[INFOGRAPHIC] Weak Passwords Disguised as Strong

If you’d like to make a hacker’s job easy, simply use passwords like “Password11193” or “s@yg00dbye.” They may meet complexity requirements, but the fact that they use a common word (“password”) and phrase (“say goodbye”) makes them crackable, even with the addition of numbers and special characters.

To see more examples of passwords that aren’t as secure as they seem, check out the below infographic by Specops Software.

Weak Passwords Disguised as Strong infographic

Want more security tips? Take a look at our shareable graphics.  

October Is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month graphic
Cybersecurity isn’t just about protecting a single business — it’s about protecting the nation, and everybody has a role to play. That’s the central message of National Cybersecurity Awareness Month, which is a collaborative effort between the public and private sectors.

Every organization that prioritizes cybersecurity — especially those in the Department of Homeland Security’s 16 critical infrastructure sectors — supports the nation’s ability to prevent and respond to cyber threats. Improving security requires an all-hands-on-deck approach.

The first step is building cybersecurity awareness by educating employees. After all, even organizations that have outsized budgets and talented security specialists on staff are susceptible to human error. To help you build awareness within your organization, below are four free resources to share with your employees.

NOVA Labs Cybersecurity course screenshotsNOVA Labs Cybersecurity Course

Available through the free education source Khan Academy, the NOVA Labs Cybersecurity course covers cybersecurity basics. It pulls back the veil on hackers and their motivations, describes how encryption works, defines common terms and offers tips for a safe digital life.

Cybersecurity Lab Game

The Cybersecurity Lab game is another free resource from NOVA Labs. Its objective is for players to defend a company against increasingly sophisticated cyberattacks — a sure way to improve cybersecurity knowledge while having fun. Employees can even share the game with their children to teach them about good security practices. As a bonus, they might become interested in a future career in cybersecurity, which is much needed since there’s a shortage of talent in that field.

Cybersecurity Lab game description

Digital Safety and Citizenship Course

Screenshot of Google's Digital Safety and Citizenship Course
Google’s Digital Safety and Citizenship Course consists of six sections, each of which includes two lessons with videos and takes less than 15 minutes. While the course designed for educators, a couple of the videos in the course are ideal for teaching digital hygiene to people of all ages and in all settings (home, work, school, etc.). Check out Online Safety on the Go and Stay Safe from Phishing and Scams.

Have I Been Pwned

Have I Been Pwned homepage screenshot
Created by security researcher Troy Hunt, Have I Been Pwned (HIBP) allows people to see if any accounts associated with a specific email address have been compromised in a known data breach. If an email address is compromised, the account owner will know that they need to change the password of the affected account. There’s also the option to be notified by email if an account is compromised in the future. As of October 2018, HIBP has detected more than 5.4 billion pwned accounts, demonstrating why it’s important to use a different password for every account and to change passwords regularly.

For more tips on improving cybersecurity at your organization, read “Five Ways to Thwart a Cybersecurity Nightmare.”

Hurricane Florence Resources

Grpahic depicting dialing and texting 211 for Hurricane Florence infoSince its landfall in North Carolina on Friday, Hurricane Florence has been downgraded to a tropical storm. However, the danger is not over yet. Parts of North Carolina, South Carolina and Virginia are still at risk of floodingtornados and health hazards.

To get assistance or help with storm relief, use the list of resources below to get started:

FEMA app
If you know of any additional opportunities to help, please contact us or tweet at @RentsysRecovery. Our thoughts are with those affected by Florence.

How Cloud Backup and Recovery Helps TSPs Create Business Value Faster

Golden compass outsourcing concept
As technology grows more complex and fast-paced, more organizations are choosing to outsource IT services. Today, the global IT outsourcing (ITO) market is $288 billion. Even regulated organizations are turning to outsourcing. In fact, banking and securities was the largest sector for IT spending.

