NEED SUPPORT? CALL (855) 422-8283

The Growing Trend of “Hacktivism”, & What it Means for Businesses

The Growing Trend of “Hacktivism”, & What it Means for Businesses

When most people think of a hacker, they think of a loner hiding in a dark basement, destroying computer systems and other digital resources for personal financial gain, or a sophisticated computer whiz employed by a foreign government up to no good. 

However, in recent years, a growing number of hackers have been putting their skills to use for a different reason: activism. This trend, dubbed “hacktivism”, is on the rise and can have serious consequences for businesses of all sizes in all verticals and industries. 

computer with hacktivism on the front screen

What is Hacktivism?

Information security researcher Dorothy Denning defines hacktivism as “the marriage of hacking and activism”, more specifically, using computers to achieve a political agenda through legally ambiguous means. As a general rule, hacktivism aims to obstruct normal computer and business activities in some way but, unlike other forms of hacking, does not necessarily aim to cause permanent injury or significant financial loss and is rarely motivated by financial gain. 

Hacktivism Can Be a Force for Good….

When most readers think of hacktivism, they think of large-scale political movements and revolutions such as the Arab Spring, which depended at least in part on technology and hacktivism. 

In 2011, when young protesters took to the streets in cities across the Middle East to rally against oppressive governments, some who had held power for decades, they were emboldened and assisted by technology. In the eyes of some, WikiLeaks and Anonymous played a key role in creating the social conditions that allowed the Arab Spring to happen by posting damning secret government documents online before the protests began. 

A specific example of this hacktivism was the uprising in Tunisia, which was initially largely ignored by the foreign media. When members of Anonymous realized the significance of the uprising, they partnered with Tunisian dissidents to help them share videos of what was really going on on the ground with the outside world. They also created a “care packet” (available in English, Arabic, and French) that offered dissidents advice on how to conceal their identities on the internet to avoid detection by the former Tunisian regime’s cyberpolice.

Though most believe the Arab Spring to be a positive and necessary step, the hacktivism that accompanied it, particularly the act of disclosing confidential documents and personnel files indiscriminately, could endanger lives. Anonymous and similar hacktivist organizations do not always carefully vet what information they release, which could inadvertently expose innocent individuals to cybersecurity threats.

… But it Frequently Harms Innocent Organizations & Individuals

The goal of most hacktivists is to draw attention to a particular cause using virtual political activism. This can be a noble goal, as demonstrated during the Tunisian uprising, but not all hacktivists are so altruistic. Unfortunately, many hacktivists are also not particularly concerned about avoiding collateral damage while carrying out their activist activities, and innocent parties can be caught in the crossfire. 

For example, while protesting the recent police actions on the Bay Area Rapid Transit (BART) system in San Francisco, a hacktivist posted the full names, addresses, and cell phone numbers of cover 2000 MyBART subscribers (ordinary transit users) online, increasing their chances of being targeted by identity thieves and other criminals. 

In a recent article by PC World, a former member of Anonymous called “SparkyBlaze” admitted that he was “fed up with [Anonymous] putting people’s data online and then claiming to be the big heroes.” He also stated that “Getting files and giving them to WikiLeaks, that sort of thing does hurt governments. But putting user names and passwords on a Pastebin doesn’t [affect governments], and posting the info of the people you fight for is just wrong.”

While some hacktivist organizations, like other activist organizations, might be doing real good, too many are using the guise of activism to cause significant harm to innocent organizations and individuals. 

As one article published in the Journal of Human Rights Practice puts it, unlike more familiar forms of activism, hacktivism can often be anonymous, allowing it to operate with a kind of impunity afforded by technology. As such, hacktivists are accountable to no one, not even organizations, groups, and individuals they aim to help, which is deeply problematic

Many hacktivist organizations, including Anonymous and WikiLeaks, engage in highly questionable activities, which they are able to do because of the anonymous nature of hacktivism. Since there is no way to hold individuals accountable, they are incredibly dangerous, both for the problematic organizations and governments they target and for the rest of us. 

large crowd protesting

A Brief History of Hacktivism: Six Infamous Events

While hacking has been around since the 1950s, hacktivism as a concept didn’t really emerge until 1989, when the first “hacktivist” action (referred to as Worms Against Nuclear Killers) took place. 

Worms Against Nuclear Killers (1989)

The 1989 attack, which many believe to be the work of Melbourne-based hackers “Electron” and “Pheonix”, used a malware worm to infiltrate computers at both NASA and the US Energy Department. The worm altered the login screen of infected computers to display the message ”Worms Against Nuclear Killers” and was fueled by rising anti-nuclear sentiment. A second worm, called OILZ, was also deployed and contained bugs designed to prevent access to accounts and files by changing passwords. The goal of this attack was to attempt to shut down the DECnet computer network in the days before a NASA launch, causing disruption and costing roughly half a million dollars in damages and lost time.

