Hopefully most of us know that Software Patching is a key element in ensuring our devices are secure, with Patch Management being one of Cyber Essentials five technical controls. With the majority of vendors automating this, you’d think it would be a no brainer! But I’ve recently noticed that many of the millennial cohort are too busy to allow updates time to install. And it’s not a MAC or PC specific problem, this also applies to mobiles.
I recently discovered several devices in daily use to be more than two years out of date! With remote working becoming the new normal, this really worries me. Am I alone? How do we encourage the general public to accept updates rather than simply ignoring them? Let me know your thoughts. Any wisdom is gratefully received!
The Foundations of a Cyber-Secure Supply Chain – Guest Post.
More and more people are buying into cybersecurity. As we mentioned in Chris Windley’s article on small businesses partnering up with MSP to help them with their cybersecurity concerns, the number of our MSP partners has increased from two partners to around 30 within the last year.
These numbers are expected to go up as many industries across the globe shift to a work from home setup. CNN details that the global pandemic has disrupted everyone from small market vendors to big businesses that have been forced to adapt to new working environments.
And while the adjustments to working from home present its own challenges, one can’t overlook the increasing importance of cybersecurity. This is especially true for industries that are common targets of cyberattacks. Threat Report details that half of all cyberattacks were aimed at supply chains back in 2019. Considering that supply chains have already been hindered by the pandemic, they warrant a closer look. If you want to learn more about what you can do to address this issue, read on for the foundations of a cyber-secure supply chain!
Know the Risks
Now, you have to familiarise yourself with the most common threats to get a good grasp on cybersecurity for supply chains. One common issue that comes up when discussing cybersecurity and supply chains is how normal devices can become threat vectors. This is due to the rise of the Internet of Things (IoT). Verizon Connect describes how GPS tracking is essential in monitoring supply chains. This has vastly improved supply chains from an efficiency standpoint. Supply Chain Beyond details that IoT devices allow for better monitoring and inventory management to help prevent and predict device failure.
However, this has the potential to be abused by hackers as a way to get into your system and turn what was originally a good thing against you. This is why the first thing you have to do is to ensure that all IoT devices have been thoroughly checked with encryption implemented at all points in the IoT ecosystem.
No Third Party Breaches
Another thing you have to be wary of is third party breaches. Dark Reading highlights that back in 2018 nearly 60% of data breaches stemmed from a third party. This is a serious issue as SMBs don’t always have sufficient resources to manage their third-party relationships to prevent these types of breaches from happening.
With that being said there are some things you can do to protect yourself from this problem. One simple fix is to rigorously screen all third parties and ensure that they meet specific security standards that you’ve set. This way the burden to protect your data isn’t solely on your shoulders. If you’ve got the resources to spare, you can also make use of a third-party audit just to make sure that your partners are compliant with your security standards.
Train Your Team
Lastly, one of the best things you can do to protect yourself from cyberattacks is to train your team. Entrepreneur stresses the importance of cybersecurity awareness training in preventing and fending off cyberattacks of all kinds.
The training will include but will not be limited to password security, identifying phishing and spear-phishing attempts, and identifying malware. Think of your team as a human firewall that defends your supply chain from hackers that may try to trick them into giving up sensitive information.
Written by Bayrose Jeanne
exclusively for lujam.com
Some 7 years ago our CEO Tim realised that in working from home he was a potential back door into the City based financial institutions he was trying to protect.
In setting about ensuring that he wasn’t a security risk to his clients he realised that it was time consuming, complicated and expensive.
Hence the vision to have what we have today .. a cyber security solution that offers ” Enterprise Level Security, that is simple to use, for the price of a mobile phone contract “.
Of course he was not to know that in 2020 a global pandemic would have everyone working from home.
I knew this was an important solution when I installed the sensor into my house – bearing in mind that we have young teenage children here.
One thing that happened was that it blocked me downloading a phishing message sent by a 1st Level Linkedin connection who had been hacked.
( Chris, here is a proposal for us to work together .. pdf attached )
Then we realised it was also giving us the peace of mind that the children could not in fact go to any ” bad websites “. If we wanted to we could look to see where they were trying to go to but actually they were blocked anyway so no harm done.
Having won our way into the GCHQ/NCSC Cyber Accelerator 2-3 years ago we have developed our solution well beyond the original concept working with them and IASME ( Information Assurance for SME’s ).
Most recently the Goverment has issued an edict that all government related suppliers must have Cyber Essentials – the basic standard for Cyber Security for SME’s.
This like an MOT Certificate for a vehicle and is of course mandatory too and a requirement for Insurance and Road Tax.
Annual re-certification of Cyber Essentials is good but actually where we were guided to was producing something that continuously monitored against the Cyber Essentials standard.
Cyber Insurance underwriters are also looking for clients to have Cyber Essentials. Why ? Because it reduces their RISK.
When they understand that we have a continuous risk reduction solution ( analogous to the black box installed in learner drivers cars ) and that we can give them a risk score on any home or business they get rather excited.
Homes these days can have a huge number of devices in them …our statistics show that sometime a family of 4 can have 70/80 network connected devices … admittedly this is probably a ” techies ” home. When you ask someone how many devices they think they have .. they start with the usual PC, laptop, ipad, mobile phone but it does not take them long to remember the wi fi connected speakers, Alexa type devices, IP cameras, burglar alarms and fridges.
In an industrial environment we have machines that are monitored remotely.
Information is power.
Our clients know ALL of the devices that exist in their environment ( and those outside that might try and connect in ) and they know what those devices are doing eg this laptop is always on these social media applications, stores data in the cloud here, uses cloud based CRM here, banks using these banking apps etc etc
The basic information for the GDPR regulations are there.
