Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

July 11, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Fortinet has released a fix for a serious problem with its FortiNAC zero-trust product
  • the Internet Systems Consortium (ISC) has released 3 fixes for critical vulnerabilities in BIND
  • Cisco has announced a critical vulnerability in Nexus 9000 Series Fabric Switches in ACI mode for which there is no fix, recommends disabling the devices immediately

Patch All the Things!

Last one: "Recover"

Finishing my theme of the five core functions of the NIST Cyber Security Framework (CSF), this week I want to talk about the final core function, Recover. How do you recover from an actual cyber security incident?

Whether an individual, family or business, "recovering" means getting back to normal life, right? So, if you got hit with ransomware for example, hopefully you had good backups you can restore. Once your information system is back in good working order, there are a few more things to consider:

Lessons Learned Now that you are up and running again, your first priority is to make sure this never happens again!

  • What was the cause of the incident and how could that be prevented in the future? (keeping software up to date, enabling 2FA, security awareness training)
  • How quickly did you detect the incident? What could you have done to improve that time? (better logging & monitoring, increasing alerting)
  • How quickly and smoothly were you able to recover? What hurdles did you face and how could you have prevented them? (local backup, forensic specialist on call, a good incident response plan)

This is a great time to do a SWOT analysis and make sure that all those lessons learned are incorporated into your SOP and your incident response plan.

Public Relations. Were you offline for some period of time? Do you have customers and vendors who were inconvenienced? (Customers couldn't get service, vendors couldn't get paid or couldn't make deliveries.) How well did you communicate with them, both during and after? Did you suffer reputational damage that needs to be repaired?

We all hope never to be the victim of a cyber attack, and yet most experts will tell you it is no longer a question of whether it will happen, only when. Your absolute best defense is prior preparation!

Stay cyber safe this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy