Meridian Celebrates Cyber Security Awareness Month

Since 2003, October has been recognized as National Cyber Security Awareness Month (NCSAM). This collaboration between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance started this initiative to ensure the safety and security for individuals or companies during their online experiences.  

There are various types of cyber threats that result in daily occurrences. The Government Accountability Offices (GAO) mentions these threats consist of Bot-network operators, criminal groups, foreign intelligence services, hackers, insiders, phishers, spammers, spyware/malware authors, and terrorists. These threats do not just threaten the U.S. Federal Government and Critical Infrastructure, but also small businesses or individuals.  Everyone is at risk. A successful cyber-attack could have severe impacts emotionally, economically, and environmentally.

Meridian’s Cyber Security Approach identifies threats & vulnerabilities, assesses risk exposure, develops protection & detection measures, establishes contingency plans, and responds and recovers from cyber security incidents. Meridian has multi-skilled specialists that can deliver Cyber Security services that includes:

  • Cyber Security Policies
  • Cyber Security Management Plans
  • Cyber Security Procedures
  • Cyber Risk Assessments
  • Office Contingency Plans
  • Vessel Contingency Plans
  • Cyber Security Training & Awareness

10 Basic Cybersecurity Measures (Water ISAC)

  1. Maintain an Accurate Inventory of Control System Devices and Eliminate Any Exposure of this Equipment to External Networks
  2. Implement Network Segmentation and Apply Firewalls
  3. Use Secure Remote Access Methods
  4. Establish Role-Based Access Controls and Implement System Logging
  5. Use Only Strong Passwords, Change Default Passwords, and Consider Other Access Controls
  6. Maintain Awareness of Vulnerabilities and Implement Necessary Patches and Updates
  7. Develop and Enforce Policies on Mobile Devices
  8. Implement an Employee Cybersecurity Training Program
  9. Involve Executives in Cybersecurity
  10. Implement Measures for Detecting Compromises and Develop a Cybersecurity Incident Response Plan

 

Are You in Danger of Being Doxxed?

Trolling online is one thing, but Doxing is something entirely worse.

Doxing when someone searches for and publishes private or identifying information about a particular individual on the Internet, typically with malicious intent.

Google yourself.  Put your first and last name in parenthesis then put the state.  What do you come up with?

There are hundreds of Databroker companies out there that survive off mining public databases, collecting that data and making it readily available at the touch of a button.  Doxing is becoming a common practice among populist and protesting movements.

Publishing your private information could open up you and your family to unprecedented dangers.

Business Executives, Public Figures, Public Officials are all to often become victim to their private information becoming public. A great deal of this information can be removed, though it isn’t easy. Depending on the state in which you are domiciled, you likely have the right to have your information taken down if requested. However, Databrokers don’t have to make it easy to navigate the process how.

Meridian can help. Meridian can remove your information from commonly searched sites and help to monitor it in the future. Please let us know if you are interested in this service.

For additional information, please contact us at (251) 345-6776 or info@meridian.us.

Minimizing the Impact of a Cyberattack

On May 12, 2017, the U.S. Department of Homeland Security (DHS) acknowledged that the ransomware WannaCry had infected computers of hospitals, companies, and government agencies around the world.  WannaCry restricts users’ access to a computer until a ransom is paid to unlock it.

The 2016 Horizon Scan Report of the Business Continuity Institute, a leading organization that certifies Business Continuity professionals, showed that for the second year running cyberattacks were the number one threat.  Cyberattacks can significantly disrupt an organization by causing loss of data, compromised personal or financial information, and unplanned downtime.

In minimizing the impact of a cyberattack, business continuity planning must address cyber security.

 All critical IT applications, processes, data, and locations that support the organization’s revenue, customer information, trade secrets, and other keys to success must be identified and properly protected.

To help secure your systems from cyber security threat, DHS recommended the following practices:

  • Update your systems to include the latest patches and software updates.
  • Do not click on or download unfamiliar links or files in emails.
  • Back up your data to prevent possible loss, whether you are at a home, work, or school computer.

Meridian.us has highly experienced subject matter experts who can assist your organization with business continuity planning.  Additionally, we have partnered with several leading cyber security service providers that have successfully served a wide range of customers from Fortune 100 and 500 companies to the U.S. Military.

For more information on our business continuity planning and cyber security services, please contact Meridian.us at (251) 345-6776 or info@meridian.us.

Does Your Safety Management System Address Cyber Risks?

At the recent Connecticut Maritime Association’s 2017 Shipping Conference, Coast Guard Rear Admiral Paul Thomas, Assistant Commandant for Prevention Policy, indicated that the U.S. has submitted a paper to International Maritime Organization (IMO) for consideration that makes the case for installation of governance over cyber risks as part of the Safety Management System (SMS) required by the IMO’s ISM Code. “ISM requires that SMS establish safeguards for all risks, and put in place procedures to ensure compliance with all requirements of the convention and domestic regulations. ISM specifically mentions computer systems, which we take to include control systems. Our paper suggests a timeline for port state control officers to verify that SMS do indeed address cyber risks.”

Soon after the Connecticut Maritime Associations Shipping Conference, the U.S. Coast Guard released its Port State Control 2106 Annual Report. Detainable deficiencies are ranked as follows:

It is interesting to note that International Safety Management (ISM) Code has risen from 10th in 1998, when it became mandatory for companies operating certain types of ships, to 2nd in 2016.  In his February 2017 interview with Marine News, Admiral Thomas indicated that the Agency is working hard to update ISM requirements in both regulation and guidance.

To mitigate the risk of critical cyber systems, new Coast Guard ISM requirements may include the following:

  • Designated person responsible for Cyber Risk Management (CRM);
  • Corporate structure to address CRM;
  • Training requirements based on access to cyber systems; and
  • Corporate and shipboard procedures for operations and maintenance of critical cyber systems.

Does your SMS have these components?  How effective is your implementation?

Meridian.us can help your organization improve the effectiveness of your ISM Code compliance and cyber risk management.

For more information please contact Meridian.us at (251) 345-6776 or info@meridian.us.

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests

After updating your password for the umpteenth time, have you resorted to using one you know you’ll remember because you’ve used it before? Have you ever given up on an online purchase because you just didn’t feel like creating a new account?

If you have done any of those things, it might be the result of “security fatigue.” It exposes online users to risk and costs businesses money in lost customers.

A new study(link is external) from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.

 

Read more…