Thanks for subscribing! Please check your email for further instructions.
by Harris N. Hershey Rosen, contributing writer and author, “Why? Because I love you”
A few days ago, President Biden and the National Security Advisor issued a memo to all US company leaders and corporate executives, entitled, “What We Urge You To Do To Protect Against The Threat of Ransomware”.
As we look at you, the head of your household, as your “family leader”, we’ve reprinted this here. After a week that followed the energy pipeline cyberattack, we’ve just witnessed new attacks (the ones that we know of) on the nation’s meat supply – with impacts on 1/3 of that supply – to the Steamship Authority and travel to Martha’s Vineyard and Nantucket.
That latter one should have gotten our attention – if only because it was literally on our shores and in our own backyard.
Here are select portions of the White House memo:
“The number and size of ransomware incidents have increased significantly and strengthening our nation’s resilience from cyberattacks–both private and public sector–is a top priority of the President’s. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.
Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.
The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively.
To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.
Below you will find the U.S. Government’s recommended best practices –we’ve selected a small number of highly impactful steps to help you focus and make rapid progress on driving down risk.
What We Urge You To Do Now – Implement the five best practices from the President’s Executive Order [with speed and urgency].
1. multifactor authentication (because passwords alone are routinely compromised)
2. endpoint detection& response (to hunt for malicious activity on a network and block it)
3. encryption (so if data is stolen, it is unusable)
4. a skilled, empowered security team (to patch rapidly, and share and incorporate threat information in your defenses).
These practices will significantly reduce the risk of a successful cyber-attack:
Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.
Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.
Test your incident response plan: There’s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
Check Your Security Team’s Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
Segment your networks: There’s been a recent shift in ransomware attacks –from stealing data to disrupting operations. It’s critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety critical functions can be maintained during a cyber incident.
Now, for all of those readers with companies, this may be very interesting and purposeful for your business.
For those with homes and all the data (quite a lot!) that it takes to maintain that well-oiled machine, we can learn something. But our steps are basic to start with – from securing our data to knowing where the “keys” to that security is in the first place – to even more basic things like having cash safely and securely stored outside of a financial institution should ATMs be compromised, and on and on.
All the more reason to get organized. You can’t create systems if you don’t have the basic data to put into those systems.
More and more I think I wrote “Why? Because I love you” out of some feeling, based in my military background, and then based in my background as a corporate executive, that bad things happen. Our biggest “weapon” against the evil that is among us – is to be prepared.
Make your plan – I will help you – my book will help you. Let’s do it together. Without delay.
Harris “Hershey” Rosen, is the author of WHY? Because I Love You, a book that says it like it is – “What you need to know when I die”. His book details methods to organize your important personal and family information for those who are left behind.
A graduate of Harvard, Hershey Rosen has focused on controlling chaos since 1954. He was a Financial Control Officer in the U.S. Army, where he received a Letter of Commendation for improvement to its worldwide accounting system. Next, on to satisfying everyone’s sweet tooth, he ran a candy company for 40 years, developing a system for locating ANY item housed in five factories, covering 600,000 square feet.
Following “retirement,” Hershey went on to become a mediator and settled over 200 disputes for the state of Rhode Island and The Community Mediation Center of Rhode Island. He was also asked to team-teach management courses at the University of Rhode Island, where he enthusiastically challenged the text book with real-life experiences, to the delight and edification of the students.
Always passionate about assisting others, Hershey has been a director or trustee of numerous boards and organizations. He has written Creating A Guide So Your Loved Ones Can Go On Living! to help others protect their spouses (and families) from the intense stress that will occur if one does not share financial information and knowledge critical to a functioning home. He then wrote My Family Record Book, expanding on the information in his first book, and finally, in 2020, WHY? Because I Love You was published.
Hershey, who lives in Providence, Rhode Island, can now relax (ha!) with his beloved wife, Myrna, and enjoy visits with their combined five children and ten grandchildren.
“WHY? Because I Love You” – available here: https://amzn.to/32iXJqq
Dear Mel –
Your memory is absolutely correct and I thank you for your kind words about my book. I’m very glad that it helped you organize your information. And, yes, Ed and you were a big inspiration, so I thank you.
But there are incidents of my education I left out.
There was also another person in charge – a Dave Black. He had the dubious distinction of teaching all of us how to attach a wire from the bed spring to the radio in such a way that when you rolled over, the station changed. A very important part of my Harvard education.
There was a big moment in Harvard history when George Marshall came to announce his plan. But we had to celebrate our own way. My room was closest to the bathroom, and someone appeared with a container, filled it with water and threw it out our window. Unfortunately it landed on a Yard Cop who wasn’t too pleased. The authorities didn’t know who did it, but they knew the room it came from. Thus, I was summoned by the Dean who placed me on probation. Fortunately my parents never knew what happened.
Thanks again for your comments. I hope you are well as we are here.
I think you have a wonderful publication and (with son Sam) have used it for our own situation as well as for legal clients in the past.
But you have omitted a most important qualification. As a Harvard freshman , I believe you resided in Matthews Hall — the domain of Providence proctors Ed Burke
and myself– the obvious source of inspiration for your later triumphs.