Hacktivism has only grown in both scope and influence. Other influential campaigns include:

Hacktivismo Declaration (2001)

Hactivismo, an offshoot of the hacker group Cult of the Dead Cow (cDc), emerged when they released their declaration that aimed to elevate freedom of speech. During this event, the group explicitly attempted to both engage in civil disobedience and explain their reasoning behind their actions. 

The declaration released by Hactivismo cited two United Nations’ documents: the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights, and included an FAQ that stated that the main purpose of their actions was to “cite some internationally recognized documents that equate access of information with human and political rights”.

As a result of their declaration, this group aimed to create both moral and legal grounds for future hacktivists to launch their campaigns. The group went on to release a web browser, called Peekabooty, that prevents censorship from nation-sates that deny or restrict internet access. 

Project Chanology (2008)

When a video of actor Tom Cruise voicing his affiliation with the Church of Scientology appeared on YouTube, the church forced the video hosting platform to remove it. In response to the censorship, Anonymous launched a DDoS (Distributed Denial of Service) attack against the Church of Scientology website, which was also defaced. A series of prank calls and black faxes followed the DDoS attack, and Anonymous also distributed private church documents stolen from Scientology computers during a doxxing attack

The hacktivist actions were also paired with in-person protests across the country where protesters donned the now infamous Guy Fawks masks associated with Anonymous

US Executive Branch Attack (2013)

Presumably believed to be associated with Syrian President Bashar al-Assad, the Syrian Electronic Army (SEA) has carried out a number of attacks using both spear-phishing and DDoS attacks designed to compromise and deface government, media, and privately-held organizational websites. 

The group successfully released a fake tweet claiming that an explosion at the White House had injured the President. After the tweet went live, the Dow briefly plunged 140 points. In 2016, the FBI charged two SEA-affiliated individuals with the attack.

Clinton Emails Leak (2016)

This attack, a joint venture between WikiLeaks and Russia’s foreign military intelligence directorate Glavnoye Razvedyvatel’noye Upravleniye (GRU), focused on emails between then-presidential candidate Hilary Clinton and her campaign manager. The emails were illegally obtained by GRU and released by WikiLeaks, and the goal was to discredit Ms. Clinton in order to further the campaign of her opponent Donald Trump.

Hackers used spear-phishing emails to steal credentials from DNC members and gain unauthorized access to the emails. The campaign significantly impacted the Clinton campaign and may have contributed to her loss. Following the leak, the US Department of Justice indicted 12 Russian hackers for the incident.

Black Lives Matter Movement (2020)

While the BLM (Black Lives Matter) movement reaches beyond the realm of hacktivism, the group Anonymous did throw their weight behind this movement protesting police corruption following the death of George Floyd. The group had also voiced similar condemnations in the past following the murders of Michael Brown and 12-year-old Tamir Rice.

In support of the social-justice-focused BLM movement, Anonymous released a video on Twitter that specifically criticized the Minneapolis police department in the wake of the shooting. As a result of the video, Anonymous’ Twitter account gained 3.5 million new followers in the following days, and the campaign has been linked to a series of DDoS attacks that briefly shut down the Minneapolis police department website, its parent website, and the Buffalo, New York government website over the course of a single weekend.

How Hacktivism Harms Businesses

While some hacktivist activities, such as creating open-source software that allows people in China to circumvent government censorship, are arguably good, we have seen that hacktivism also has a dark side. 

Hackers of all stripes, including some hacktivists, often use open-source hacking tools to penetrate networks with the goal of paralyzing or destroying legitimate businesses. This can be done for a variety of reasons, including retaliatory action in the case of George Hotz.

Sony vs Hotz

In 2010, then-teenage researcher George Hotz (now President at comma.ai) was able to reverse-engineer the Sony private key and published it online. This allowed almost anyone with an internet connection to rewrite Sony’s firmware and classify themselves as a developer on the Sony network, gaining free access to all of Sony’s online games. This action adheres to the philosophy that many hacktivists and other hackers share, which deems that all information, even proprietary information, should be free. 

In response to his actions, Sony sued Hotz, which attracted the attention of hacktivists. The company was targeted by several DDoS attacks and a data breach, which exposed the credit card numbers of 12 million innocent customers, as well as 75,000 “music codes” and 3.5 million “music coupons”, resulting in massive financial losses for the company. All and all, Sony estimates they lost about $173 million, including the cost of increased customer support, incentives to woo customers back, legal costs, loss of sales, and the costs to improve their cybersecurity systems. 

Ultimately, regardless of the goal of the hacktivist organization, gaining unauthorized access to a company’s network or other digital assets is wrong, and companies need to take steps to ensure their cybersecurity posture is robust enough to thwart attacks and avoid or at least minimize damage. 

Is your organization prepared? For more information, or to start crafting your incident response plan, please contact our team today.

Suggested Reading

Cybersecurity is complicated, and the field continues to evolve to respond to new threats, and keeping up to date is critical for safeguarding your organization and its digital assets. To help you expand your knowledge and stay up to date, please consider visiting our blog and reviewing these suggested educational articles and resources.

