Just before Thanksgiving this year, as students were entrenched in virtual learning, a major ransomware attack took down Baltimore County Public School’s (BCPS) computer systems. As a result, schools closed for several days, many devices were unusable, and like any other major IT security incident, significant costs were incurred to remediate the damage. BCPS will most likely undergo an assessment to determine exactly how the incident happened and they will have to invest significantly to harden their systems and change how they operate.

Shortly after the BCPS attack, a few miles up the road, Greater Baltimore Medical Center (GBMC) experienced its own ransomware attack, which took down many of their systems. Fortunately, patient care was still mostly maintained, aside from some postponed elective care. It appears that data and operations will be back to normal in fairly short order, but there will still be costs associated with this, and certainly nobody at GBMC wants to be associated with a ransomware incident.

As we continue to see attacks on this scale and frequency it’s important to not just shake our heads at another incident and wonder what needs to change in order to stop seeing these headlines. Instead, let’s uncover what we can learn from these incidents to minimize our own risks, both personally and in our businesses.

It is fascinating to look back over the last decade or so to see how cellular networks have evolved. As smartphones like the iPhone and Android became the norm as opposed to a luxury consumer technology good, demand for fast and stable wireless Internet connections grew exponentially. Now we expect to be able to watch a YouTube video on demand with minimal buffering time no matter where we are. When cellular carriers moved to 4G networks several years ago, this became the standard.

But the rise of 5G networks create the potential for new ways of working as well as benefits to the daily lives of many people that they probably haven’t considered yet. We often think about devices bringing us faster and more powerful technology, but the rise of 5G really represents a new option of services that could be available to us regardless of our devices. I’d like to look at a few ways that 5G networks will change the way we work and live with technology over the next several years.

Technology success is one of the key drivers for achieving business goals in 2020. As recent events have proven, organizations that were ready to leverage technology to work anytime or anywhere with maximum flexibility found they were well-equipped to deal with the challenges of the new normal as the world shifted beneath their feet. The opposite is true as well. Businesses that found themselves behind on their technology struggled to adapt and faced real consequences such as lost productivity, dissatisfied customers or operational failure.

About a year ago, we started hearing about new requirements for organizations doing business with the United States Federal Government, particularly with the Department of Defense (DoD). In the interest of protecting sensitive information, the government began developing and introducing the Cybersecurity Maturity Model Certification, or CMMC. While there are many similarities for the goals and framework of CMMC as compared to other standards such as HIPAA/HITECH and PCI, the CMMC adjusted standards in a way that are meaningful and important to discuss.

I want to outline some key pieces of information you should know about CMMC so that you can meet and maintain strong cybersecurity controls that satisfy the powers that be.

We talk a lot about how our work lives have changed, in some ways permanently, by the pandemic. Most of us who typically would spend a lot of time in offices, or visiting clients, or participating in networking meetings and conferences have learned to adapt to doing these tasks in a virtual way as best we can. Working from home, while perhaps expanded these days, is nothing new.

But with schools back in session, we are now asking kids, who don’t have the experience and flexibility of the typical office employee, to learn in a completely unprecedented way. Part-time in person, part-time virtual, socially distanced education is not something we have done as a society before.

Between Facebook, LinkedIn, Twitter, Tik Tok, Instagram, and whatever other Social Media platforms that are on the horizon, our lives are more public than ever before. There are definitely upsides and downsides to this landscape, but I’m not here to talk about that today. Whether we like it or not, it’s clear that Social Media is here to stay.

What I do want to talk about is what we should be thinking about as we engage with these platforms.

Social Engineering sounds like a buzzword, but it is one of the most pervasive and relevant threats facing people today. Most hackers have simple motivations. They want to steal credit card, banking information, or commit other acts of fraud to make money… and social engineering aligns well with these goals.

When you think about it, social engineering is the evolution of “old school” fraud techniques like fake IDs or check cashing scams, but now the strategy is to impersonate a digital persona.

Many businesses, especially smaller ones, have a blind spot when it comes to security and risk management, especially when it comes to internal policies. While there are ample technology solutions available to deal with the threat landscape to protect data and system uptime, there is no technology solution that will completely address the risks posed by irresponsible end user behavior. There are also limits on what technology investments most organizations can make, so it’s important to get the best return on investment on your risk management tools and efforts. Strong policies that are well understood by staff are often the least expensive and most effective ways to avoid costly IT challenges.

Data Compliance standards also demand internal policies as well as the technical controls, so even if you think the policies aren’t worthwhile, it’s possible that you still need to create them. In this blog, I outline the IT policies that every organization needs in 2020. Hopefully, you have some of these in place already, but if not, I encourage you to use this blog as a jumping off point. Keep in mind as you read this that some organizations may call these policies different things, but the important part is that the goals of these polices are intact.

Coronavirus 2019 (COVID-19) has made it more difficult for organizations to fulfill their chief digital security functions. In a recent study from (ISC)2, nearly half (47%) of security personnel revealed that their organizations had reassigned them to perform standard IT tasks amidst the pandemic. This decision limited organizations’ ability to defend themselves against security incidents despite the reports from nearly a quarter (23%) of survey participants that security incidents confronting their organization had increased, as reported by Channel Partners. Additionally, the move arrived at a moment when 81% of professionals revealed that their organizations had categorized security as an essential function during the COVID-19 pandemic.

The findings presented above highlight the need for organizations to direct special attention to their digital security posture for the rest of the year. Many organizations are already working with reduced security teams, so they need to be prepared. I recommend organizations focus their security efforts on three specific trends for the remainder of 2020: Cloud Security, Data Privacy and New Tools/Ways of Working.