Author: C. Stokes

Mr. Stokes is currently the Chief Information Security Officer for Florida A&M University. He has over 25 years of industry expertise with a depth of experience and strong performance results in a variety of business leadership/management and information security management roles. With strong analytical skills and the ability to clearly structure complex situations, he develops and delivers solutions.

FTC Cybersecurity Basics

The Federal Trade Commission provides resources on 12 different topics including cyber scams like ransomware and phishing, key considerations like physical security and vendor security, and more technical guidance on things like email authentication.

Learn the basics for protecting your business from cyber attacks. The business cybersecurity resources in this section were developed in partnership with the National Institute of Standards and Technology, the U.S. Small Business Administration, and the Department of Homeland Security.”

(Click the pic)

FDA Safety Communication – Medtronic MiniMed Insulin Pump

Please be mindful of any devices you use especially for healthcare that can be controlled/adjusted/configured remotely. The FDA put out this communication about such a device. Please heed accordingly.

“The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings.”

https://www.fda.gov/medical-devices/safety-communications/certain-medtronic-minimed-insulin-pumps-have-potential-cybersecurity-risks-fda-safety-communication

Three Florida cities attacked by ransomware within the month of June.

Florida cities, Riviera Beach, Lake City and Village of Key Biscayne, all came under siege by what appears to be an organized barrage of cyber attacks. Organizations should all begin to pay close attention to email traffic, network anomalies and users cyber habits at work and at home. Awareness and training are the first line of defense.

(Click the pic for article)

“Baltimore won’t pay hackers’ ransom, sets aside $10M in emergency funding to recover from cyber-attack” – USA Today

Cities, counties, universities all forms of government organizations are coming under attack from organized crime with ransomware. Decisions have to be made by leadership / management as to if we can and will pay. Law enforcement rarely suggests paying a ransom but if your in business and surviving means getting the systems back up by any means your in a dilemma. Plan today with your IT staff, How do we handle this threat. Cyber liability insurance is something that all businesses have to consider.

(Click the pic)

CISO Longevity

Chief Information Security Officers have a short life expectancy in most organizations. Strategic planning must involve mitigation and remediation measures just as much as preventative steps in reference to breaches. Being able to say yes we’ve been breached however these were the steps we took to minimize the effects and we have a pre-planned response and recovery function currently being orchestrated might be the difference needed to save ones job.

(Click the pic)

6 steps to secure your Facebook account right now

For those of us who still use Facebook (the “old heads”) this article is a good resource to review/adjust your settings. The following steps should be reviewed every six months or annually at the least. THis is a fairly easy read with great instruction to assist one in securing the privacy of their online account.

  • Use a strong password and two-factor authentication
  • Go through Privacy Settings and Tools
  • Limit past posts from the public eye
  • Audit devices with access to your account
  • Don’t forget to look through apps with access
  • Disable Location History on your mobile phone

https://www.cnet.com/how-to/6-steps-to-secure-your-facebook-account-right-now/

U.S. Customs Officials Confirm Traveler Photos Compromised As Part Of A Major Hack

Vendor Management or Third Party Vendor Assessments. You have to review who you are doing business with, what business practices do your subcontractors exercise. At the end of the day it is your organizations name that will be plastered on the news. Begin with a minimum security standards survey that you have all vendor partners go through.

https://www.forbes.com/sites/kateoflahertyuk/2019/06/11/u-s-customs-officials-confirm-traveler-photos-compromised-as-part-of-a-major-hack/?ss=cybersecurity#6d85161913ab

The NIST Cybersecurity Framework

The National Institute of Standards and Technology provides this voluntary framework which consists of standards, guidelines, and best practices to manage cybersecurity-related risk.  The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.