Cybersecurity Basics For All Organizations

Hacked? Here’s What to Know (and What to Do Next)

Building a Cybersecurity Incident Response Program

Terms and Phrases Used in the Managed IT and Cybersecurity Industries

The SMBs Guide to Getting Started with Cybersecurity

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Identifying a Breach: Finding Indicators of Compromise (IOC)

Making Sense of TTPs, Cybersecurity, and What That Means for Your Business

The Shift From Cybersecurity Being a Want to a Need Just Happened

What is a Managed Services Security Provider (MSSP)?

Cybersecurity Basics By Industry

Cybersecurity Basics Every College and University Needs to Have in Place

The Ultimate Guide to Cybersecurity in the Healthcare Industry

The Rising Cost of Healthcare Industry Data Breaches

How the Financial Industry Can Strengthen Their Cybersecurity

Cybersecurity for the Manufacturing Industry, What You Need to Know

Minimizing Your Risks

What Are the Risks of Using Unsupported Hardware?

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

Airports are a Hacker’s Best Friend (and Other Ways Users Expose Themselves to Risk)

Keeping Your Network Secure in a “Bring Your Own Device” World

Basic Website Precautions: Keep Intruders Out with these Fundamental Security Best Practices

Common Threats (and How to Avoid Them)

The Modern Hacker: Who They Are, Where They Live, and What They’re After

In a Remote World, Social Engineering is Even More Dangerous

Hackers Are Increasingly Targeting People Through Their Phones

How Fear Motivates People to Click on Spam

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?

Everything You Need to Know About Ransomware (2019 Edition)

5 Old-School Hack Techniques That Still Work (and How to Protect Your Data)

DNS Spoofing: What It Is and How to Protect Yourself

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected

Why Your Company Could Be the Next Equifax or CapitalOne

What is Cybersecurity Insurance (& Does Your Business Need It?)

What is Cybersecurity Insurance (& Does Your Business Need It?)

An unfortunate reality of the modern, connected business world is that it is no longer a question of if your organization will experience a cybersecurity incident, but when. In 2020, there was one new ransomware victim every ten seconds, while the average cost of a data breach the same year was $3.86 million.

Those eye-watering numbers have many organizations of all sizes and in all verticals, justifiably concerned. Improving your cybersecurity posture and ensuring you have an effective incident response plan in place can significantly reduce the amount of downtime your organization experiences should an incident occur, as well as minimize or even eliminate damages. However, to help offset the costs associated with cybersecurity incident recovery, more organizations than ever before are turning to cybersecurity insurance.

man calculating cost or cybersecurity risks and breaches

What is Cybersecurity Insurance?

Cybersecurity insurance (also called cyber liability insurance) is designed to cover the costs associated with cybercrime should your technological systems or customer data be targeted as part of a cybersecurity incident. While your exact coverage will vary depending on your insurance provider and other factors, cyber liability insurance typically covers legal costs and damages such as:

Cyber Liability Insurance vs Cybercrime Insurance: What is the Difference?

Some insurance providers also offer cybercrime insurance in addition to cyber liability insurance. This additional insurance is designed to help compensate your organization for funds lost during a cybersecurity incident such as a hack or social engineering attack, including notification costs, data restoration costs, and associated legal expenses.

What Typically Isn’t Covered

Like all forms of insurance, there are a few things cyber liability insurance typically doesn’t cover. While what is and is not covered will vary depending on your insurance provider and policy, typical exclusions include:

  • Potential future lost profits
  • Loss of value due to intellectual property theft
  • Betterment, which is the cost to improve your internal technology systems, including software or security upgrades, after an attack has occurred

Common Types of Cyber Liability Claims

When it comes to insurance claims, most cyberattacks fall into one of three categories: hacking, social engineering, and malware (including ransomware).

Hacking

Hacking (gaining unauthorized access to a computer system, usually by exploiting existing security vulnerabilities) is the most common type of attack that leads to an insurance claim. This is because if an attacker compromises your system or network, your company could be liable for a wide variety of costs related to the attack, including:

  • Third-party lawsuits
  • The costs associated with notifying affected parties and other stakeholders
  • Public relations and reputation management costs
  • Regulatory fines

Social Engineering

Social engineering attacks (including phishing scams) depend on an attacker tricking someone inside your company into helping them. Attackers trick unknowing individuals with access to your system into essentially opening the door for them, usually by impersonating a trusted individual (such as their boss or another superior or someone from accounting or the bank) and asking them to click a link, hand over their login credentials, or grant access to restricted areas of the network. The employee then unwittingly either lets the attacker into the network or downloads malware, which grants access or otherwise allows the attacker to wreak havoc.

Malware

Malware, short for malicious software, comes in a variety of forms and is an incredibly common type of cyberattack. Malware can be difficult to defend against because every program is different and uses different strategies to infiltrate your network. Ransomware is a very common form of malware designed to hijack your system and lock you and your employees out of the network. The attacker then demands a ransom in exchange for releasing or unlocking the system. However, not all attackers follow through on their end and may simply take the ransom money and leave the network locked.

photo of hooded man hacking with his computer

First-Party vs Third-Party Insurance

What type of cyber liability insurance your organization decides to purchase should be based on a variety of factors, including your needs as an organization and what entities you need to protect. Unfortunately, when it comes to cyberattacks, the business originally targeted is not the only party that may be impacted. As such, there are two different types of cyber liability insurance: first-party and third-party.

