Asset Protection

Cybersecurity Monthly Newsletter September 2021

by | Sep 30, 2021

In this issue:

  • The Importance of Updating Your Software Always: Apple and Google

  • Savvy Cybersecurity Quick Links 

  • Cybersecurity Shorts

  • Software Updates

The Importance of Updating Your Software Always: Apple and Google

If you ask a cybersecurity professional one action you should always take to protect yourself from hacks and malware, many will tell you to update your software any time new updates are available. However, most of the general public is slow when it comes to updating devices and software.

Why do people typically delay updating their devices? They like the way their device or app works and don’t want cosmetic changes. Or they are too busy when they get the update notification and keep snoozing it indefinitely.

But updating your device, software, and apps regularly really is an important step in staying safe from cyberattacks. Companies usually release updates when a security vulnerability is discovered in its product. If you don’t update, your device is left open to hackers exploiting the known security issues.

This month we saw two examples highlighting the importance of updating your devices and software. First, Apple announced an emergency update for iOS after a vulnerability was being exploited by Israeli firm NSO Group to surveil journalists and human rights advocates. The security issue allowed the spyware to gain access to a user’s phone without them clicking on any links.

Most of us do not need to be worried about being spied on by this group, but Apple still encouraged all users to update the operating system on their iPhone and iPad. That is because other hackers can reverse engineer these exploits and launch attacks on regular people and businesses.

If you are an Apple user and have not yet updated to iOS 14.8, do so immediately. You can check for updates on your device by going to Settings, General, Software Update.

A few days after the Apple announcement, Google also urged Chrome users to update their browser immediately. The update included 11 patches, two of which closed security holes that were actively being exploited by hackers.

Google Chrome users want to be running version 93.0.4577.82. If your browser is outdated, you’ll see an update button at the top of your browser. The button starts off as green but progresses to orange and then red if you don’t update in a timely fashion.

When you click Update, you don’t need to worry about losing all your tabs. Chrome will restart and save what you had open. If you use another browser primarily but have Chrome installed on your device you must still update.

 

Best practices

When it comes to keeping your device and software updated, here are some best practices:

Turn on automatic updates whenever possible. These typically will update during a time you are not using your device and will keep you as up-to-date as possible.

If you get a notification to update, do it as soon as reasonable. If you are in the middle of something important, you can often schedule your update for later when you won’t be using your device.

Check the ‘Software updates’ section of this newsletter each month to make sure your devices are updated.

 

Cybersecurity shorts

Cyber resiliency is important with hybrid work environments. Many companies have newly adopted a hybrid work landscape due to the pandemic. Now, cybersecurity officials are advising that companies prepare to work strategically to ensure their networks are secure. Additionally, it is important that they educate their employees on different cyber issues that may arise, including malware, phishing, and social engineering. You can read more on this importance here.

Generations differ when it comes to cybersecurity. Of people aged 65 and older, 40% said that consumers themselves are responsible for keeping their personal data safe. But that number drops much lower, to 23%, when asked among those between the ages of 25-44. Where else do the generations lie when it comes to cybersecurity? Learn more here.

Infrastructure bill includes funding to secure necessities from cyber-attacks for Americans. With numerous high-profile ransomware attacks fresh in their minds, U.S. Senate negotiators wove cybersecurity investments throughout the bipartisan $1 trillion infrastructure proposal which was recently just passed. These allocations reflect the growing realization that any cyber-attack could leave Americans without water, power, and other essentials.

Hackers target COVID-19 supply chains. Cybercriminals are getting more skilled at finding and exploiting every potential threat surface in these crucial networks. Health care provides are integral to the success of COVID-19 vaccine supply chains globally, yet evidence shows they had the highest industry cost of a breach for the last 11 years. Here’s how we can improve the COVID-19 supply chain cybersecurity.

