Previous month:
February 2021

Do You Know This About Cybersecurity?

Cybersecurity

Cybersecurity is in the news almost weekly. Unfortunately, the number of threats is increasing. The sophistication of the attacks is growing. Individuals, businesses (large and small), and governments are under attack. Here are some basics.

For example, Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York, was recently hacked in a high-profile ransomware incident. Another case involves SolarWinds. An NPR investigation into that attack revealed "a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives: the routine software update."

WHY should you care? The problem is huge, changing quickly, complex, and expanding. It impacts everyone and every organization. In a 2019 CEO Imperative Study by Ernst & Young, CEOs of the largest 200 global companies rated national and corporate cybersecurity as the number one threat to business growth and the international economy in the next 5 to 10 years.

 

According to McAfee, the global computer security software company, "Annual losses from cybercrime range from $500B to $1T and are projected to rise to $5T by 2024."

 

According to the Federal Bureau of Investigation, "There are 4,000 ransomware attacks every day."

 

According to The Center for Strategic and International Studies, a Washington think tank, and McAfee, "Sixty-four percent of Americans have lost personal data or had fraudulent charges due to cybercrime."

WHAT to do about it? The National Association of Corporate Directors in Cyber-Risk Oversight 2020 recommends five core principles that companies and their directors need to address:

 

Risk. Recognize cybersecurity as a strategic enterprise risk, not just an IT risk.

 

Legal. Understand that cyber risks have legal implications.

 

Expertise. Ensure there is adequate access to cybersecurity expertise and discuss risk management regularly.

 

Framework. Set expectations that management will establish an enterprise-wide, cyber-risk management framework with staffing and budget.

 

Financial Exposure. Identify and quantify the financial exposure for cyber risks and which risks to accept, mitigate, or transfer through insurance coverage and /or specific plans.

TAKE ACTION now as an Individual

 

Use complex passwords. The longer and more complex the better.

 

Update your devices so they have the latest security features and patches.

 

Don't open unsolicited emails and don't click on phishing links or buttons, no matter how realistic they may appear.

 

Back-up devices and systems regularly. When was the last time you did a back-up of your data? How much data can you afford to lose?

 

Protect your devices and Internet connections. Do you have anti-virus and anti-malware protection on your devices? Are you using two-factor authentication? Do you use a Virtual Private Network (VPN)?

TAKE ACTION now as a Business (from Cyber-Risk Oversight 2020)

 

Do you have an Incident Response Plan? Establish one now.

 

How is personally identifiable information (PII) safeguarded domestically and internationally? What other standards (e.g., HIPAA) must you comply with in your industry and how are you addressing them?

 

Which third parties have access to your systems and what controls are placed on them?

 

How do you manage and control your core security infrastructure? What defenses do your Internet gateways have? Do you use two-factor authentication? Do you allow anything in your network to talk directly to the Internet? How are you protecting and backing up your data?

 

Do you have an insider threat program? Do you employ a data-leak prevention product?

SUMMARY

Cybercrime is a big and growing risk. To protect yourself and your business, consider people, processes, and technology. Address the core principles of risk, legal, expertise, framework, and exposure. Make sure you have the right expertise to provide oversight. Take action now to protect, defend, and deflect.

Theresa M. Szczurek, Ph.D.
C-Level Global Executive, Corporate Director, and Colorado CIO of the Year

Copyright 2021 Theresa Szczurek.  All rights reserved.  


Good Leadership and Science Matter in a Pandemic

In the challenging times of this pandemic, Coloradans have received the best from two leading medical doctors, both of whom happen to be female. That's why the Business and Professional Women (BPW) of Colorado just named them 2021 Women of the Year. Congratulations and thank you to:

Dr. Rachel Herlihy, MD, MPH, State Epidemiologist and Communicable Disease Branch Chief, Colorado Department of Public Health and Environment. Dr. Herlihy is currently leading COVID-19 surveillance, case investigation, and outbreak response activities for the State of Colorado.
 
Dr. Michelle Barron, MD, Senior Medical Director, Infection Prevention and Control at UCHealth. Dr. Barron has led the charge against infectious diseases including the H1N1 flu pandemic in 2009 and Ebola in 2015. Since January 2020 and the beginning of the COVID-19 pandemic, she has worked around the clock with fellow leaders to protect patients, staff and providers across UCHealth.

During a virtual celebration on April 28, 2021, these two medical doctors shared some important lessons learned and words of wisdom.

Dr. Herlihy shared:

DATA DRIVES POLICY. It's a process: ask questions, go to the data, answer questions, and use this information to drive policy. We lacked a data infrastructure. We have a patchwork of systems. With funds coming in, we can build a robust informatics / data infrastructure.
PEOPLE MATTER. This pandemic requires all hands on deck. My organization grew from 50 to 450 people in a few months. We can be very proud and trust the team. We meet every day, two times per day for 30 minutes in morning and afternoon.
TEAMS WORK HARD. We found new leaders. We built a team, which never met face-to-face. We worked remotely and found ways to come together, communicate, and share. Together we tried to reduce the stress. Good leadership is an example.
COLLEAGUES GAVE SUPPORT. Collaboration came from local public health leaders, Colorado School of Public Health, the Governor's Office and others in the state, and so many more.
VACCINES ARE TO BE TRUSTED. The vaccine trials typically have three phases. To bring the COVID-19 vaccine to market faster they overlapped the phases. They did not cut corners. This approach will be used going forward.

Dr. Barron shared:

GOOD SCIENCE MATTERS. Media wants a headline and wants you to just watch, which led to distrust of good science. Be careful of what you watch.
HAVE CONFIDENCE. Remember FDR's quote, "There is nothing to fear, but fear itself." Imagine how the world will be if we are not afraid.
WE KNOW ENOUGH TO HELP PEOPLE. We are more prepared than most knew. We did a lot right. Past pandemics, such as H1N1 and Ebola, taught us where to improve so we don't struggle with pandemics.
MENTAL HEALTH IS SO IMPORTANT. We all need access to help sometimes. Debriefing on a daily basis can release what happened. When you get home, listen to your breath.
VACCINES ARE BUILT ON DECADES OF RESEARCH. Known to colleagues as Kati, Katalin Kariko, Ph.D. has emerged as one of the heroes of COVID-19 vaccine. Her work, with her close collaborator, Dr. Drew Weissman of the University of Pennsylvania, laid the foundation for the stunningly successful vaccines made by Pfizer-BioNTech and Moderna. "Science builds on science," Kariko says. "We always built on the people who came before us, and people will use our data. Of course, everything was important that those people did. I would hug them if I could."

Conclusion

Good leadership and good science both matter during troubled times. It is a pursuit of passionate purpose. More pandemics are forecast. People and teams are important collaborators. We are preparing the data infrastructure. Lessons learned:  We know what to do, data drives policy, mental health is important, vaccines are safe and build on decades of research, and be confident,  

by Theresa M. Szczurek, Ph.D.  @2021 copyright.  All rights reserved.