As some begin to transition back to office space, it is imperative that we continue with our standards for Cyber Security Awareness. At Lone Star Communications, we continue to value physical security. We recommend it to our customers and we constantly remind one another about the importance of security within our own offices. Locking your workstation is an easy, yet often overlooked, way to keep your information safe. Though locking your workstation each time you leave your desk or cubicle may feel inconvenient, even if just running to the printer or to fill up your water bottle, it is important to take the time to do so. When your workstation is unlocked and unattended, you are leaving your own and the company’s information open to any guest that may be visiting, external cyber security auditors, or simply anyone walking by with bad intentions.

Although most people who walk by your desk probably aren’t going to steal sensitive data, someone passing by could possibly download malware onto your workstation, get access to your online banking if you save passwords in your browser, or send emails as if they were coming from you. At the very least, coworkers may send embarrassing emails to others within the organization. Let’s continue to stay safe and share our standards with all new employees as we begin transitioning back to our office space.

How to Lock Your Computer/ PC:

• If you’re on a PC, you can easily lock your workstation by pressing the “Windows” key and “L” simultaneously.

• Another method is to press “Ctrl” + “Alt” + “Delete” keys simultaneously for a few seconds and then select “Lock” or “Lock Computer.”

-Brian Banks, Internal Information Security Officer

Cyber Security will always be a work in progress. Even the most skilled, large scale, resourced healthcare organizations must continually work every day to keep up with the fast-evolving cyber threats. Unfortunately however, very often cyber criminals are able to exploit human error. We will continue to train, test, and work promptly to eliminate or substantially reduce risks associated with human error.

What is Island Hopping in Cyber Security?

Island Hopping is a new method that cyber-criminals are utilizing to target small and large healthcare organizations that puts healthcare vendors directly in their line of fire. Island Hopping involves attackers exploiting the weaknesses of healthcare vendors in order to move laterally to target healthcare organizations. Infiltrating healthcare vendors allows cyber criminals to gain access in a connected network and then exploit the relationship between healthcare organizations and their vendors. This is done to gain access to the healthcare organizations’ patient health information.

This particular attack gets its name from a World War 2 strategy adopted by the US in its island campaign against Japan. Forces gradually and strategically seized control of smaller islands outside of the mainland of the axis power instead of tackling it head-on, a technique called 'leapfrogging' at the time.

As this type of attack becomes more frequent and more devastating, we know one of the first places to continue strengthening is employee Cyber Security Awareness Training. Many of our standard cyber security practices will continue to be effective as part of preventing island hopping.

• When it comes to your passwords, two-factor authentication is a must, as is avoiding default, generic, or predictable passwords.

• Back up your data to a location other than your computer, such as the cloud or on the network. This is Lone Star Communications' policy.

• Don't forget about endpoints other than desktops and laptops. Our smartphones, tablets, and other IoT devices like printers and network-connected devices are all at risk, too.

• Be aware of phishing schemes, and don't click on links from suspicious or unknown sources that may be trying to steal your personal information, like login credentials.

• Similarly, to protect your data from malware, keep your software up to date, including your antivirus software.

• Always be sure to have all your company assigned devices that connect to our customers network, scanned and checked on the scheduled days, by the Technology Department. This is also Lone Star Communications' policy.

-Brian Banks, Internal Information Security Officer

Cyber Security 2020 at Lone Star Communications was a challenging year. Cyber criminals did not exclude us in their daily attempts at trying to get us to compromise our data and in some cases, our customer’s data. We experienced a series of attempts that included, phishing emails, ransomware, fake text messages, and targeted attacks. In response to the Covid-19 pandemic, we had to adjust our cyber security processes, for remote offices, as well. Our commitment to addressing these concerns as a Team paid off for 2020. Our Quarterly Cyber Security Training Completions remain over 97%. Our Defendify Phish Testing score results were awesome. We experienced no Cyber Security incidents that caused a loss of personal or company information.

AWESOME WORK EVERYONE! Also, I would like to extend a huge thanks to our awesome IT Team, Dan Martinez, Craig Cordes, Hashem Tahajjod, Mumin Adeyemi, Jon Pennington, Brian Manibo, Jason Marshall and Kevin Henderson (he will never admit it, but he is a tremendous help).

Cyber Security 2021 will surely be another challenging year with evolving methods by cyber criminals. Now that working from home has become common place, homes have since been flipped into offices for the foreseeable future. More employees are using devices to access confidential data on home and corporate networks, which poses a considerable risk to our organization. Without secured access and robust security tools that protect the distributed attack surface, threat actors will easily hack into our networks and jump from one machine to another until they find a suitable target. Working from home is now a critical weapon in our fight against COVID-19. However, this also provides an opportunity for skilled cybercriminals. In 2021, we can expect cyber criminals to evolve their attack strategies and adapt to the “work-from-home economy,” pursuing remote workers even more so than in 2020. Unmanaged home machines will become targets, and in turn, these easily compromised machines at home will become the pivot point to home-bound corporate devices allowing advanced persistent attacks.

Our continued Quarterly Training and testing will remain one of our best methods to counter attacks and attempts. There are many business processes and practices that translate to our home offices and networks as well. For 2021, I plan to make myself available via MSTEAMS to answer any questions as to what additional processes can be added to your home network. Please feel free to schedule a discussion. No home or business network is identical. However, there are common security practices that should be in place. Here are some things to consider and possibly adjust for your home network. Again, please feel free meet or chat with me via MSTEAMS to discuss making your home network secure.

1. Change the name of your default home network

2. Make sure you set a strong and unique password to secure your wireless network

3. Increase your Wi-Fi security by activating network encryption

4. Turn off the wireless home network when you’re not at home

5. Use a strong network administrator password to increase Wi-Fi security

6. Change your default IP address on the Wireless router

7. Turn off the DHCP functionality on the router

8. Disable Remote Access

9. Always keep your router’s software up-to-date

10. A firewall can help secure your Wi-fi network

-Brian Banks, Internal Information Security Officer