Lasco and Cleveland State Bank Partner to Engage in Security Awareness Teaching
Lasco teamed up with Cleveland State Bank to offer security training for area businesses.
Updates and Maintenance for Cybersecurity
Keeping your systems up to date is a fundamental aspect of safeguarding your data and operations. We’ll explore the importance of system updates and maintenance in bolstering your organization’s cybersecurity.
Lasco Cybersecurity Symposium 2023
Lasco Cybersecurity Symposium 2023 Lasco’s latest Cybersecurity event was held on Tuesday, Oct. 17, at NMU’s Northern Center in Marquette, Mich. Cyber Education for Community Banks The Cybersecurity Symposium was a live, in-person event, engaging cybersecurity staff from community banks in Michigan and Wisconsin in education regarding current trends and threats. More than 20 attendees showed up to hear our Cybersecurity Team talk about what threats are out there, why it’s important to be aware, and what can be done to prevent cyber attacks. Hands-on training including mock incident reports and succession planning helped to round out the full-day of education, and encouraged group discussion of concerns community banks are facing. Lasco is committed to providing the best education and resources to help keep our banks secure. Putting You Ahead of Cyber Threats Lasco knows the cyber-landscape. We are monitoring current threats and analyzing trends to see what’s coming on the horizon. Our annual Cybersecurity Symposium is an important part of passing on that information. The face-to-face Symposium is the best way to encourage discussion and to find out what your questions are as well as learning where vulnerabilities may lie. Request a Consult The cyber world is always moving, always changing, and it can be difficult to stay ahead of cyber threats. Lasco can provide the resources you need to stay ahead of those threats. If you are unable to attend our annual Cybersecurity Symposium or our Virtual Cyber Roundtables, we can offer customized training and other services to help keep your institution secure. Request a consult above or read more on our website at Cybersecurity & Compliance.
Plaidurday
Lasco Celebrates Plaidurday the International Celebration of Plaid, on Oct. 6, 2023.
Multi-Factor Authentication: Strengthening Online Security
Turn On Your Multi-factor Authentication Article by Mark Niemi – Threat Analyst at Lasco Development Corporation [10/16/2023]This week for Cybersecurity awareness month the focus is MFA and turning it on. While this is somewhat the beating of a dead horse, MFA, or Multi factor Authentication, should be enforced and turned on wherever possible to layer security on top of our authentication processes. MFA is said to stop 80-90% of identity-based attacks, a number that has declined over the past few years. It was once thought to block 99% of identity-based attacks involving the use of a compromised password. The reason for the change is that not all MFA is completely secure, and some forms are stronger than others. Below are some tips to help you select the right options for your organization. Know the Weaknesses During the MFA setup phase, when we’re given an option like email to setup MFA for an account, many of us may not choose the strongest method available. We may be naïve in thinking each option has the same level of security. Options like an Email or SMS make it easier for users to gain access to a code and to copy and paste it in, but we may not realize that these methods can be phished simply by gaining access to a phone’s SMS messages, the phone’s lock screen, or having access to the very same email account that is already compromised. A few attack types based on weaknesses: Sim-swapping – Attacks like sim-swapping give an attacker direct access to a phones SMS message by cloning the devices sim card through 3rd party compromise attacks like social engineering the phone carrier. Push fatigue – MFA Bombing or Push fatigue where an attacker will spam MFA push notifications to the phone in hopes of the victim getting irritated and accepting or allowing access to get the notifications to stop clearing. Business Email compromise – This is an area of concern since email attacks can be damaging for the account owner and all their contacts and other services with identity dependencies. If an attacker has access to an email address, any service that has been setup with that email address can be reset, also giving attackers access to any MFA codes that are generated for email-based MFA. Pick a Secure Option As SMS and Email are most common methods for MFA setup, a more secure option, like an authenticator app, will use the device’s current date/time and unique seed to generate a 30-60 second cycled MFA code that does not require internet access. Other options like FIDO or FIDO2- compliant MFA and hardware-based tokens take away the convenience of being able to simply copy and paste tokens, but they become phishing-resistant in a way that would require an attacker to have the device the code is generated from or get the original seed code during setup. As most attacks are remotely administered, the hardware dependent aspect makes it extremely challenging for an attacker to gain access to