If you’re a technology service provider (TSP), you may find that it’s getting harder to compete for business by implementing ideas in the market before your competitors. Once you do win new accounts, you struggle to stay on top of constant data security threats and insufficient (or underused) staff to maintain the services in-house. So how do you create competitive advantage while improving your profit margins? 

Reduce Heavy Lifting

With staffing being such a challenge, it’s important to reduce your staff’s involvement in services that require a lot of time and expertise. Take backup and recovery, for example. It’s the one IT requirement no one can avoid. According to data from 451 Research, 60 percent of organizations turn to service providers for backup and recovery — a higher percentage than for any other cloud service.

However, it requires a high level of involvement from your staff. Most TSPs offer some flavor of cloud data services, and your customers will expect you to as well. That means cutting out backup and recovery services is not an option. Instead, consider allowing a third party to handle the requirements of vaulting data and running recovered production systems. 

Focus on Your Key Differentiators

Once you’ve outsourced services that consume your IT resources, approach your services portfolio strategically. What service gives you the most bang for your buck? What distinguishes you from your competitors?

Perhaps you can target a niche market or bundle backup and recovery with other services to create a new offering. At Rentsys, for example, TSPs leverage our BlackVault Managed Recovery services to reach regulated industries with enterprise-class cloud infrastructure. Nuvodia, a technology service provider in the medical industry, worked with us to help its clients to comply with HIPAA guidelines regarding data security and business continuity. As a result, Nuvodia increased its sales, grew its market share and enabled its customers to meet regulatory guidelines more easily.

To give you an idea of how successful these product and service offerings can be, one of our clients took a $5,000-per-month account and turned it into over $10,000 per month.

Even if backup and recovery itself isn’t your primary revenue generator, reducing the heavy lifting associated with that service allows your IT staff to focus on projects that advance your business, helping you get new products to market faster.

Outsourcing helps your clients improve their IT efficiency, and it can help you too.

CLIP: The Key to Cutting the Cost of a Crisis

CLIP the Cost of a Crisis graphicScience fiction writer H.G. Wells said, The crisis of today is the joke of tomorrow. Its true — think about how political cartoonists pounce on breaches and corporate scandals. If youre responsible for crisis management at your organization, however, the cost of a crisis is anything but funny. For example, if you experience a data breach, youre looking at an average total cost of $3.86 million, or $148 per stolen record. Whether youre facing a breach or a public relations fiasco, the key to reducing the cost of a crisis is CLIP:

  • Customer trust
  • Leadership effectiveness
  • Involvement of third parties
  • Preparedness
These recommendations are based on new findings from Ponemon Institutes 2018 Cost of a Data Breach Study (sponsored by IBM Security) and Deloittes 2018 Global Crisis Management Survey.

Customer Trust

If you don’t protect your customer’s trust, you’re setting yourself up for costly consequences. Ponemon found that organizations that lost 1 percent of their customers due to a data breach faced an average cost of $2.8 million. If they lost 4 percent or more, the cost shot up to $6 million on average. In the U.S., the cost for lost customers is highest: $4.2 million.

If you’re thinking you’d fall into the 1 percent category, don’t be so sure. The average abnormal churn rate is 3.4 percent, and it goes up in industries where customers have high expectations for data protection and can easily take their business elsewhere. The highest abnormal churn rates are in healthcare (6.7 percent) and financial (6.1 percent).

To earn and protect customer trust, it’s important to have programs in place to encourage customer loyalty before a breach occurs. Ponemon also found that organizations were able to reduce churn by having a senior-level officer in charge of directing initiatives to improve customers’ trust in the organization’s ability to guard personal data — which leads us to our next point.

Leadership Effectiveness

Deloitte reports that involving boards and executives in crisis management helps reduce the severity of a crisis. That’s why 21 percent of organizations with board involvement reported that the number of crises had declined over the past decade. Only 2 percent of those without board involvement said the same thing. For data breaches specifically, Ponemon found that board-level involvement decreases the cost by $6.50 per record.

Unfortunately, having leadership involvement is easier said than done — 24 percent of Deloitte’s survey respondents said one of their greatest crisis management challenges was leaders’ effectiveness and decision making.