First-party insurance protects your company or organization and will cover the costs outlined in your policy associated with an attack. Any organization that handles electronic data should purchase a first-party policy to cover the various expenses that organizations face in the wake of a cybersecurity incident.

Third-party insurance is designed to protect organizations that offer professional services to other businesses that could be impacted in the event of an attack. This type of coverage is often compared to professional liability insurance in the sense that the third-party insurance can help safeguard your business in the event you are sued by another organization for errors you may have made that resulted in damages or losses to the company suing you.

For example, let’s say your organization is a law firm. Your law firm’s data security is compromised, and as a result, several of your clients have accused you of failing to prevent the data breach. In this instance, the third-party cyber-liability insurance would cover your legal fees, government penalties and fines, and any settlements or judgments related to these claims.

What is the Average Cost of Cybersecurity Insurance?

How much your cyber liability insurance plan costs will depend on a variety of factors, including the type of business you run and the level of cyber risk you are exposed to. However, a recent study by AdvisorSmith Solution Inc found that the average cost of a cyber liability policy in 2019 was $1500 per year for $1 million in coverage, as well as a $10,000 deductible.

How much your policy costs will also depend on:

  1. Your size and industry: The more employees you have, the greater your chances of falling for a successful phishing or other social engineering attack, which will drive up your insurance premiums. However, a larger factor is your industry. Different industries are classified as low, medium, or high risk, depending on the type and amount of data your organization stores.
  1. How much data you store, and how sensitive it is: Low-risk organizations, such as small local businesses with limited customer bases, will pay less for their coverage than higher-risk organizations such as retail stores that collect and store customer credit card numbers both instore and online through their website or eCommerce store. Organizations that store large amounts of highly sensitive personal data (such as social security numbers or dates of birth), such as hospitals or other healthcare facilities, will pay higher premiums.
  1. Your annual revenue: In the eyes of most insurance companies, the more money your business makes, the more likely a cybercriminal will target your organization. As such, organizations with higher revenue streams are more likely to pay higher premiums for cyber liability insurance.
  1. How robust your cybersecurity posture is: Most insurance companies reward organizations that take cybersecurity seriously and dedicate significant resources and people hours to safeguarding their digital assets. To help keep your insurance costs low, all organizations (particularly high-risk ones) should invest in robust cybersecurity measures, have sufficient security measures in place, and ensure their employees receive appropriate cybersecurity training.
  1. The terms of your policy: Your coverage limits and deductible also play a significant role in determining your insurance premiums. The more coverage you want, the higher your monthly insurance premiums will be. Your deductible refers to the amount of loss your business is responsible for in the event of an incident that is covered by your policy. Organizations that opt for a higher deductible (absorbing more of the initial costs themselves) typically pay lower premiums but are on the hook for more of the damages in the event of an incident. On the other hand, organizations that opt for a lower deductible will pay higher monthly premiums but will have more of their losses covered in the event of an incident. Organizations with robust security measures in place may opt for lower premiums and a higher deductible, while high-risk organizations that store lots of sensitive data may opt for higher premiums in exchange for a lower deductible.

Does My Business Need Cybersecurity Insurance?

If your organization handles electronic data, you should have at least a basic cyber liability insurance plan in place. Like all forms of insurance, cyber liability insurance is there to cover worst-case, what-if scenarios.

Handing over funds for cyber liability insurance every month may seem like an unnecessary expense, but a large-scale cybersecurity incident can be enough to bankrupt a small or even medium-sized organization and destroy your reputation. Having access to emergency funds to defray costs such as hiring an expert team to help you fend off an attack in progress and limit damages, replacing damaged equipment, paying fines, covering your legal costs, and managing your reputation after an incident could be the difference between your organization weathering the storm relatively unscathed or folding under the pressure.

Take a Proactive Approach

Investing in a robust yet flexible cybersecurity posture will do more than just help keep your premiums low; it can also help your organization fend off attacks in real-time and limit or even eliminate permanent damage to your infrastructure.

Investments such as employee cybersecurity training (both as ongoing training and part of your employee onboarding process) can also help safeguard your organization by giving your team the tools they need to spot suspicious activities (such as phishing scams) and sound the alarm before any damage can be done.

Selecting the Best Insurance Provider for Your Organization

With cybercrime on the rise, more insurance companies than ever are offering cyber liability insurance. As with any insurance policy, it often pays to shop around. Start by finding out if your existing insurance provider offers cyber liability insurance. If they do, you might be able to negotiate a break on your premiums or a better deductible in light of your existing relationship.

However, it also helps to shop around and see what other providers and policies are available. Since the cost of your insurance plan is typically determined in part by your industry or vertical, it can help to reach out to other organizations like yours for recommendations and advice. You may also want to consider consulting with your MSSP (Managed Security Services Provider) to see if they have any recommendations. MSSPs have extensive cybersecurity experience and work with a variety of organizations, so they may be able to help you determine what sort of policy is best for your organization’s unique needs.

For more information about the importance of cyber liability insurance, and cybersecurity in general, please contact our team today.

Our Predictions for the 2021 Cybersecurity Environment

Our Predictions for the 2021 Cybersecurity Environment

2020 was a rough year for all of us, particularly from a cybercrime perspective. As businesses and schools rapidly pivoted to remote work and remote learning, many cybercriminals changed their tactics and adjusted their focus to take advantage of the situation as well as user uncertainty and fear.

As working and learning from home remain the norm for many individuals and businesses around the world, cybercriminals are poised to continue aggressively targeting users specifically using a blend of online and offline tactics

Fortunately, there are many steps your organization can take to better safeguard your digital assets against cyberattacks. As cybercriminals adjust their tactics, businesses of all sizes need to remain agile and stay up-to-date on the latest cybersecurity threats.

2021 Top Cybersecurity News

The Ongoing Fallout from the SolarWinds Attack

The SolarWinds attack, which infiltrated both the US Treasury and the Department of Homeland Security as well as a number of private organizations, rocked the cybersecurity world. Uncovered last December, this wide-reaching, devastating attack is believed to be the work of the Russian Intelligence Agency’s Foreign Intelligence Service and may have been launched as early as March 2020.

This supply-chain attack used malware to infect the networks of most, if not all, of SolarWinds’ customers via a software update. However, because the Russian attackers have had access to a wide number of networks for as long as several months, security experts are still working to determine exactly how widespread the attack was and what sensitive data and systems have been compromised. 

Even once experts know the full extent of the attack, the remediation process will be long and grueling. Entire enclaves of computers, servers, and network hardware across both federal and corporate networks will need to be isolated and replaced even as security teams continue to hunt for evidence of malware, determine what information has been compromised, and create and implement strategies to mitigate loss and damage. 

Number of Cyberattacks Expected to Rise

In addition to dramatically changing how we go about our daily lives, COVID-19 has also provided a convenient cover for cybercriminals as they shift their attack vectors away from large, well-guarded corporate networks to small, potentially vulnerable home networks. One study suggested that, in 2021, a ransomware attack on a business is likely to occur every 11 seconds, up from every 40 seconds in 2016. 

INTERPOL’s assessment of the impact of COVID-19 on cybercrime has shown similar trends, with targets shifting away from major corporations, governments, and critical infrastructure in favor of small businesses and individuals. 

2021 Cyber Attack Trends

User-Targeted Attacks Expected to Rise

As workers swap their cubicles for their kitchens, cybercriminals have changed tactics accordingly. The work from home model has brought with it a rise in successful attacks, at least in part because users are more likely to use personal devices (which are often less secure) for work-related activities.

As users log in from home, they create personal islands of security: a model where each user is effectively following different (often lax) security protocols. When workers are onsite, all of their traffic is routed through your business’s network, which is likely closely monitored by a professional security team. However, without a dedicated security team watching every employee’s home network and personal device, your organization is exposed to increased risk.

Cybercriminals are taking advantage of this increased attack area to create personalized attack chains. While traditional tactics often involved a “spray and pray” approach (where cybercriminals used generalized social engineering attacks, such as the classic Nigerian prince scam, to target a large number of users in the hopes that a few would bite), recent trends have seen a rise in hyper-personalized attacks that target specific uses with privileged access to sensitive infrastructure, data, and systems. 

While this approach is more time-consuming (since attackers need to identify and profile specific individuals to create the targeted attack), this approach is more likely to yield shorter attack-cycles, making it increasingly difficult for organizations to identify and stop attacks in progress.

Another user-focused trend to watch out for is cybercriminals increasingly targeting individuals via their phones.

A Blend of Online & Offline Tactics

The work from home era has forced cybercriminals to adapt their tactics, but unfortunately, many have done so successfully. One tried-and-true cybersecurity attack, the phone scam, has seen a resurgence.  

COVID-19 Scams Continue

According to the FCC, many cybercriminals are taking advantage of the fear and uncertainty around COVID-19 to trick unsuspecting victims into revealing sensitive personal information using social engineering. These include phone calls, emails, or text messages offering “COVID-19 kits”, “Coronavirus packages”, or Medicare benefits related to the virus. Scammers use these promises of assistance to try and convince potential victims to hand over sensitive information such as bank account details, social security numbers, or medicare numbers. 

A similar but related scam involves scammers offering “relief payments” from government agencies. These calls, text messages, and emails typically follow a general format: The caller says you have been approved to receive money, either via a relief payment or a cash grant or even via a low-interest small business loan and then asking for personal information (to “verify your identity”), banking information (so they can charge you a small “processing fee”) or both. Some scammers also ask for payment via cryptocurrencies (such as bitcoin) or gift cards. 