the codes without being in the physical location or retrieving the seed. More Secure options: Authenticator App – Google, Microsoft and many more make authenticator apps. Choose a well-known one and don’t fall for fake ones in the app stores. They are out there! Hardware Appliance/Dongle – This will be based on the MFA software and will vary. Biometrics with FIDO compliance – This is an area where passwordless authentication is growing. Using a biometric token like a fingerprint or facial recognition offer a uniquely generated token which can be nearly impossible to phish or replicate. The Lesser of Evils Sometimes we don’t have a choice for a more secure option and are at the mercy of whatever we do have access to due to vendor/manufacturer restrictions. In this case, picking the lesser of evils must happen, as having any MFA is still better than having no MFA at all. In this case, SMS or push notifications can be the best options as they are tied to a mobile device that is harder to replicate or gain access to. Even though SMS is a weaker option there are some protections that can be done to help make your MFA strong. Keep your software updated! – This is a critical step that can apply in all situations but it’s even more important to protect the device. Use a passcode/passphrase – Protect your phone data and access to it by having a passcode. Be Mindful of notification/banners – Some data can be given away on the lock screen or actions can be taken from the lock screen. Keep your banners/notifications away from prying eyes or shoulder surfers. Request a Consult Know when something is wrong – Mobile devices get slow, and batteries weaken, but excessive battery drain, and slowness are also signs of malware. Get in the habit of rebooting your devices and removing unnecessary software to help keep them clean. Additionally, if your phone service stops working, this can be a sign of a sim-swapping attack where your SIM card has been deactivated and the attacker has taken over your cell phone number. More Information https://www.cisa.gov/secure-our-world/turn-mfa https://fidoalliance.org/fido2/
Lasco Partners with Central Savings Bank for Security Training Event
Lasco and Central Savings Bank Speaks to the Community on Security and Fraud Prevention Andrew Gale, V.P. of Technology Services at Lasco presenting to local organization leaders. [Sault Saint Marie, 10/13/2023] – In a collaborative effort to enhance the safety and security of the community at large, Lasco and Central Savings Bank hosted a dynamic evening event. This event brought together business leaders and individuals from the community to delve into the critical topics of cybersecurity and fraud prevention.Andrew, V.P. of Technology Services at Lasco, led the audience through an engaging presentation of a wide range of cybersecurity topics, shedding light on the fundamentals of cybersecurity, the alarming rise of business compromise, and the importance of adopting a strong security culture. He also emphasized the significance of key policies and procedures that organizations should adopt to safeguard their digital assets. “With the growing reliance on technology in today’s business landscape, an understanding of cybersecurity is essential. We want to empower our community with knowledge to protect themselves and their organizations against digital threats,” said Andrew. In a complementary presentation, Andrea from Central Savings Bank shared invaluable insights into fraud prevention and awareness. Her presentation included a mix of tools and techniques that can be applied to organizations of all sizes. She emphasized the need for vigilance, proactive measures, and continuous education to thwart fraud attempts. The event, held at City Hall in Sault Saint Marie, Michigan, was broadcast on Spectrum 189 and streamed on City Hall’s Youtube page. If your organization is looking to partner with Lasco for a similar event or would like to schedule personal training for your employees or board members, check out Lasco’s event page or contact (800) 800-6197.
Paint the Peninsula Pink
Team LASCO showing support for Breast Cancer research and Superior Health Foundation. (Left to Right: Corey, Deborah, Sam, Bob, Mark, Random, Ben, and Leigh) October is Breast Cancer awareness month, and that means it’s time to Paint the Peninsula PINK! The Superior Health Foundation (SHF) uses the month of October to run their month-long Paint the Peninsula Pink fundraiser, presented by the M.E. Davenport Foundation. Lasco is a proud supporter of Paint the Peninsula Pink! The money raised during Paint the Peninsula Pink goes directly to the SHF Breast Health Fund which provides funding to both men and women in the Upper Peninsula to help with out-of-pocket breast health expenses. There is a need in our community for this funding. In 2022 alone, SHF provided funding to 10 or more people across the U.P. faced with challenging out-of-pocket breast health expenses. Thus far in 2023, more than $5,000 in funding has been awarded to seven people. Everyone should have access to life-saving care! Please support the SHF and help Paint the Peninsula Pink! For more information, please visit Paint the Peninsula Pink – Superior Health Foundation.
