The Basics of Cyber Insurance
Do you need cyber insurance? Probably. Do you need help figuring out how it all works? Read on for the basics of cyber insurance.
Prepare for 2024: Assessment tools to secure your organization.
A quick recommendation of a couple of tools and resources to better prepare your organization for a secure new year!
Lasco Names Niemi Vice-President of Cyber Services
Lasco Names Mark Niemi Vice-President of Cyber Services Lasco is pleased to announce the promotion of Mark Niemi, Cyber Threat Analyst, to Vice President of Cyber Services. A familiar name and face to Lasco clients, Mark has been with Lasco for 14 years. Mark began work at Lasco as a part-time Help Desk technician, moving to a Tier 3 technician, then to being one of Lasco’s senior network administrators. Mark’s interest in the dark web and cybersecurity has evolved over the years, and as Lasco’s needs for cybersecurity and cyber-readiness has increased, Mark was moved to focus on cyber services for our clients as well as monitoring Lasco’s overall cyber health. As the need for cybersecurity continues to grow, Lasco feels Mark is ready to take on the role of Vice President of Cyber Services. Mark’s duties will have him continue working on cyber threat analytics. He will also be tasked with growing Lasco’s cyber services and sharing the load of Lasco’s internal and external compliance requirements. Please join all of us in congratulating Mark on his promotion as he continues to further his career with Lasco.
Lasco and Peoples State Bank – Cybersecurity Lunch & Learn
Lasco and Peoples State Bank of Munising partner up to engage local business leaders in cybersecurity training and look at the threat landscape in regards to business compromise.
CSBS R-SAT 2.0 – What you need to know
CSBS Updates Ransomware Self-Assessment Tool in Response to Enhanced Threats On October 24th, 2023 the Conference of State Bank Supervisors (CSBS) released a webinar outlining their updates to the Ransomware Self-Assessment Tool (R-SAT) detailing today’s ransomware threat environment, the risk to the financial sector, and why changes were made to the R-SAT. Speakers included Commissioner Charles Cooper of the Texas Department of Banking, Phillip Hinkle of the Texas Department of Banking, Robert Kahl of the FDIC, Christopher Furlow of the Texas Bankers Association, Brad Robinson of the CSBS, and Mary Quist of the CSBS. Ransomware Self-Assessment Tool – What is it? In case you didn’t know, the R-SAT is a resource created from the Bankers Electronic Crimes Taskforce, state bank regulators, and the United States Secret Service to “help financial institutions periodically assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security,” according to the R-SAT Purpose Description. Essentially, this tool allows an organization to check and verify they are following all of the best security practices to help reduce the risk of ransomware. This can be done regularly on an organization’s own time, and it compliments things such as vulnerability assessments, penetration tests, and audits. Important Updates to R-SAT While many of the core elements of the R-SAT are the same, they have expanded the questionnaire from 16 to 20 questions and included emphasis within some critical areas. Below are a few key changes we agree are big game changers on how you view security within your organization: Increased emphasis on multi-factor authentication (MFA).Before, MFA was a subsection of the R-SAT. They have now expanded it to its own question (question 13) and emphasized key components on where it should be used at a minimum. Request a Consult Security Awareness Training for employees has an increased emphasis. The assessment tool now focuses more on the quality and quantity of security training for employees by adding in a question on frequency and whether the organization utilizes phishing tests on a quarterly basis. They also ask if the organization is providing emerging ransomware threats and news to keep everyone aware. Expansion for checks on cloud-based environments.Throughout the assessment, there has been an increase in detail regarding cloud-based environments for authentication, data validation, and even backup controls. Incident Response Planning.Not only do they update wording and processes to match the latest needs in cyber controls, but they include alternative strategies with regard to third party involvement ranging from media representation, escalation procedures, threat hunting, and more. Third Party Engagement.Last but not least, they also added some emphasis and checks regarding organizations that use outside partners to complete their service portfolio. New questions about response procedures and scope of how a third party may be involved (question 18) or if you utilize an existing pre-approved third party in the event of a ransomware attack (question 19). A sub question for this that is very important asks, “Are any such third parties pre-approved by the bank’s cyber insurance provider?” A Successful Update to a Great Resource Here at Lasco, we are pleased to see further development of this assessment tool. There have been a great number of advancements on how ransomware can be distributed, and it only gets easier for threat actors. With these changes and vigilance on security we can continue to defend against the next cyber incident in our organizations. If you would like to watch the webinar, you can see it here: https://youtu.be/lMZgpJ1fF_A?si=Hl90jfJB_j9M_EVC Check out the updated assessment tool here: https://www.csbs.org/ransomware-self-assessment-tool Don’t forget, we can help you through the changes of this assessment tool and many tools like it! Connect us by filling out the form above or find out more information on our Cyberecurity and Compliance page.
