gone phishing

Understanding Cybersecurity Without Getting Technical

Understanding Cybersecurity Without Getting Technical

Tennessee’s Utility District Association (TAUD) is helping its members comply with the state comptroller’s cybersecurity regulations and helping UD’s maintain efficient operations for its customers across the state.   Last week, general managers, office managers, board members and commissioners joined together in Gatlinburg, TN to learn best practices to run a successful utility district today. Of course, this included several topics on cybersecurity and protecting customer data from malicious cyber criminals.   One of the sessions was led by Zelvin Security’s Managing Partner, Lisa Atkinson who spoke to the Friday morning audience in a friendly, conversational, and educational tone about the complex topic of cybersecurity. Atkinson’s session focused on low cost, key cyber initiatives the districts can do to reduce risk and maintain operations for its members.   The audience included more than 150 utility district managers, commissioners, and leaders who are actively taking steps to reduce cyber-risks.   Here is a recap of the session: Utility districts and other critical infrastructure are under attack from cyber thieves. Malicious hackers know that water, gas, and wastewater utilities are essential to communities, families, and the state. They also know that these departments are often small organizations with a minimum IT budget which makes them “target rich and resource poor.”   The educational program began by uncovering the definition of cybersecurity, citing this is often the cornerstone of confusion. The dictionary defines ‘cybersecurity’ as a noun which implies it is a person, a place, or a thing. But it is not something you can talk to, go, or hold in your hand. It is not a destination, but rather a journey.
Next, the audience learned that there is no such thing as a cybersecurity solution or protection against all threats. The audience looked at some marketing to see that businesses advertise that they offer “affordable” cybersecurity solutions, which is impossible. All threats are not preventable, however, there are several steps a utility district can take to harden the environment to reduce cyber risks.  

Provide Security Awareness Training

All employees should participate in an effective security awareness training program on a regular basis. Implementing prevention training brings awareness and helps the employees understand the importance of their role in protecting the organization from cyber threats.   This training should include information on the types of common attacks, such as smishing, phishing, and how to spot malicious or suspicious activity. This includes the best practices for reporting potential malicious activity, and what to do in an emergency.      

Use Complex Passwords

Implementing strict password and account management policies and practices involves setting guidelines for creating and maintaining secure passwords, as well as controlling access to sensitive information and systems. This can include requiring employees to use complex passwords that are regularly changed, utilizing two-factor authentication, and monitoring for suspicious login activity.   The session provided an example of a strong 12 character password like the one below and noted that it is complex because it contains multiple Latin characters and it is also not a dictionary work.  

To test the complexity of your password, use the following entropy calculator to measure its strength. https://zelvin.com/password-calculator/

Perform Company-Wide Security Assessments

The threat landscape is constantly changing, and new vulnerabilities are discovered regularly, which makes it necessary to conduct regular security assessments to uncover security weaknesses before a malicious hacker can. A company-wide security assessment is not something that an IT vendor or an internal employee can do. It requires the specialized skills of an ethical hacker, because this professional uses the same tools and techniques as a malicious hacker. This test is often referred to as a penetration test.     It should be noted that to maximize the effectiveness of company-wide security assessments, they should be performed annually or when significant changes occur – not as a one-time event.   The benefits of a penetration test includes:

  • What could a hacker see, do, or steal if someone clicks on a phishing email?
  • Could a hacker reach important files or client data?
  • Could a hacker hold the organization for ransom?

  Protecting the internal network is essential to reducing cyber-risks and it is no longer a checklist or a tool. It is an action that requires an ongoing effort, focus, and testing.   Asset Inventory An asset inventory is a detailed record of all the hardware, software, servers, and devices connected to an organization’s network. Here’s why it’s important. If the inventory doesn’t include all items, those forgotten items could be targets and access points for hackers.
During the conference, the audience learned that when an ancillary location, such as a water treatment facility, has digital assets that are not properly secured and routinely maintained for security, these devices could be an attack point and provide access to other areas of the network. The other areas could include the business office, the mechanical facilities, and systems that contain client records.   

Start Planning Today

By following these tips and performing regular penetration testing, organizations can reduce their risk of a cyber-attack.   For more information on cybersecurity strategies to reduce risk, please schedule a no obligation call today!

Posted in

Zelvin Security

A CISO’s Guide to Cybersecurity Budgeting 

skyline with padlock overlay

How to Efficiently Allocate Cybersecurity Funds   The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise.  This means we have to…


Dangers of the Dark Web

dangers of the dark web

Dangers of The Dark Web: How to Reduce Your Risk    Navigating the Dark Webs: A Clear Guide  Beneath the familiar surface of the internet lies a hidden danger: the dark web. This platform poses serious risks to organizations, such…


Understanding Cybersecurity Without Getting Technical

Tennessee’s Utility District Association (TAUD) is helping its members comply with the state comptroller’s cybersecurity regulations and helping UD’s maintain efficient operations for its customers across the state.   Last week, general managers, office managers, board members and commissioners joined…


Protecting Your Digital Smile: The Importance of Continuous Security Testing

Continuous security testing is an essential component of an effective security strategy. In today’s digital landscape, organizations face a constant stream of potential threats and vulnerabilities that can put sensitive data and critical systems at risk. Without continuous security testing,…


10 Tips to Secure M365

M365 has many built in security features. Are you using them to the fullest extent? Join this webinar and learn how to Using the mindset of a malicious hacker, the Zelvin Security team identified a list of security tips CISOs…


School Districts: Data = Dollars


Hackers are focusing their attention on educational institutions more than ever before. This might sound like a waste of time, right? Why would someone want to hack a school district when there are other options that seem more logical, for…


Healthcare – A Top Target


It shouldn’t come as a surprise that the healthcare sector is one of the hackers’ favorite targets. And why wouldn’t it be? Patient data and hospital systems are highly valuable, making them perfect for demanding ransom. Any disruption in the…


ROI of Penetration Testing

You may already have a group of Information Technology professionals, and spend money on security tools to alert, detect, and quarantine security anomalies, so why would you even need to spend money on a penetration test? Well, just like any…