If you are located in the United States and are targeted by scammers, please report your encounter to the FCC.

Fake Tech Support Scams on the Rise

Another twist on the phone scam is the fake tech support scam. This follows a similar format to the scams discussed above but involves cybercriminals asking users to grant access to their computers so they can “conveniently” fix a tech support problem you weren’t even aware you have. 

Criminals then use this access to install malware, add backdoors for future access, or log keystrokes (to capture usernames, passwords, banking details, and other sensitive data). 

SMBs Likely to Invest More in Cybersecurity

As cyber threats continue to rise in 2021, small and medium-sized businesses are, particularly at risk. This is because, unlike large, enterprise-level organizations, many smaller organizations still believe that they are less likely to be targeted.

According to research conducted by Analysys Mason and reviewed in Forbes 2021 cybersecurity predictions, SMBs cybersecurity spending (including services, hardware, and software) is projected to grow by 10% between 2019 and 2024, creating an $80 billion market.

Safeguarding Your Organization in 2021

The best thing you can do to safeguard your organization’s digital assets is be proactive. Make sure you are up to date on all the latest cybersecurity threats and have a well-rounded and up-to-date cybersecurity incident response program in place

You should also assess your current cybersecurity posture regularly to ensure it is continuing to meet your needs, and you may want to consider conducting pen (penetration) tests to stress-test your current defenses. You should also make sure that all new employees receive cybersecurity training as part of their onboarding process and that all workers undergo refresher training regularly. You may also want to consider conducting tabletop exercises to give your team a chance to test their cybersecurity response skills in a no-risk environment. 

Virtual Armour is Here to Help

Safeguarding your organization from cybersecurity threats can be a lot to handle, particularly if you aren’t already a cybersecurity expert. That’s why Virtual Armour is here to help. Our team of experts can review your current practices with you, help you identify weaknesses, and create a plan to strengthen your defenses. We are also able to monitor your infrastructure, firewall, and endpoints 24/7/365 for potential threats and help you mitigate or even avoid damage should an incident occur. 

We have extensive experience working with service providers as well as organizations in a variety of industries and verticals, including healthcare, finance, retail, and energy

For more information about our service offerings or to find out what you can do to safeguard your digital assets best in 2021, please contact us today.

Creating an Agile Workplace: How to Prepare for the Unexpected

Creating an Agile Workplace: How to Prepare for the Unexpected

COVID-19 has fundamentally changed the way many companies conduct business, and not all organizations have handled the jarring transition to remote work smoothly. Daily operations and working conditions can be disrupted in an instant, so your organization needs to be able to adapt quickly and effectively to any situation.
Though no situations are exactly alike, there are a few tools and guidelines you can follow to help ensure the next time a sudden pivot in your workforce is needed it’s as smooth as possible.
By being agile, your organization is set up for success in any situation.

What Makes a Workplace Agile?

Agility in the workplace typically focuses on quickly adapting to the changing needs of customers, workers, and the overall marketplace. The current global health crisis has brought with it a renewed urgency for flexible, agile, and adaptable workplaces as many traditional office-setting workplaces transform into distributed workplaces. Though some organizations may be able to return to the office soon, the fact is that work as we know it has been disrupted, and those disruptions will be felt for quite a while.

What Steps Can I Take to Increase My Organization’s Agility?

While seasoned remote workers already have the skills to ensure their work gets done no matter where they are, an organization that has to suddenly pivot to remote work faces a unique set of challenges. Even if your individual workers are set up for success, can stay productive, and are able to easily meet their deadlines, you need to ensure that your entire workforce is able to continue to work together effectively.

Communication is Key

Frequent, open, and transparent communication is always important, but when your workers are no longer working out of a centralized location, effective communication becomes even more vital for maintaining productivity. Those spontaneous brainstorming sessions over lunch, impromptu meetings, and watercooler chatter may not always appear to be productive, but they play a huge role in developing and maintaining group cohesion and encouraging the flow of ideas.
To help retain some of that impromptu team building and idea generation, you might want to encourage managers to regularly host scheduled coffee meetings or happy hours with their teams. If your organization doesn’t use an instant messaging product like Slack or Microsoft Teams already, now is a great time to adopt that technology. Instant messaging apps can be leveraged for both more serious business discussions and the lighthearted workplace chatter that used to happen over coffee or lunch or around the water cooler.

Adapt Your Communication Style to Suit Your Workers

To help empower your newly configured workforce, you will need to be able to communicate with different categories of workers effectively. This may include your regular remote workers, your newly remote workers, workers who are currently unable to work, and any essential workers you may have that must be physically present in your workplace to complete their tasks.
How you communicate with each group may differ, but you might want to consider using internal messaging apps (like those mentioned above) in conjunction with email campaigns to reinforce key messages and text messages for urgent matters. Try out several different communication styles and see which ones are most effective for which groups and reassess your approach to communication as necessary to promote collaboration and ensure critical messages are being received.

