Asset Protection

Cybersecurity Monthly Newsletter January 2022

by | Jan 31, 2022

In this issue:

  • Cybersecurity Shorts

  • Software Updates

Happy New Year! We hope 2022 has been good to you so far. In the world of cybersecurity, it is only the first month of the year, but we have already seen data breaches, hacks, and fraud. Read on to learn more about:

 

  • The most dangerous password habit you might be doing
  • Cybersecurity trends for 2022
  • Software you should update immediately
  • And more

Cybersecurity shorts

Is your business ready to navigate cybersecurity threats? Since the start of the Covid-19 pandemic, many technology professionals have encountered the need to support hybrid and remote work environments. Organizations and companies must have the appropriate access to cybersecurity solutions. If not, this will result in vulnerabilities and increased risk. Read more about how your business can navigate cyberthreats here.

Government addresses cybersecurity issues in K-12 schools. The recently signed K-12 Cybersecurity Act gives the Cybersecurity and Infrastructure Security Agency 120 days to study the cyber risks K-12 schools face and gives them the ability to recommend guidelines to help schools improve their cybersecurity posture. Here, you can read more about why this is an important topic and some of the research that has gone into implementing this act.

U.S. still lacks cyber strategies. Federal cybersecurity remains in jeopardy despite decades of efforts. Previous attempts to execute a national strategy have sought to address the responsibilities of the private sector, which controls the vast majority of critical infrastructure. But why do attempts keep falling short? You can read more here.

Reuse your passwords? Hackers are on to you. Recently, more than 1 million online accounts across 17 well-known companies have fallen victim to hacking attempts. These hackers reused previously stolen passwords swirling around the internet. This ploy is known as a “credential stuffing attack” which involves a cybercriminal repeatedly trying to access someone’s account by utilizing usernames and passwords that previously have been made public.

Don’t expect a cybersecurity slowdown in 2022. Even though 2021 was a year unlike any other–with more than $20 billion invested in the cybersecurity sector–industry experts are predicting 2022 may build off that momentum. Last year’s investment was driven to new extremes by sectors including the cloud, API security, health care IT and insurance, and it is predicted that 2022 will see increased cybersecurity in sectors such as crypto and compliance and auditing.

Password manager LastPass has data breach scare. After investigating the incident, LastPass announced that there is no evidence of a data breach following users’ reports stating they were notified of unauthorized login attempts. The senior director of LogMeIn Global PR, Nikolett Bacso-Albaum, recently stated that the alerts users received were related to a “fairly common bot-related activity” that involved malicious attempts to log in to LastPass accounts that had previously been made public in past breaches. 

FTC warns of potential penalties for Log4j vulnerabilities. The Federal Trading Commission (FTC) put out a statement warning companies there could be legal repercussions if they fail to remedy a recent software vulnerability in the open-source tool Log4j software used throughout the tech industry and found in products built by companies like Amazon, Google, and Microsoft. The FTC also states that it plans to apply its legal authority to protect consumers in cases of “similar known vulnerabilities in the future.” Additionally, the FTC pointed companies to guidance from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which has issued a series of alerts and advisories on how to patch these issues. You can read more about the FTC’s statement here.

Bipartisan group of Senators requests cybersecurity updates on infrastructure. A group of senators has written the Department of Homeland Security (DHS) and the Department of Transportation (DOT) seeking information about specific measures regarding planned cyber defense of U.S. critical infrastructure. The senators believe that many state and local transit systems are not equipped to implement more than basic cybersecurity protections; they are requesting information about how the DHS and DOT are meeting certain responsibilities.

 

Software Updates

Microsoft: Over 120 security vulnerabilities are addressed in this month’s Microsoft update. Nine of these security flaws are considered critical and some are already being exploited by hackers. Your device should prompt you to update automatically but you can read more here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below. 

\

The 4x4 Financial Independence Plan ˢᵐ

\

Coaching and Consulting

You May Also Like…

Investment Advisory Services are offered through Lifetime Financial, Inc., a Registered Investment Advisory. Insurance and other financial products and services are offered through Lifetime Paradigm, Inc. or Lifetime Paradigm Insurance Services. Neither Lifetime Financial, Inc. nor Lifetime Paradigm, Inc., or its associates and subsidiaries provide any specific tax or legal advice. Only guidance is provided in these areas. For specific recommendations please consult with a qualified, licensed Advisor. Past performance is no guarantee of future results. Your results can and will vary. Investments are subject to risk, including market and interest rate fluctuations. Investors can and do lose money and, unless otherwise noted, they are not guaranteed. Information provided is for educational purposes only and is not intended for the sale or purchase of any specific securities product, service or investment strategy. BE SURE TO FIRST CONSULT WITH A QUALIFIED FINANCIAL ADVISER, TAX PROFESSIONAL, OR ATTORNEY BEFORE IMPLEMENTING ANY STRATEGY OR RECOMMENDATION DISCUSSED HEREIN.

This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you think you have received this communication in error, please notify us immediately by reply e-mail or by telephone (800) 810-1736 and delete the original message.

This notice is required by IRS Circular 230, which regulates written communications about federal tax matters between tax advisors and their clients. To the extent the preceding correspondence and/or any attachment is a written tax advice communication, it is not a full "covered opinion." Accordingly, this advice is not intended and cannot be used for the purpose of avoiding penalties that may be imposed by the IRS.