strict password and account management policies and practices involves setting guidelines for creating and maintaining secure passwords, as well as controlling access to sensitive information and systems. This can include requiring employees to use complex passwords that are regularly changed, utilizing two-factor authentication, and monitoring for suspicious login activity.   The session provided an example of a strong 12 character password like the one below and noted that it is complex because it contains multiple Latin characters and it is also not a dictionary work.  

To test the complexity of your password, use the following entropy calculator to measure its strength. https://zelvin.com/password-calculator/

Perform Company-Wide Security Assessments

The threat landscape is constantly changing, and new vulnerabilities are discovered regularly, which makes it necessary to conduct regular security assessments to uncover security weaknesses before a malicious hacker can. A company-wide security assessment is not something that an IT vendor or an internal employee can do. It requires the specialized skills of an ethical hacker, because this professional uses the same tools and techniques as a malicious hacker. This test is often referred to as a penetration test. It should be noted that to maximize the effectiveness of company-wide security assessments, they should be performed annually or when significant changes occur – not as a one-time event.  

The benefits of a penetration test include:

  • What could a hacker see, do, or steal if someone clicks on a phishing email?
  • Could a hacker reach important files or client data?
  • Could a hacker hold the organization for ransom?

Protecting the internal network is essential to reducing cyber-risks and it is no longer a checklist or a tool. It is an action that requires an ongoing effort, focus, and testing.   Asset Inventory An asset inventory is a detailed record of all the hardware, software, servers, and devices connected to an organization’s network. Here’s why it’s important. If the inventory doesn’t include all items, those forgotten items could be targets and access points for hackers.

During the conference, the audience learned that when an ancillary location, such as a water treatment facility, has digital assets that are not properly secured and routinely maintained for security, these devices could be an attack point and provide access to other areas of the network. The other areas could include the business office, the mechanical facilities, and systems that contain client records.   

Start Planning Today

By following these tips and performing regular penetration testing, organizations can reduce their risk of a cyber-attack. For more information on cybersecurity strategies to reduce risk, please schedule a no obligation call today!

Zelvin Security

IT Providers vs. Ethical Hackers  

In the diverse landscape of cybersecurity, two distinct yet collaborative providers play pivotal roles in defending your digital space: IT Providers and Ethical Hackers.   While their ultimate goal is to enhance the security posture of organizations, they approach the task…


Investing Wisely in 2024: Cybersecurity 

More digital tools = more cyber risks.  Does your organization use technology? Do you store client, employee, and confidential data?  Few can say no, as business are efficiently scaled using digital tools to automate operations, store data, and communicate internally…


7 Cybersecurity Strategies for 2024

The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers.  There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National…


Can you proactively secure your network with vulnerability scanners? 

39 Cybersecurity experts, including Zelvin Security’s President, Jeff Atkinson, took to LinkedIn to address the effectiveness of vulnerability scanners to proactively protect your network.   What is a vulnerability scanner?  These are software applications that scan a network for known vulnerabilities….


School District Data = Hacker Paychecks

Students looking at computers

K-12 Education Cybersecurity is increasingly more important for school district officials. Security is worth the investment.


What ETEC Members Need To Know About Cybersecurity 

As a proud supporter of the East Tennessee Economic Council (ETEC) community, Zelvin Security presents the following information as a guide to improve the cybersecurity programs of ETEC member organizations. One of the challenges all business leaders face is finding…


Zelvin Security at the Core

Describing the core values of Zelvin Security, a cybersecurity consulting firm

These are the core values that guide the daily work of Zelvin Security, a cybersecurity consulting firm.


The Cost of Ignoring Cyber Risks

Because securing digital assets is as important as locking an office door. Cybersecurity isn’t just a “nice-to-have" - It’s a must to keep your financial health and reputation intact.


How Much Do You Know About Third-Party Vendor Security?

The importance of third party vendor security

Strengthen the cybersecurity of third-party vendors to enhance your organizations security posture. Use the resources in this article as a starting point to implement proactive measures.


A CISO’s Guide to Cybersecurity Budgeting 

skyline with padlock overlay

How to Efficiently Allocate Cybersecurity Funds   The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise.  This means we have to…