Be Proactive

Any good manager knows that it’s best to tackle potential problems before they become actual problems. By communicating effectively with your workers you can learn about potential problems or sticking points before they become major issues. While it may seem costly to act proactively, investing a bit of time, people power, and funds to address potential issues as soon as they come to light can save your organization more in the long run.
How you choose to keep an ear to the ground is up to you and your organization, but regular check-ins between workers and their managers, between managers and their department heads, and between department heads and the executive team can help prevent information silos from forming and ensure that potential issues are escalated appropriately so they can be addressed.

Focus on Retaining Workers

There is a lot of uncertainty in the world right now, so holding onto experienced workers (and their vital skillsets) is more important than ever. When a critical worker leaves, it can cause a frenzy of uncertainty as workers try to bridge the gap until a replacement worker can be found, causing unnecessary stress and anxiety. Even once a replacement is found, it can take months for them to fully settle in and come up to speed, disrupting your everyday workflow.
Have mechanisms in place so that departing workers can train their replacements before they go on maternity leave, retire, or switch to another organization. You may want to record training sessions so they can be reviewed as necessary or used to train other workers down the line. By setting up the replacement worker for success, you not only minimize disruption but also reduce worker stress and anxiety during transitions.

The Importance of a Good Attitude


However, skills aren’t everything. If you are able to expand your team and choose to do so, make sure you weigh intangible skills (effective communication, positive attitude, proactivity, etc.) as well as looking at the tangible skills required to do the job.
Having workers that are flexible, proactive, and positive can help you weather tough times and reduce friction in the workplace. Skills can be taught, but the right attitude is a lot harder to cultivate if workers don’t have the right mindset to begin with.

Empower Your Workers

How do you feel when you delegate tasks to your team? Are you relieved knowing that they have the right skills and attitude for the job, or anxious that you won’t be there to oversee everything and double-check their work?
Someone who works for an organization that empowers their workers is more likely to feel the former: confident that their team has the skills to handle things on their own.
Empowering people is about more than just giving them unfamiliar tasks; it is about encouraging your workers to challenge themselves and letting them know that you believe they can achieve their goals by periodically taking people out of their comfort zones.
You can encourage your workers to take appropriate risks by:

  • Delegating a variety of tasks, such as having a junior member run a meeting or letting your second in command take the lead on the next big project
  • Rotating roles so that employees can cross-train, building their skillset, and deepening their understanding of their co-workers’ roles
  • Giving your workers the autonomy they need to perform tasks on their own. Training wheels are fine, but they eventually need to come off
  • Encouraging your workers to behave like team leaders
  • Creating room for independent decision making
  • Allowing workers to experiment and try new things without the fear of failure

Don’t Forget the Human Factor

Businesses are run on more than technology and processes; the human element plays a critical role in any business or organization. By encouraging teamwork, escalating conversations when necessary, and creating organic opportunities for knowledge transfer, you can teach your workers to collaborate more effectively and give them a chance to develop a deeper respect for their co-workers and their contributions to the organization. This not only promotes social cohesion, but encourages cross training so that employees can remain flexible and, in a pinch, take on new tasks when emergencies and other unexpected changes occur.

Promote Collaboration & Autonomy


A strict hierarchy can be restrictive, delaying ad hoc projects and creating frustration, particularly for workers at the bottom. Establishing horizontal communication channels as well as vertical ones, can increase collaboration and reduce delays.
Another way to make your workforce more agile is to allow teams to work on their own without requiring management to constantly steer the ship. Create a team and invite one of its members to temporarily adopt the role of team leader. Give the team tangible objectives and a reasonable timeline for a project and see what they create. By creating self-managing teams, you can drive collaboration and enhance learning, making your organization more agile overall.

Feel Free to Experiment

A driving principle for many highly agile organizations is that experimentation drives innovation, which leads to change. It’s important to not only be able to respond to change (or adversity) effectively but approach it proactively and be a driving force for change.
Being able to adapt to change can help keep your business afloat, but having the ability to propel change can help ensure you stay ahead of the competition.
However, it is one thing to pay lip service to some vague idea of change and another thing entirely to put your money where your mouth is. Don’t just focus on the executive suite or department managers and ask everyone else to follow their lead, but instead encourage every employee, from the summer intern up to the CEO to get involved.
Many organizations encourage this by giving employees time on the clock to dedicate to their alternative musings. This not only encourages experimentation but gives workers the chance to fail (and fail fast) before moving onto their next idea.
You can encourage experimentation at all levels of your organization by:

  • Having regularly scheduled brainstorming sessions
  • Encouraging team members to discuss their interests beyond work
  • Actively encouraging workers to work on ideas that resonate with them
  • Offering personal support and help if and when required
  • Eliminating or reducing constraints when possible

Being agile is not only important for weathering the COVID-19 storm, but also for weathering future storms and remaining at the forefront of your industry. By taking the time and energy needed to help promote agility at all levels of your organization, you can help future-proof your company and create a great place for workers to work, learn, and grow.

The Costs & Infrastructure Tied to a Remote Workforce

The Costs & Infrastructure Tied to a Remote Workforce

COVID-19 & the Sudden Shift to Remote Work

As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.