Supporting the Future of Cybersecurity Professionals
Lasco Shows K12 Support at NMU Yoopercon [Marquette, MI Nov. 2nd, 2023] NMU Yoopercon, hosted by Northern Michigan University, serves as a prime avenue for igniting interest and knowledge in cybersecurity. This event offers workshops, seminars, and practical experiences, allowing students to interact with industry professionals and grasp the latest cybersecurity trends and challenges. Yoopercon 2023Ben Chaney, Business Development Manager at Lasco, spoke to foster interest and awareness among students at the NMU Yoopercon 2023 event, helping shape the landscape for future I.T. professionals, which aligns closely with Lasco’s commitment to technological innovation and security. During the panel, Ben presented ideas and helped inform students’ understanding of what to expect when coming into a cybersecurity role, outlining the importance of understanding regulations and compliance in each field, emphasizing the importance of continuing education, and keeping informed of the latest intelligence from both large and small vendors and organizations. Ben joined William Provost (UPPCO CISO), Anthony Cavalieri (Lundin Mining IT Manager), Mark Tracy (Marquette Board of Light and Power System Administrator), and Liam Goetz (Northcross Group) on the panel.
Lasco and Cleveland State Bank Partner to Engage in Security Awareness Teaching
Lasco teamed up with Cleveland State Bank to offer security training for area businesses.
Updates and Maintenance for Cybersecurity
Keeping your systems up to date is a fundamental aspect of safeguarding your data and operations. We’ll explore the importance of system updates and maintenance in bolstering your organization’s cybersecurity.
Lasco Cybersecurity Symposium 2023
Lasco Cybersecurity Symposium 2023 Lasco’s latest Cybersecurity event was held on Tuesday, Oct. 17, at NMU’s Northern Center in Marquette, Mich. Cyber Education for Community Banks The Cybersecurity Symposium was a live, in-person event, engaging cybersecurity staff from community banks in Michigan and Wisconsin in education regarding current trends and threats. More than 20 attendees showed up to hear our Cybersecurity Team talk about what threats are out there, why it’s important to be aware, and what can be done to prevent cyber attacks. Hands-on training including mock incident reports and succession planning helped to round out the full-day of education, and encouraged group discussion of concerns community banks are facing. Lasco is committed to providing the best education and resources to help keep our banks secure. Putting You Ahead of Cyber Threats Lasco knows the cyber-landscape. We are monitoring current threats and analyzing trends to see what’s coming on the horizon. Our annual Cybersecurity Symposium is an important part of passing on that information. The face-to-face Symposium is the best way to encourage discussion and to find out what your questions are as well as learning where vulnerabilities may lie. Request a Consult The cyber world is always moving, always changing, and it can be difficult to stay ahead of cyber threats. Lasco can provide the resources you need to stay ahead of those threats. If you are unable to attend our annual Cybersecurity Symposium or our Virtual Cyber Roundtables, we can offer customized training and other services to help keep your institution secure. Request a consult above or read more on our website at Cybersecurity & Compliance.
Plaidurday
Lasco Celebrates Plaidurday the International Celebration of Plaid, on Oct. 6, 2023.