In Lockdown what typically happened is that people established the basic infrastructure to work from home. We did that very quickly and very effectively. Cyber Securing yourself and your family is another matter and in general has been a later consideration.
In general for lockdown companies established their team members basic infrastructure but they did not have time to think about effective Cyber Security and Defence.
We work with our partners to provide a full range of Cyber Security Services for SMB/SME and Remote/Home Workers.
The LuJam Cyber solution provides cyber defence that aligns with the Cyber Essentials and Cyber Essentials plus standards.
This is 24/7, 365 monitoring to those standards.
95% of common cyber attacks are prevented and we implement the 5 controls recommended by GCHQ and the NCSC and IASME.
We work in conjunction with existing AntiVirus and Router/Firewalls.
We have physical and virtual sensors and end point agents and we can also provide a VPN and Vulnerability scanning.
Installing a LuJam VPN user is very easy, However we have created a video to walk you through the process.
The LuJam VPN is ideal for those companies that want to install the LuJam solution to give Cyber Protection for an SMB business or Home/Remote worker but also need to cater for other team members dialling in or for working remotely.
A business or home based premises is Cyber Secured to the Cyber Essentials standard on a 24/7, 365 basis using LuJam Cyber and it is both low cost and easy to use.
Following the establishment of Business and Cyber Security centres in Scotland, Manchester and the North East BRIM ( Business Resilience International Management ) are building the East Midlands Cyber Resilience Centre.
Our Global Sales and Marketing Director, Chris Windley, is on the Advisory Panel and also working with BRIM nationally.
Like LuJam Cyber BRIM works closely with #GCHQ #NCSC and #IASME
The Business and Cyber Resilience Centres are a unique blend of #Police #BigBusiness #Academia and #Government.
Aproximately 400 Business and Organisations are expected to be working together at the end of the first year to improve business and cyber resilience in line with Police and #GCHQ #NCSC standards.
These businesses will come together online at first and then after the #Coronavirus in regular meetings of all parties.
There has really never been such an incredible fusion of businesses and organisations before – all aiming to make the UK a safer place to do business in.
We really want to ensure that the message gets out to SMB and Micro businesses that help is available to combat cyber crime, increasing and morphing in the virus, and improve business resilience generally.
Contact Chris on email@example.com or +447881 500002 or google East Midlands Cyber Resilience Centre and mention Chris.
LATEST #CoronaVirus #CyberSecurity advice from TOP CyberSec people
Staying at home and creating distance ( social distancing ) is key advice from this excellent analysis of both Coronavirus and SARS.
When LuJam Cyber was originally envisaged by our CEO Tim Moran it the protection of home based workers and their companies that was uppermost in his mind.
He was manipulating sensitive data from financial organisations at home and realised that he was a back door into these companies.
After working with GCHQ, NCSC and IASME the last 2 years we produced a low cost Cyber Security, Risk and Compliance solution that was easy to use and around the price of a mobile phone contract.
Over the last 12 months we built a partner network that could supply LuJam Cyber as part of a wider Cyber Security and GDPR solution.
Now they are busy working with their clients to respond to the sensible strategy of these companies to encourage workers to stay at home and work from there.
Physical or virtual sensors and end points can be deployed by partners into their clients and 95% Cyber Security achieved within 7 days.
LuJam Cyber is working with Top Xero Accountants in the Leicester area to ensure that they and their clients data are cyber secure.
As part of #MissionPossibleCyber LuJam is cyber securing all UK SMB’s but this focus is on clients served by Top Xero Accountancy firms.
In the worst case client firms can be totally destroyed by cyber attacks.
LuJam stops 95% of all cyber attacks and provides key GDPR information to assist with ICO processes.
Linford Grey is a Top Xero practitioner and recognises the need to cyber secure their clients and ensure that they are compliant.
Linford Grey and sister company 4R Business Recovery have had to rescue companies that have had severe cyber attacks in the past and therefore they recognise the benefit of proactive cyber security and compliance checks.
One of our ( Distributor ) partners ( nte ) was mailing out to their installed base of broadband clients and included within the mailer information on their LuJam based Cyber Security offer – Secure Connect.
Their reseller partner contacted them and said that they did not know about their Cyber Security services and they had an opportunity that they would like to discuss. The Partner Manager and the Cyber Security specialist talked to the partner and then agreed to go and meet with the end client.
It turned out that the end user client had to get Cyber Essentials Plus accreditation in order to qualify for a contract they were bidding for and they needed it within a month.
A LuJam sensor was installed at the end user premises and within 7 days a basic picture of the client was obtained. A Cyber Security specialist provided by the Distributor took the end user client through Cyber Essentials and then – using LuJam Vulnerability Scanning and Patch Management functionality – on to Cyber Essentials Plus.
The end user client won the contract. The reseller turned a £10’s opportunity into a £1000’s opportunity and got a very satisfied client.
The Distributor got a very happy partner who had a model for looking for other opportunities.
There were also Cyber Insurance and GDPR benefits for the end user client.
Over the last 3 years Lujam has developed the capability to easily embed it’s sensor agent in e.g. Routers ( edge and WiFi ) and Voice activated devices.
There have been discussions and agreements with many global telcos and ODM and OEM manufacturers.
As we are under NDA we cannot disclose who these companies are but the principles of what we are doing are public.
We have also made agreements with Telco’s and ISP’s to bundle our solution in with the purchase of broadband – from basic copper broadband through fttc, fttp and on to leased lines.
Above is an example of our work with nte.
This is all a vital part of #MissionPossibleCyber – the mission to get as many SMB’s #CyberSecure to the #CyberEssentials standard as quickly as possible.
If our agent is embedded in the hardware or bundled in with the internet connectivity or included in the SD-WAN software then there is a much great chance of that end user being cyber secure.