To address these challenges, Deloitte recommends establishing crisis management roles ahead of time, taking leadership styles into consideration (e.g., speed of decision making under pressure). To keep leaders involved in the crisis management strategy, focus on “what keeps them awake at night.” This post has some pointers for appealing to various executive roles. While it is specific to business continuity, a lot of the same principles apply to crisis management.

Involvement of Third Parties

How many times have you heard about a vendor or contractor causing a crisis? Third-party crises are not only common, they’re costly. When a third party is responsible for a data breach, Ponemon reports that the cost per record breached goes up by $13 per record.

But while third parties are part of the problem, Deloitte points out that they’re also part of the solution. Fifty-nine percent of survey respondents perform exercises including critical service providers, joint venture partners, resellers, distributors, etc. By involving third parties, you can pinpoint problem areas and address them before a crisis.


When managing a crisis, winging it won’t work. According to Deloitte, only 31 percent of organizations with a crisis management plan separate from business continuity and other preparedness plans experienced financial fallout, as opposed to 47 percent of organizations without a plan.

It’s also important to exercise the plan to make sure it works (and, as we mention above, be sure to involve third parties). It’s noteworthy that Deloitte found that 92 percent of respondents believe IT departments are prepared for a crisis. Only 77 percent think supply chain functions are prepared. The reason? Most IT functions (nearly 70 percent) have participated in a crisis simulation or exercise during the past two years. Deloitte’s study offers guidance for building a crisis simulation, and we’ve compiled a few tips for integrating disaster recovery and crisis communications.

In addition to having a plan and practicing it, Ponemon reports that you can reduce a data breach’s cost per record by having certain measures in place (this list isn’t exhaustive, of course):

  • Incident response team — saves $14 per record
  • Extensive use of encryption — saves $13 per record
  • Business continuity involvement — saves $9.30 per record
  • Employee training — saves $9.30 per record
  • Insurance protection — saves $4.80 per record
By following each element of CLIP, you’ll avoid abnormal customer churn, place the right leaders in the public eye, transform third-party problems into solutions, and cut the overall cost of a crisis. For more tips on creating a crisis response strategy, check out “How to Create a Crisis Response Strategy That Will Bulletproof Your Reputation” from the DRJ Webinar Series.

Selling Business Continuity Planning to the Modern C-Suite

When talking about the benefits of business continuity planning, industry vendors and business continuity planners typically tout one overarching benefit: When affected by a business interruption, having a plan drastically increases your odds of preserving revenue and keeping your doors open.

We’ve talked before about how to get buy-in by presenting business continuity as a tool for business growth. However, it’s also important to get support from each individual member of the C-suite by speaking their language. Keep in mind, though, that each member of today’s C-suite has different priorities than they did a decade ago. To make a compelling case for the diverse benefits of business continuity, emphasize how it helps each executive meet their specific goals and alleviates their pain points.

Below you’ll learn about the major concerns each member of the C-suite is facing, as well as how you can position business continuity in a way that resonates with them.

Chief Executive Officer (CEO)

Business Continuity Benefits for CEOsWhat They’re Facing

The CEO is under enormous pressure to promote the company’s vision and outrank the competition in a marketplace fueled by rapid technology changes and compliance issues, all while achieving the desired financial results. On top of that, today’s CEO is struggling to overcome a disconnect with employees, who want the CEO to communicate more often, criticize less and celebrate successes consistently.

How Business Continuity Helps

  • Encourages communication between the CEO and staff by requiring interdepartmental coordination.
  • Helps unite various departments and locations for a common purpose.
  • Gives the CEO a chance to evaluate whether the business’s operations reflect the company’s overall vision.
  • Creates a competitive advantage for the organization.
  • Identifies opportunities for improving process efficiencies and revenue streams.

Chief Operations Officer (COO)

What They’re Facing

Business Continuity Benefits for COOs"Work smarter, not harder" is the COO’s motto. As the person responsible for doing things more efficiently and profitably, the COO is challenged with staying abreast of rapidly evolving technologies, processes, security concerns and compliance requirements. As if these responsibilities aren’t stressful enough, the COO is fighting for a place in the C-suite.