New Connecticut law helps businesses and consumers. Connecticut passed a state law requiring any person who conducts business in the state who experiences a breach in security involving computerized data to notify both the Office of the Attorney General and  state residents who may be affected. The law states that notice to consumers must be made without unreasonable delay but no later than 90 days from the discovery of the breach.

Cybersecurity is not a priority for most hospitals. Surprisingly, a recent survey found that cybersecurity investment is not a high priority for more than 60% of hospitals, and most are unprotected against common vulnerabilities. A recent survey of hospitals  says almost half of the respondents reporting being forced to shut down hospital operations in the last six months due to a cyberthreat. So why isn’t cybersecurity a higher priority to these hospitals? Read more here.

Maritime agencies are viewing cybersecurity with a new sense of urgency. Military officials at a conference said that new technology will permanently change the war landscape in the next couple of decades. As a result of this new technology, cybersecurity will also become a focal point for not only the Coast Guard and the Navy, but also the civilian agencies and industries protected by the Department of Defense.

The Securities and Exchange Commission fined several brokerages a total of $750,000 for exposing sensitive personal information of thousands of customers and clients. The companies settled the SEC charges in three separate actions: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services. You can learn more about the hack here.

Microsoft warns users of potential hackers

Microsoft warned users that hackers are actively exploiting a vulnerability in its Windows program and they’re urging customers to take steps to ensure their security. They warned that an attacker could target victims through Microsoft Office documents, with users tricked into opening a malicious document leading them to a page that downloads malware to the user’s system.

Howard University cancels classes due to ransomware attack. In a news release, the university announced that the IT department detected unusual activity on the school’s network which prompted an investigation into the situation. Read and learn more about the situation here.

 

Software updates

Adobe: Adobe released updates for Rader, Acrobat, Photoshop and other Adobe products. None are classified as critical at this time but you can learn more about the updates here.

Apple: As we discussed earlier in this month’s newsletter, a critical update for Apple users was released this month. The iOS update for iPhones and iPads is considered urgent and all Apple users should update as soon as possible.

Google: If Google Chrome is your browser of choice, be sure to update to the latest version. Chrome released an update this month to patch nine security issues. Your browser will automatically notify you to update. You can learn more about it here.

Microsoft: Microsoft released an update to close dozens of security vulnerabilities this month—four being classified as critical. Updates affect Internet Explorer, Windows 10, and Microsoft Office. Read more about the updates here.

Savvy Cybersecurity Quick Reference Guide 2021

Get your free copy today.

You May Also Like…

Investment Advisory Services are offered through Lifetime Financial, Inc., a Registered Investment Advisory. Insurance and other financial products and services are offered through Lifetime Paradigm, Inc. or Lifetime Paradigm Insurance Services. Neither Lifetime Financial, Inc. nor Lifetime Paradigm, Inc., or its associates and subsidiaries provide any specific tax or legal advice. Only guidance is provided in these areas. For specific recommendations please consult with a qualified, licensed Advisor. Past performance is no guarantee of future results. Your results can and will vary. Investments are subject to risk, including market and interest rate fluctuations. Investors can and do lose money and, unless otherwise noted, they are not guaranteed. Information provided is for educational purposes only and is not intended for the sale or purchase of any specific securities product, service or investment strategy. BE SURE TO FIRST CONSULT WITH A QUALIFIED FINANCIAL ADVISER, TAX PROFESSIONAL, OR ATTORNEY BEFORE IMPLEMENTING ANY STRATEGY OR RECOMMENDATION DISCUSSED HEREIN.

This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you think you have received this communication in error, please notify us immediately by reply e-mail or by telephone (800) 810-1736 and delete the original message.

This notice is required by IRS Circular 230, which regulates written communications about federal tax matters between tax advisors and their clients. To the extent the preceding correspondence and/or any attachment is a written tax advice communication, it is not a full "covered opinion." Accordingly, this advice is not intended and cannot be used for the purpose of avoiding penalties that may be imposed by the IRS.