What are the top cybersecurity issues for Tribal organizations to address in 2023?
In 2023, facilitating a culture of cybersecurity awareness is vital for Tribal organizations to protect themselves and ensure information is safe from hackers and data ransomware. Many Tribal organizations and employers today are still receiving fraudulent pandemic-related emails, along with the everyday phishing and social engineering attempts such as phony video conference meetings, wire transfers, gift cards, and invoices.
Listen to our podcast on this topic, Collaborating for Better Cybersecurity.
Educating your team on cybersecurity
Tribal employers can help build a strong cybersecurity awareness education program for their organization by prioritizing the following ongoing efforts for team member education:
- An official security awareness education policy,
- interactive training modules assigned to team members monthly, or at least every other month,
- phishing team members monthly, with remedial training assignments for those who get “hooked”,
- assessment assignments and quizzes to keep team members thinking and steadily aware, and
- educational materials such as current cybersecurity threats, events, posters, and videos.
Protecting your Tribal organization from cyber-threats
Also part of building a strong cybersecurity awareness program are several high-priority initiatives for Indian Country’s IT professionals, employers, and organization leadership:
1. Protect the Remote Worker Environment
Due to the health crisis, many of your team members may have had to switch to a work from home environment, so ensure that remote workers are “forced/required” to connect to the business network with a secure Virtual Private Network (VPN) connection or a Virtual Desktop Interface (VDI) connection.
2. Implement Multi-factor Authentication (MFA)
Implement Multi-Factor Authentication as an added layer of security to prevent hackers from gaining access to your Tribal organization with compromised credentials. Anyone with elevated privileges (Administrators, Comptrollers, Database Administrators, etc.) should be required to logon using MFA. MFA helps to protect network and email, financial accounts, social media accounts, mobile devices, and is a great feature to include with a VPN connection. If implementing with just VPN, forcing ALL users to use MFA is an industry best practice.
3. Revisit Logical Access Controls
Revisit logical access controls, and ensure users have access to only the data and applications they need to perform their job. Make sure to schedule and complete at least quarterly reviews of user network accounts and disable accounts that are no longer being used.
4. Review IT Security Policies and Procedures
As IT practices have pivoted during the pandemic, remember to create, review, and/or update IT Security Policies and Procedures, and ensure they are current with industry best practices. Be sure to share updates with all employees and have them acknowledge these policies and procedures on an annual basis.
5. Review Data Backup and Restoration Procedures
Data backup and restoration procedures must be kept up-to-date and tested regularly. Doing this will help ensure that if your data becomes encrypted with ransomware, you’ll be able to avoid paying cyber criminals and the possibility of being targeted again. Having data backup copies in multiple locations, (i.e., a copy on site and one copy replicated to cloud storage), will help ensure data isn’t lost should you fall victim to a ransomware attack.
6. Implement a Mobile Device Management Solution and Policy
With the new work from home environment, data security must remain top-of-mind for Tribal employers and organizations. Implement a Mobile Device Management solution and policy to assist with security controls, such as being able to remotely wipe laptops, smart phones, and tablets, should a device be lost or stolen.
7. Perform Annual Penetration Tests and Vulnerability Scans
Perform annual penetration tests and run routine vulnerability scans to identify and secure your organization’s hidden network vulnerabilities. Cybercriminals are searching for just such vulnerabilities to gain access into your network.
8. Review Your Tribal Organization’s Incident Response Plans
Now is a great time to review your organization’s Disaster Recovery (DR) and Cybersecurity Incident Response Plans (CSIRP) to update any outdated information. Tribal employers and organization leaders should also regularly test these plans with the respective teams. Schedule tests in advance for the entire year so this critical practice doesn’t fall through the cracks.
9. Run a Confidence-Check: Confirm IT Best Practices Are in Place
Confirm IT best practices are in place and known in your organization. Perform an annual IT Risk Assessment to evaluate overall technology and architecture.
10. Vet Your Vendors
Tribal employers and organization leaders should implement a robust vendor management process for third-party providers. Ask what security practices are in place to protect your network and data, then request and review their security operations center (SOC) reports. Also, ensure a confidentiality agreement is in place with all third parties.
11. Evaluate Your Cyber-Liability Insurance Policy
Have a cybersecurity professional evaluate your current cyber-liability insurance policy or speak with a reputable broker if your organization does not have this insurance.
Frame a more secure future with REDW as your trusted partner.
Is your Tribal organization able to keep up with evolving cybercrime? Our trusted cybersecurity experts are standing by to help your team shape up and assess your organization’s defenses. From cybersecurity awareness training to risk assessment, to building a cybersecurity program from the ground up—we’re here to make this easier. Contact REDW IT & Cybersecurity Director Brian Grayek to schedule a meeting time and to discuss next steps.
Want more expert insights for Tribal Nations? Subscribe to the monthly Insight in Indian Country Newsletter
Read More Cybersecurity Insights from REDW
- Cybersecurity Tips: Smarten-Up Your Smart PhoneIt seems unreal that cybersecurity has been around for 50 years, but it’s true. And as the cyberthreats have evolved and multiplied, cybersecurity must become a top priority for every… Read more: Cybersecurity Tips: Smarten-Up Your Smart Phone
- Cybersecurity for the Internet of Things (IoT): The Future of Connected DevicesWrapping up National Cybersecurity Awareness Month, REDW Senior Manager of Cybersecurity Jennifer Moreno takes a quick look at the future of connected devices and how technological innovations like the Internet… Read more: Cybersecurity for the Internet of Things (IoT): <em>The Future of Connected Devices</em>
- Cybersecurity for 2020’s Front Line: Checkpoints for the Healthcare IndustryCybersecurity Checkpoints for the Healthcare Industry Every year, the healthcare industry becomes ever more reliant on cyber technology that generates solutions for improving patient care, organizational efficiency, crisis response times,… Read more: Cybersecurity for 2020’s Front Line: Checkpoints for the Healthcare Industry
- Mobile Device Cybersecurity for Work x Home: Securing Double-Duty GadgetsRemote employee and work from anywhere (WFA) policies have been steadily building in the workforce for some time— but COVID-19 forced many teams to work from home with little warning,… Read more: Mobile Device Cybersecurity for Work <em>x</em> Home: <em>Securing Double-Duty Gadgets</em>