How Business Continuity Helps

  • Allows the COO to become more familiar with critical business processes, products and services, supply chains, employee roles and technology.
  • Improves business resiliency by allowing the COO to identify interdependencies and single points of failure.
  • Allows for innovation in everyday business activities and quick decision-making during an interruption, which gives the COO a chance to prove their value to the organization.
  • Satisfies federal and industry regulatory requirements.

Chief Financial Officer (CFO)

Business Continuity Benefits for CFOs
What They’re Facing

The CFO role is changing, thanks to the influence of the global financial crisis, big data explosion and widespread social media adoption. In addition to managing stakeholders and overseeing financial management and reporting processes, the CFO is becoming more active in working with the CEO on the company’s strategic planning initiatives. In these different capacities, the CFO has to balance innovation with making sound decisions that protect the bottom line.

How Business Continuity Helps

  • Protects the bottom line by reducing downtime and showing stakeholders the business will do what it takes to protect their interests.
  • Helps mitigate property and profit losses.
  • Provides an overall picture of business data and processes, which helps the CFO make business recommendations for improving day-to-day operations and avoiding lost revenue in the event of an interruption.

Chief Information Officer (CIO)

What They’re Facing

Business Continuity Benefits for CIOsRapidly changing mobile, social and cloud technology is transforming modern businesses. As a result, the CIO has to think on their feet and collaborate with other executives to see how they can use technology to increase business performance while managing cybersecurity risks and mitigating downtime. The CIO has to be skilled in ensuring that employees are kept informed and productivity isn't impacted.

How Business Continuity Helps

  • Gains other departments’ cooperation in identifying key applications and interdependencies.
  • Helps resolve both small- and large-scale IT threats.
  • Improves efficiency and security of day-to-day operations.
  • Decreases frequency of outages and length of downtime.
  • Improves response to cyber threats.

Chief Marketing Officer (CMO)

Business Continuity Benefits for CMOs
What They’re Facing

As the driving force behind the organization’s brand image, the CMO has to learn to align the company with the end customer and bring in the number of qualified leads and conversions required to meet projected revenue goals. This task requires them to be knowledgeable and adaptable with the growth of big data, social media and the mobile movement.

How Business Continuity Helps

  • Assists the CMO in identifying new marketing angles by giving them the opportunity to collaborate with other teams, such as the customer service department, to pinpoint clients’ pain points.
  • Reassures customers of the organization’s ability to provide uninterrupted service, giving the business a competitive advantage and even gaining more conversions.
  • Preserves revenue stream during an event, minimizing the likelihood of the marketing budget being cut.
  • Protects against reputation damage resulting from an interruption that would otherwise require remedial marketing efforts.

Chief Customer Officer (CCO)

What They’re Facing

Business Continuity Benefits for CCOsAs one of the newest members of the C-suite, the CCO is tasked with proving the value of their position to stakeholders and the rest of the executive team. They’re also responsible for managing customer satisfaction and retention in a market where customers expect on-demand service. To do so, the CCO must encourage profitable customer behavior, find new ways to serve customers efficiently and cost effectively, and work with the sales and marketing departments to bring in more of the right customers.

How Business Continuity Helps

  • Preserves the customer experience during an interruption, helping retention and even bringing in new customers.
  • Maintains customer trust as a result of the organization having a plan for communicating key details about an event.
  • Helps protect the business’s reputation.
  • Gives the CCO a framework for efficiently navigating a disruption, which in turn helps demonstrate the importance of the CCO role to the organization.

The benefits of business continuity extend beyond surviving an event (though that’s part of it). By showing individual members of the C-suite that business continuity can help them meet their unique objectives, your organization as a whole can reap the benefits.

Why Business Continuity Is Personal for Banking Execs

Businessman taking money out of walletA business continuity planner once introduced himself to an executive as the business continuity manager. The executive responded, “No, I’m the business continuity manager.” Sound strange? Actually, that executive had the right idea.