The Infrastructure & Costs Required to Effectively Support a Remote Workforce

 
Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).

Laptops

If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.

Secure Connections & VPNs

The Costs & Infrastructure Tied to a Remote Workforce
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).

Leveraging the Cloud

The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.

Staying Connected

The Costs & Infrastructure Tied to a Remote Workforce
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.

Reliable Home Internet

Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.

Shifting to Remote Work Can Help Future-Proof Your Business

By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.

Cloud Isn't the "Future"; It's the Now

Cloud Isn't the "Future"; It's the Now

Technology is continually changing and evolving, creating new and innovative ways to conduct business. While many of us may still think the cloud is some futuristic concept, in reality, it’s already here and has been for a while.

What is the Cloud?

At its core, the cloud is a collection of web-based applications. Instead of purchasing a program, installing it on your computer, and running it locally, the cloud allows you to remotely access programs using the internet. Instead of running on your machine, these programs are run on large, high-tech servers. Chances are you are already using the cloud; you just might not know it yet.
An excellent example is Google Docs. Even just a few years ago, if you wanted to create a text document, you would likely open up Microsoft Word. That meant that if you wanted to start on a document using your desktop at work, then review it at home later you would have to either save the document to a USB drive and physically bring it home or email it to yourself, make any changes, and then either resave the edited document to your USB drive or re-email it to yourself.
Google Docs works a lot like Microsoft Word, but the documents you create are stored on the cloud, not your local machine. That means that if you start a document on one computer and then switch to another machine, you don’t have to bring your document with you. Instead, you simply log into your Google account from the new machine, access your Google Drive (where your Google Doc is stored), and continue working. This also means that multiple people can view, comment on, and edit the same document in real-time from different locations.
Cloud Isn't the Future It's the Now

What Are the Benefits of Using the Cloud?

The cloud has many benefits beyond conveniently sharing and editing documents that update in real-time.

No Special Software

Before the cloud, if you wanted to use a program, you would need to purchase and install specialized software to do so. Now, all you need is an internet connection and an account. This makes it easy to work remotely, either from home or while away on business, and ensure that everyone is working with the most up to date version of each document or item.
It also means that you, and your company, can easily access a variety of more specialized programs without the need to physically purchase and install them.

No Data Backups

Since your data is stored remotely on a server, instead of on your computer, you don’t need to worry about backing up your data. The company that runs the servers handles all of that for you, freeing you, your staff, and your physical resources up for other tasks and lets you rest easy knowing that if an incident occurs at your organization, your data is protected.

Cost Savings

Purchasing and installing computer programs can be both costly and time-consuming. While some cloud-based programs require monthly fees to access, these are still typically less expensive than purchasing the program outright would be.
Cloud-based programs also require less IT support from your company since you don’t need to pay a professional to install software or network computers to a server, and any problems with the software are handled by the company that provides it, not your IT personnel.
The cloud also allows employees to work remotely more effectively, which can cut down on your infrastructure costs by reducing the amount of office space your organization requires. It also means that you no longer require brand new computers almost every year to support the latest software, since even older models can easily access cloud-based programs.

Automatic Updates

One of the most important things you can do from a cybersecurity perspective is to ensure all your software is up to date. With cloud-based software, the company that created and maintains the software handles all updates for you, freeing up employees for other tasks.

Scalability

Using the cloud means that your organization can quickly and easily scale your operations or storage needs up and down depending on your current situation. Any new software or upgrades can be accessed quickly and easily, and may not even require upgrading your account.

Minimize Disruptions

Storing your data in the cloud means that if something happens to your office, such as a fire or a power outage, you can more easily resume normal operations. Data on the cloud remains safe and secure, and can easily be accessed remotely if necessary.
Cloud Isn't the Future It's the Now

Increased Cybersecurity – If You’re Prepared

A type of malware called ransomware (such as the famous Wannacry and Petya ransomware attacks) targets companies by encrypting their data and holding it hostage until the ransom is paid. Unfortunately, too many organizations are forced to cave because they don’t have proper backups of their data, and they can’t continue with normal business operations while their data is inaccessible. Storing your data on the cloud drastically reduces the effectiveness of ransomware attacks targeting your specific organization.
However, though the cloud has many benefits, it also brings with it unique cybersecurity considerations that you should discuss with your Managed Security Services Provider (MSSP). Your MSSP can help you identify potential vulnerabilities and address them effectively to safeguard your cloud-held digital assets better.
The cloud has already changed how we work, streamlining a lot of processes, making it easier to adjust our storage and operations quickly to better suit our needs, and making collaboration easier than ever. Though it has brought with it new cybersecurity concerns, these can be safeguarded against, and their potential impact mitigated, with flexible, robust, and tailored cybersecurity solutions.

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security
Evaluation of your infrastructure for vulnerabilities and security gaps.
Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.

Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.

Partners

Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.

Careers

Read about life at VirtualArmour and search for current openings.

Industry

Read more about the industries we serve and our solutions to keep you safe.