Issue link: https://nebusinessmedia.uberflip.com/i/1468724
wbjournal.com | May 30, 2022 | Worcester Business Journal 19 T he rise of ransomware and malicious cyberattacks in the past decade have driven the criticality for all businesses to expand their cyber programs to provide better, layered defenses. rough my IT work in the utility sector, I've witnessed the urgent need for better cybersecurity defenses: Ransomware attacks on utilities have increased by 50% in the past two years. As critical infrastructure with a target on our backs, we know every network, application, and device must be configured with cybersecurity in mind. To meet the modern demand, organizations including my own have adopted a defense-in-depth security program. Defense-in-depth security is about combining technology components with best practice security management to create protective layers reducing the risk of attack and intrusion. ese efforts can be distilled into the following four components. Strong defenses at and inside the perimeter Strong technology is the backbone of a solid defense-in-depth strategy. Cybersecurity soware and systems are built around protecting a company's critical assets: financial systems, operation systems, proprietary assets, confidential data, etc. A defense-in- depth strategy layers protections on top of one another to create a multi-layered barrier. ink of it like locking all the doors in your house; even if the bad guys get in, they'll be trapped in the mudroom without a key to go further. The human aspect Humans are, and perhaps always will be, the easiest attack vector for cyber criminals. In fact, human error is the main cause of 95% of security breaches. Organizations need to foster cultures where cybersecurity is at the forefront of daily operations through education programs and regular drills. Additionally, a strong cybersecurity culture needs executive buy-in to solidify security as core to the business and encourage participation in preventing and reporting attacks. Monitoring and response activities Cyber criminals don't sleep, so it's critical businesses have the ability to monitor their systems 24/7 to identify vulnerabilities, emerging attack vectors, and areas for improvement. Security operations centers can provide constant threat monitoring for organizations. If the SOC sees malicious activity, it can react and isolate the threat. SOCs can cra vulnerability assessments and risk scores to provide organizations with a situational awareness regarding their threat landscape. Program management and continuous improvement A good cybersecurity program is built on a foundation of continuous improvement, and that perpetual fine- tuning needs to be self-aware, strategic, and built into the organization in order to be worthwhile. By constantly evaluating every aspect of your processes and policies relative to best practices and standards, organizations can identify improvement opportunities and ensure they perform as planned. The bottom line A defense-in-depth cybersecurity program is about fortifying protection and driving improvement from every angle and at every level. rough an emphasis on systems, people, monitoring, and assessment, a secure cybersecurity program safeguards an organization's critical assets without overly burdening its productivity. By Jacqueline Croft Jacqueline Croft is the fraud and Bank Secrecy Act manager at Cornerstone Bank in Worcester. According to the Association for Financial Professionals, 74% of organizations were targets of some kind of payment scam in 2020, and the most likely method of payment fraud is checks. While the majority of common fake check scams are meant to target consumers, businesses can fall victim, increasing the need to be educated about how to spot and stop check fraud. Spotting a fake check While scammers are becoming increasingly proficient in creating checks that look and feel le- gitimate, keep an eye out for these when accepting check payments: • Confirm the check was issued by a legitimate bank. • Ensure the payer listed on the check is the same as the individual or company you are dealing with. • Check the phone number on the check matches the one on the bank's website. Scammers will often change this in the hope someone will call the number on the check if they have questions or concerns. Official checks usually contain watermarks, se- curity threads, color changing ink, or other security features. While scammers can replicate these, they often are poorly executed or don't look quite right. Verify the check is for the right amount. Oftentimes, scammers will write the check for more than the amount they need to pay, hoping they will be reimbursed the difference before the business realizes the check is a fake. All employees who are authorized to take payments should be trained to spot fake checks and speak up if they see some- thing looks off about a check payment. Protecting your business Not only can businesses receive fake checks, but they can be the victim of forged, altered, or counterfeit checks. Scammers do this by forging signatures or endorsements, altering the payee's name or check amount, or even creating counterfeit checks. Businesses should establish strict policies and procedures regarding checks, including who can issue them, requiring dual signatures for large checks, and designating one individual to respond to bank inquiries. And while checking writing may be easy, other ways to make payments can mini- mize risk, including wire or electronic payments. Many banks, including Cornerstone Bank, offer a service called Positive Pay, which is a fraud-pro- tection system matching checks a company issues with those presented for payment, sending back any that need to be reviewed by the issuer. This allows the company to determine if the check is le- gitimate and protect themselves from any potential counterfeit or fraudulent withdrawals. K N O W H O W Four key elements of a defense-in-depth cybersecurity program C ollaboration at work is great, un- til it isn't. Too many cooks in the kitchen, also known as collabo- rative overload, is when communication and decision-making gridlock slow an organization's flexibility, impacting employee engagement. It can result in decreased employee creativity and well- being, according to research by Babson College in Wellesley. Redistribute work. is can involve structural changes, where companies give lower-level managers necessary authority to manage their units, according to Ted.com. Freeing up these managers from the bottlenecks that can result from having to wait for decisions from higher-ups – and all the unnecessary emails and exchanges going along with them – cuts down on headaches. Behavioral change should be encouraged. "Collaborative-minded employees should also learn to seek out activities and projects that energize them, not exhaust them. e help seekers should also learn new habits, for example by reconsidering whether all of their meetings are truly required," the site says. Use data. Data can be used to discern which of your employees is taking on too much. At CIO.com, experts say technology can show whether your most valuable employees are in a cycle of burnout before it's too late. "Being able to track projects, collaborative efforts, and interpersonal dependencies is key to making sure no one is taking on too much, and that workloads are distributed evenly so that bottlenecks don't occur," says soware solutions expert Kris Duggan, something easier to manage when work was more siloed. Know small changes add up. Addressing this overload, according to Entrepreneurship.Babson.edu, takes subtle shis in behavior, such as running meetings in a more structured fashion, using email less and more carefully, and realizing that "saying yes to something means automatically saying no to something else – work, professional goals, personal aspirations, family." at is where the overload creeps in. Spotting fake checks & protecting your business BY SUSAN SHALHOUB Special to WBJ 101: C O L L A B O R A T I O N O V E R L O A D W Based in Lunenburg, Justin Eisfeller is chief technology officer and vice president for information technology at Unitil, the utility headquartered in New Hampshire. BY JUSTIN EISFELLER Special to WBJ W W