There’s a lot of debate about who is responsible for disaster recovery, business continuity, infosecurity, etc. There are a lot of different answers about who handles the day-to-day tasks. But who’s ultimately responsible for all of these functions? If you’re a business executive, you are. And your reputation and career depend on it.

Why Are You Responsible for Business Continuity?

The FFIEC places the responsibility for business continuity on management’s shoulders. The Business Continuity Planning booklet says:

"The board and senior management should assign knowledgeable personnel and allocate sufficient financial resources to properly implement an enterprise-wide BCP."

You might assume that assigning knowledgeable personnel (IT, risk management, infosecurity, etc.) is all you need to do to meet your obligations. However, in the Operations booklet, it’s clear who has ultimate responsibility:

"Senior management and the board of directors are responsible for ensuring IT operates in a safe, sound, and efficient manner throughout the institution."

Imagine your institution facing a failure of systems or operations. Maybe a fire wipes out a branch. Or maybe a ransomware attack encrypts all your systems — and your data backups. Can you state without hesitation that your business continuity strategy is adequate in situations like these? If it’s not, could you prove that you showed due diligence and were not negligent? Or would you, like Equifax’s ex-CEO, blame the failure on a single employee’s human error?

How Does Inadequate Business Continuity Affect You?

Your institution has given you responsibilities with the understanding that your successes and failures reflect on the bank. That includes failures related to business continuity that result in losses to the bank. These failures lead to bad publicity for the company and could possibly lead to Civil Money Penalties (CMPs) against you personally.
Graph of issues related to board/management oversightIn an article on matters requiring board attention (MRBA), the FDIC says the most common issues over the past few years have been board and management related. The article states that evaluating a bank’s risk profile includes “the potential impact external threats could have on the bank’s operating environment.” It further notes that “the information technology (IT) environment remains a challenging area of business risk and warrants bank management’s oversight and continuing due diligence.”

One such case of an enforcement action against an individual for lack of oversight is a former executive vice president who received a $30,000 CMP. The FDIC determined that he’d breached his fiduciary duty by “failing to ensure his staff fully complied with the Bank Secrecy Act and regulations.”

If your bank is unable to appropriately respond to a disaster or other business interruption, you could be held legally responsible, according to Neil H. Kaufman, SVP and national BCP practice leader for a risk consulting firm. Kaufman says courts can use certain statutes as legal precedents. As an example, he cites an FFIEC circular stating that contingency planning requires an institution-wide emphasis.

If you’re found liable for a breach of fiduciary duty that causes a loss to the bank, you could be personally fined and have a blemish on your name for the rest of your career. Is that a risk you’re willing to blindly entrust to your personnel? Even the most talented employees are prone to error — especially if they aren’t accustomed to dealing with significant business interruptions day in and day out.

How to Protect Yourself and Your Bank

To protect your bank, career and reputation, start by following these steps:

  • Get involved in your business continuity planning process.
  • Familiarize yourself with the risks facing your business.
  • Make sure you’ve assigned roles and responsibilities to the right people.
  • Participate in business continuity tests and/or request a report of the test results and recommended remedial actions.

As you walk through these steps, you might find that it makes sense to outsource certain business continuity functions. A trusted technology service provider (TSP) can give you access to resources and expertise not available in-house. Additionally, a TSP that is experienced in handling business continuity events can help you mitigate areas of risk you might not have considered. You’ll also maximize your resources and allow your personnel to focus on their areas of expertise.

If your bank experienced an interruption, would you bet your reputation on the quality of your institution's business continuity response?

Invest in Cybersecurity Now to Save Money Later

Spend Now to Save Later Graphic
Spend now to save later. This concept sounds counterintuitive, but think about the situations where you take it for granted: You spend a couple hundred dollars to change your brake pads now so you don’t have to fork over several hundred for repairs when the braking system fails. You shell out a copay for a trip to the dentist so you don’t have to spend several hundred dollars (or even a couple thousand) on a root canal later. You pay a few thousand dollars to fix a crack in your home’s foundation so you don’t have to spend tens of thousands to repair a sunken house a few years down the road. The same concept applies to cybersecurity. By investing in cybersecurity preparedness now, you could reduce — or even avoid — remediation costs later.

