Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

November 15, 2022

Good morning, everyone!

This week’s critical vulnerabilities:
  • Microsoft gave us 68 patches last week, including 10 critical and 4 that are already being exploited. Go check NOW to be sure you got all your updates installed!
  • VMware has released an important fix for Workspace ONE Assist
  • Apple has released critical fixes for ioS 16.1.1, iPadOS 16.1.1, and macOS Ventura 13.0.1.
  • Lenovo has released critical updates for 25 of its laptop models. Note that they are NOT fixing this vulnerabilities in the Ideapad Y700-14ISK, as it is no longer supported.
  • Google Chrome has released more patches for critical issues

Patch All the Things!



Cyber Liability Insurance

A recent legal case involving cyber insurance has been a hot topic on LinkedIn lately. There is much talk that cyber insurance companies are no longer going to trust your answers to their questions about security, and may start requiring third-party verification before offering a policy. With that in mind, here are my recommendations in this regard.

Be as secure as you possibly can be. The first thing you want to do is achieve the highest level of security your organization is able to tackle. Why? Because the stronger your security, the less chance of having a major cyber incident – and the lower your cyber liability insurance premiums will be! So start with a security assessment by a reputable third party like my company and implement as many of their suggestions as you can. These are exactly the things that show up on your insurance application and affect your premiums.

Be as compliant as you can afford to be. In an ideal world, security and compliance would be the same thing. Unfortunately, this is not an ideal world. Security is about measurable outcomes (“I do this thing and I get this result”). Compliance is about accountability and liability (“I need to check this box”). If you focus on security first, your compliance will be easier and your overall risk reduced.

Assess your exposure. What are the chances of your organization being hacked? And what are the consequences? There are several factors that have a significant impact on these determinations:

  • Are you in a high- or low-risk industry? A few years ago, retail merchants were at the highest risk, but recently healthcare and manufacturing have taken the top two spots.
  • What kind of data do you store? Is it the kind of data that cyber criminals want to steal?
  • How strong is your information security program? Do you have a “culture of security” in your organization that makes you feel confident your employees are practicing safe behavior online? Do you have good policies and procedures, and training for your employees? Do you have good backups that are secure, encrypted and verified?

Determine your appetite for risk. This is one that many people don’t think about. What is your appetite for risk? Look at your car insurance. What’s your deductible? $250? $500? $1000? $5000? That’s a good indicator of your personal risk appetite. When looking at cyber liability insurance for a business, you need to know what is the appetite for risk of the business owner or primary stakeholders.

Purchase insurance accordingly. Start with your current business insurance provider, and go from there. As always, if you have questions or wish to discuss further, ping me.

Upcoming Virtual Workshop

Eight years after its release, many organizations still find themselves struggling with how to implement the NIST CSF. In this virtual workshop, we will break it down into a simple, 7-step process that anyone can follow.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2022 The Net Effect, L.L.C. All rights reserved. Read our privacy policy