Preventing Ransomware in Your Organization
Preventing Ransomware at the Workplace Ransomware attacks continue to be a significant threat to businesses of all sizes. These malicious attacks can disrupt operations, compromise sensitive data, and result in significant financial losses. This week, during the month of October’s Cybersecurity Awareness Month, we’ll explore the importance of taking preventative measures against ransomware, with a particular focus on Multi-Factor Authentication (MFA). Understanding the Ransomware Threat Ransomware is malicious software that encrypts (or locks away) an organization’s data, rendering it inaccessible until a ransom is paid to the threat actors. These attacks have been on the rise in recent years due to the increasing ease of exploiting all sizes of organizations, from small businesses to large enterprises. The costs associated with ransomware attacks extend far beyond the ransom itself. Organizations may incur expenses related to data recovery, legal fees, reputational damage, and lost productivity. Last week we read about building a security culture in your organization; that is the beginning of helping prevent ransomware threats. The Role of Multi-Factor Authentication (MFA) Multi-Factor Authentication, or MFA, is an additional step in securing your organization against multiple threats. MFA requires users to provide two or more authentication factors before granting access to an account or system. These factors can include something the user knows (e.g., a password), something the user has (e.g., a mobile device or authentication token), or something the user is (e.g., biometric data like fingerprints). MFA plays a pivotal role in enhancing security by adding an additional layer of protection beyond traditional password-based authentication and acts as a formidable deterrent against ransomware attacks. Threat actors often rely on stolen or weak passwords to gain unauthorized access to systems. With MFA in place, even if an attacker manages to obtain a user’s password, they will be unable to proceed without the secondary authentication factor. Real-world examples have demonstrated how MFA has thwarted ransomware attacks, saving organizations from potential data breaches and costly ransom payments. From a cost perspective, the investment in MFA often proves to be significantly more cost-effective than dealing with the aftermath of a ransomware incident. Going Beyond MFA While MFA is a robust defense, it should be complemented by other preventative measures. Regular data backups are crucial, enabling organizations to restore their systems in case of an attack. Security awareness training for employees helps them recognize phishing attempts and other social engineering tactics commonly used by ransomware attackers. Keeping software up-to-date is also essential, as vulnerabilities in outdated software can be exploited by cybercriminals. Ransomware threats are real and pervasive, but organizations can take a proactive approach to safeguard their valuable data and maintain business continuity. Following best practices, like adopting MFA, businesses can significantly reduce their vulnerability to ransomware attacks. Remember, in the digital world, staying secure means staying vigilant. Request a Consult If you or your organization is looking to start a discussion or need help establishing MFA or other best practices, request a consult with an expert and get secure today!
Subsistence and Security in Dickinson County
Food and Fun with the community in Dickinson County Lasco, in conjunction with the Dickinson Area Chamber of Commerce, hosted a Lunch & Learn at the Pine Mountain Resort on Thursday, October 5 for business organizations in the Dickinson Area. Photo showing Ben Chaney with Lasco sharing insight on adapting security into your organization. 10/6/2023 | In a bid to fortify the digital defenses of local businesses, Lasco recently hosted an enlightening seminar on fostering cybersecurity culture in the workplace. The event, held at the Pine Mountain Resort in Iron Mountain, provided to be an educational and gastronomic treat for all attendees. The seminar highlighted key aspects of building a cybersecurity-conscious workforce, with emphasis on a number of core components: Leadership Engagement: Lasco stressed the pivotal role of leadership in setting the tone for cybersecurity. Security Awareness Training: REcognizing that cybersecurity is a collective responsibility, Lasco advocated for comprehensive security training for all employees. Assessments and Policy Creation: Lasco also delved into the importance of regular security assessments to identify vulnerabilities and the subsequent creation of effective security policies. Apart from the insights gained, attendees also had the pleasure of indulging in cuisine provided by Pine Mountain Resort, making the event a true feast for both the mind and palate. Lasco Remains committed to safeguarding local businesses and communities from the ever-evolving cyber threatscape. With events like these, they continue to empower organizations with the knowledge and tools needed to stay one step ahead in the digital age. Looking to get an event like this hosted for you or your organization? Connect with Lasco to find out how today.