The Cost of Cybersecurity Response vs. Prevention

Experts generally agree that global total cyber crime damage costs will surpass $6 trillion annually by 2021. That’s about a third of the current U.S. national debt and a 100 percent increase from 2015. The cumulative cost of cyber crime dwarfs the corresponding amount that will be spent on cybersecurity from now until 2021 — about $1 trillion. Clearly, there’s been a greater emphasis on detection and response than preparedness and prevention. Are you guilty of the same thing?

What Target and Equifax Teach Us

Target’s infamous breach from 2013 is instructive here. In early 2015, the company agreed to pay individual victims up to $10,000 in damages and was forced to adopt long-overdue, basic data security measures. Many people thought the company got off relatively light (despite sacrificing its CIO and CEO in the process).

From a financial perspective, you might have concluded from Target’s experience that investing in cybersecurity really was a waste of money compared to saving the extra resources, perhaps to cover the cost of a breach should one ever occur. (For most companies, particularly smaller ones, this is a luxury they cannot afford.)

Now an additional three years removed, we know that the lingering costs of the breach continued to balloon, eventually surpassing $300 million. Not only that, but the brand experiences several harder-to-quantify costs: damaged brand equity, loss of customer loyalty and diminished company reputation. As the public becomes more cognizant of the role played by companies in their success or failure at safeguarding consumer data, expect the impact of these intangible costs to increase exponentially.

Finally, fast-forward to 2017. The infamous Equifax data breach drew considerably more public ire than the Target case just four years prior, reflecting increasing awareness on the part of the individuals affected. It would also prove to be the most expensive data breach in history, with costs exceeding $439 million through the end of 2017 and expected to climb as high as $600 million before the dust settles. The Equifax case demonstrates that:

  • The cost, in real dollars, of data breaches is climbing quickly.
  • The cost in terms of reputational damage and consumer backlash is becoming more real.

How to Respond Rather Than React

Put yourself in the place of these companies. If you suffered a massive breach, would your actions and resource allocation before the fact indicate that you had taken data security seriously? If the answer is no, consider the lasting costs inflicted on your company: lost revenue, damaged brand equity, loss of customer loyalty and diminished company reputation. That’s not to mention the very real impact on those individuals directly affected by the data breach itself.

Over the long term, the cost of prevention far outweighs the cost of response. Because cyber attacks are inevitable, both prevention and response are ultimately necessary, but the key to reduced costs is understanding the long-term risk to your businesses and allocating your resources accordingly. These steps are a good starting point:

Rather than waiting for a crisis to hit and reacting in the moment, take proactive steps to prepare your business for a cyber attack. Invest in proven prevention methods, tools and services now so it doesn’t cost you later.

Is Your Business Prepared for a Tornado?

2017 was a record-setting year in terms of the cost of severe weather damage. With that fact top of mind since we’re in the peak of tornado season, it’s important to make sure your business is prepared for a natural disaster.

Here are some steps you can take to protect your business before a tornado strikes:

  • Have medical supplies on hand. 
  • Purchase a portable AM/FM radio and spare batteries to ensure you’ll have a way to follow weather updates if the power goes out. 
  • Look for the following danger signs: dark, often greenish sky, large hail, low-lying clouds (particularly if rotating) and a loud roar similar to a freight train. 
  • Vault your data off-site and test your disaster recovery systems regularly. 
  • Plan how you’ll reroute phone calls. Consider the possibility that you might not have cellular service in the event of a widespread blackout. 
  • Test your business continuity and disaster recovery (BC/DR) plan and gather employee feedback.

To further prepare your business for the damage a tornado can cause, download our full Tornado Preparedness Checklist.

Popular Posts