Spring 2022 Hardlines Strategies

ASK THE EXPERT

They need to communicate what needs to be communicated and control who finds out about the breach and when. They also need to have a secure communication avenue in place, whether that is an encrypted chat or secret line, that is dedicated to the situation and cannot be tapped into. When you’ve been breached there is no such thing as being overly cautious. S: What do you wish the average person knew about cybersecurity? ZW: Never leave your device unlocked. You must understand that your computer or cell phone is a million-dollar device in the hands of someone that doesn’t know anything you know. Most people do not think they are a target until they do a threat model on themselves, which leads to them quickly understanding that their information is valuable. In her position as the director of cybersecurity education for the National Cyber Security Alliance (NCSA), ZarmeenaWaseem sees cybersecurity as a tool to empower different

S: What are some best practices for associate-level employees?

ZW: Don’t ever share login information. If you are typing in a password, other employees should turn away. Password security is very important. Don’t use the same password over and over or passwords from your personal life at work. Make sure to use long and complex passwords. I also recommend the use of password managers and two- factor authentication. S: If a retailer thinks they have been breached, what are the first steps? ZW: If you have a security team, make sure they are aware of the breach. If they have an incident response arm, the incident response team will address the issue right away. While a lot depends on what kind of breach it is, on the day of a breach everyone is on call. I also recommend retailers check their insurance to see what is covered and educate their employees on how the attack may have happened.

1 | Confirm your insurance coverage. Having insurance is not enough, it’s important to confirm you have the right type of coverage. Many retailers have cyber insurance, but ransomware isn’t always part of the package, which means the insurance doesn’t cover the actual cost of the ransom. Talk to your insurance broker to be sure you have the right protection. 3 Steps You Can Take Today to Protect Your Business Before the Hack 2 | Enact password security. One key way malicious actors find their way into vulnerable systems is through weak passwords. A guessable username and password can wreak havoc on a business. Two-factor authentication (2FA) helps mitigate hacking because it requires a person to confirm their identity on another device before they can log in. Requiring strong passwords, regularly changing passwords and employing 2FA will help make your system more secure and protect you business. 3 | Talk about the risk internally. Cyberattacks on small-to-medium size businesses have only become more frequent. Experts say it’s not about if your business will be breached, but when. Be sure everyone on your executive team and key managers understands and agrees on the risk to your operation. Buy-in from every decision-maker is critical to protecting your business.

S: What level of communication is important internally?

ZW: The executive team and security team need to communicate and stay informed of the situation. It is up to the chief information security officer to decide who on the team needs what information.

demographics to protect themselves, their information and their communities.

Real World Ramifications

In December 2021, HR management company Ultimate Kronos Group (UKG) confirmed a ransomware attack impacted several services companies use to manage their employees and payrolls. The cyber incident disrupted the Kronos Private Cloud, which includes UKG Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions.

The company became aware of the suspicious activity and immediately took action to investigate and mitigate the issue. While the company worked to remedy the issue, it advised customers to implement alternative business continuity protocols and offered support through the UKG Customer Support Team, an update page, the UKG Kronos Community and the KPC incident resource hub.

Hardlines Strategies • Spring 2022 5