At the beginning of this year, Governor Larry Hogan approved $16 million in capital grants, distributed amongst 13 agreements. These grants were earmarked to benefit a variety of public facilities, from community centers to medical support and treatment centers, amongst others.
While we recognize this as a great thing for the people of Maryland, we can’t help but hope that some of these funds are going to be used by the recipients to lock down their cybersecurity.
Before you start thinking that it’s just because we’re preoccupied with cybersecurity, let us state our case.
Many of the Grant’s Recipients Possess Some Valuable Data
To begin, let’s consider the organizations that these grants benefit:
- Addie E. Thomas Community Center, receiving $250,000
- Carroll Hospital Center, receiving $756,000
- Chesapeake Bay Maritime Museum, receiving $300,000
- Chrysalis House, receiving $250,000
- Compass Regional Hospice, receiving $400,000
- Coppermine Edgewood Athletic Facility, receiving $250,000
- Forest Park Senior Center, receiving $250,000
- Garrett College, receiving $10,000,000
- Greenway Avenue Stadium, receiving $750,000
- Harriet Tubman of Alpha Genesis Community, receiving $250,000
- Port Discovery Children’s Museum, receiving $1,750,000
- Roberta’s House, receiving $500,000
- The League for People with Disabilities, receiving $250,000
While there is no indication of any of these organizations planning to invest in cybersecurity as a part of these grant projects or otherwise, the data that many of these organizations work with on a regular basis—if not daily—is precisely the kind that many cybercriminals will actively seek out.
Ransomware is a Particularly Large Concern When Large Funds are Involved
Put yourself in the shoes of an enterprising cybercriminal. If you were to hear that a children’s museum was to receive over a million dollars, wouldn’t you be inclined to try and take at least some of that money for yourself? Hospital centers are common targets to begin with, and cybercriminals now have 756,000 additional motivations.
Many of the industries represented in the above list are frequently targeted by cybercrime—so much so, that it is effectively irresponsible to neglect cybersecurity. Whether or not any of these funds are committed to cybersecurity improvements, we recommend that all of the above organizations take a few steps to better protect their operations and the data that powers them.
There are a lot of ways that this can (and needs to) be accomplished.
What Needs to Be Done to Promote Cybersecurity
Phishing awareness needs to be promoted at all levels of an organization.
Phishing—the act of “hacking” the user, instead of the computer system—is frequently used by cybercriminals to exfiltrate data, access credentials, and other valuable pieces of information. As everyone in the organization could be targeted, everyone needs to be educated on how to spot and appropriately respond to a phishing attempt.
On a related note, the entire team needs comprehensive security training.
If there’s anything that phishing goes to show, it's that anyone in your organization could provide a cybercriminal with the access they need. To prevent this, everyone needs to be trained in security best practices with regular review sessions to maintain their preparedness. Testing them every so often can help you identify where extra attention is needed.
Different users should have their access limited to what they’ll need.
It’s a simple concept, but one that could make all the difference to your cybersecurity: even if they fall for a phishing scam, a user that doesn’t have access to certain data isn’t going to be able to give that data to a cybercriminal. By keeping your data on a “need to know” basis, you reduce the threats that could potentially access it.
Go paperless.
Again, it’s a simple idea that can make a big difference. A paper document can somewhat easily be slipped into a purse or lunchbox or pants pocket. So, in addition to being the environmentally-friendly option, paperless eliminates an entire means of data theft. Paperless files can easily be backed up and stored securely too, and when done correctly, data theft can be prevented through strong security measures and multi-factor authentication.
Don’t stop at cybersecurity, and invest in physical security.
Let’s say that you’ve taken the steps to make your data effectively untouchable through digital means. What good will that do if someone comes in and steals the hard drive it is saved on?
None, so it is worth investing in the physical security that will help keep unauthorized people out of the areas they aren’t authorized to be in.
Prepare for disaster.
Data insecurity isn’t exclusive to cybercrime. The right (or wrong, really) weather event or hardware failure could also create a serious data issue. Creating a comprehensive plan that addresses the various events that could impact your data—cybercriminal activity included—is a crucial step that every business needs to take.
Hopefully, These Organizations Will Address Their Cybersecurity…
…and if that’s something you want assistance with, we’re here to help. Reach out to us at (410) 531-6727 to get started.