Evolving Your Security Culture
Evolving and Adapting Workplace Security Culture In today’s rapidly evolving digital landscape, the importance of a strong security culture cannot be overstated. As cyber threats continue to advance in complexity, organizations (big and small) must adapt their security practices accordingly. This post is all about exploring the evolving security culture, with a way we can make a positive change today. The Changing Face of Cybersecurity The days of using “password123” as a go-to password are long gone. Cybercriminals have become more sophisticated, employing a variety of tactics to compromise digital assets. As a result, the need for strong and unique passwords is more critical than ever. The Power of Strong Passwords A strong password is the first line of defense against unauthorized access to your accounts. Here are some key elements of strong passwords: Length Matters A longer password is generally more secure. Aim for at least 12 characters or more. For high profile accounts, such as administrators, will want something even longer, such as 16 – 21 characters in today’s standards. Complexity Counts Use a mix of uppercase and lowercase letters, numbers, and special characters to make your password harder to crack. From the NIST Special Publication (800-63B) they report that “the current ability of attackers to compute many billions of hashes per second with no rate limiting requires passwords intended to resist such attacks to be orders of magnitude more complex than those that are expected to resist only online attacks.” Avoid Common Words Steer clear of easily guessable words, such as “password,” “admin,” or your name. Your organization can also implement a word list associated with known breached passwords that prevent any words on the list to be used as a user login. Uniqueness Is Key Never reuse passwords across multiple accounts. Each password should be unique and not contain phrases or sections of previously used passwords. Regular Updates When in doubt, change it out! Change your password periodically, even if you haven’t experienced a security breach. From the 2023 IMB Breach Report, we can learn that “it took nearly 11 months (328 days) to identify and contain data breaches resulting from stolen or compromised credentials, on average, and about 10 months (308 days) to resolve breaches that were initiated by a malicious insider.” Enter the Password Manager Remembering complex passwords for every online account can be a daunting task. This is where password managers come to the rescue. Password managers are powerful tools that securely store and generate complex passwords, making it easy for users to maintain strong security. Key Benefits of Password Managers Enhanced Security: Password managers generate and store strong, unique passwords for each of your accounts, reducing the risk of a security breach due to password-related issues. Convenience: You don’t have to remember all your passwords; the manager does it for you. All you need is a single master password to access your vault. Cross-Platform Compatibility: Many password managers work seamlessly across various devices and platforms, ensuring consistent security. Two-Factor Authentication (2FA) Integration: Most modern password managers support 2FA, adding an extra layer of security to all accounts. Implementing a Password Manager While every organization is different, implementing a password manager across your organization can be a huge benefit and help reduce security risks. Here is a simple guide to getting started with a password manager: Choose a Reliable Password Manager: Research and select a manager that works best for your organization and security requirements. Cloud based password managers are quick and easy to setup, while on-prem keeps all of your data under your own lock-and-key. Install and Set Up: When configuring your password manager, each setup is unique. Some key points are ensuring a strong and unique master password for each user, and enforcing MFA/2FA for all users for login access. REQUEST A CONSULT Importing Existing Passwords: Most managers allow you to import existing passwords from your browser or other tools (or even spreadsheets!) Generate Strong Passwords: When creating new accounts or updating existing ones, let the password manager generate strong, unique passwords for you. Cloud-based password managers sometimes have password lists and watchguards in place to prevent password reuse and using passwords that have previously been involved in a data breach. Enable MFA: Whenever possible, enable multi-factor or two-factor authentication for an additional layer of security. Conclusion In the ever-connected world, the security culture is evolving to combat increasingly sophisticated cyber threats. Strong passwords and password managers are pivotal components of this evolution. By implementing these practices, individuals and organizations can significantly enhance their cybersecurity posture, safeguarding sensitive data and digital identities from malicious actors. Remember, it’s not just about passwords; it’s about a commitment to a safer digital future. If you would like to learn more about other tools and resources your organization can use to amp up your cybersecurity posture, connect with a specialist today!