Industry News

Important Yet Affordable Cybersecurity Defenses

March 27, 2024

Cybersecurity is a critical topic for the land title insurance and settlement industry and an ongoing threat to every title operation regardless of size, location or years in business.

ALTA is dedicated to helping members safeguard their operations from the constant threat of cyber attacks. Here’s a collection of helpful links to cybersecurity resources provided by ALTA’s Information Security Work Group and other trusted sources. (Note that some solutions require a monthly/yearly fee.

ALTA Resources

• ALTA Cybersecurity Incident Response Plan: Use this tool to help your team to establish and maintain secure systems and be prepared to act quickly if an incident occurs.
• ALTA Cyber System Overview: Use this narrative to improve your understanding of a Cyber System Inventory, why it is important to Cybersecurity efforts, and how to create and maintain your company's inventory.
• ALTA Cyber System Inventory Workbook: Use this model workbook to create and customize your company's inventory.
• ALTA Business Impact Analysis: Use this guide to examine your software applications, determine which resources are critical to your operation, and discover when to add resources to minimize the business impact of downtime.

Security Awareness

• SANS - https://www.sans.org/newsletters/ (OUCH and NewsBites)
• SANS Security Blogs (pick your interest) - https://www.sans.org/blog/
• CISA Cyber Training - https://www.cisa.gov/cybersecurity-training-exercises
• MIST Training Resources - https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content
• Amazon Learning - https://learnsecurity.amazon.com/en/index.html
• Cyber101 - https://www.cyber101.com/
• Cyber Readiness - https://cyberreadinessinstitute.org/
• Udemy - https://www.udemy.com/
• Cybrary - https://www.cybrary.it/
• eDX - https://www.edx.org/
• LinkedIn Learning - https://www.linkedin.com/learning/

Essential Security Tools

Endpoint Detection and Response (EDR) tools

This is a cybersecurity technology that continuously monitors devices to detect and respond to cyber threats like ransomware and malware. Here are some solutions:

• Crowdstrike Falcon Go ($4.99/device/month [min of 5 with 1Y contract]) - https://www.crowdstrike.com/products/
• Crowdstrike Falcon Pro ($8.33/device/month [min of 5 with 1Y contract])
• SentinelOne Singularity Core ($69.99/device/year [min of 5] - https://www.sentinelone.com/platform-packages/ EPP
• SentinelOne Singularity Control ($79.99/device/year [min of 5]) - EDR
• SentinelOne Singularity Complete ($159.99/device/year [min of 5]) – XDR incl [managed services]
• Huntress MDR - https://www.huntress.com/platform/managed-edr

Email Security Tools

• Sublime Email Security (free option available) - https://sublime.security/
• Abnormal Security - https://abnormalsecurity.com/products/inbound-email-security
• Huntress MDR for Microsoft 365 - https://www.huntress.com/platform/managed-detection-and-response-for-microsoft365
• Check your existing email security - https://checkcybersecurity.service.ncsc.gov.uk/email-security-check

Web Security Tools

• Cloudflare SSE & SASE Platform (free version is available for up to 50 users) - https://www.cloudflare.com/zero-trust/products/#overview
• NextDNS (free and low-cost plans are available) - https://nextdns.io/
• Cisco Umbrella (DNS Essentials or SIG Essentials) - https://umbrella.cisco.com/products/umbrella-enterprise-security-packages
• Basic Web Protection – point yourDNS to
  • 1.1.1 – Cloudflare
  • 8.8.8 - Google

Suites (bundles)

• Office 365 - https://www.microsoft.com/en-us/microsoft-365/business#heading-ocb6f5
• Google for Business - https://smallbusiness.withgoogle.com/#!/ and https://workspace.google.com/

Password Managers

A password manager is an app on your phone, tablet or computer that stores your passwords, so you don't need to remember them. Here are a few providers:

• Bitwarden (starts at $10/year) - https://bitwarden.com/
• Dashlane (starts at $60/year) - https://www.dashlane.com/
• 1Password (starts at $36/year) - https://1password.com/
• Check if your password has been leaked - https://haveibeenpwned.com/

MFA Apps

Mobile authenticator apps provide a more secure way to log in to websites and online accounts using multi-factor authentication. Here are some options:

• Authy (free) - https://authy.com/ [most universal, cloud backup]
• Google Authenticator (free) – download from Apple or Google store
• Microsoft Authenticator (free) - download from Apple or Google store
• Duo Security (free up to 10 users) - https://duo.com/

Security Keys

A security key is a small external device that looks like a thumb drive or tag, which can be used for verification when signing in to an account using two-factor authentication.

• Yubikey (keys start at $50 one-time fee) - https://www.yubico.com/
• Feitian (keys start at $25 one-time fee) - https://www.ftsafe.com/Products/FIDO

Logs Aggregation (SIEM)

These platforms aggregate historical log data and real-time alerts from security solutions and IT systems like email servers, web servers and authentication systems. They analyze the data and establish relationships that help identify anomalies, vulnerabilities and incidents.

• CISA Logging Made Easy (free) - https://github.com/cisagov/LME
• Graylog (free and paid plans) - https://graylog.org/
• ManageEngine Log360 - https://www.manageengine.com/log-management/siem-solution-log360.html
• Solarwinds Security Event Manager - https://www.solarwinds.com/security-event-manager
• Datadog - https://www.datadoghq.com/dg/security/siem-solution/
• Cynet XDR - https://www.cynet.com/platform/

Security Subscriptions and Resources

• CISA Alerts and Advisories (subscribe) - https://www.cisa.gov/news-events/cybersecurity-advisories {subscribe for automated delivery - https://www.cisa.gov/about/contact-us/subscribe-updates-cisa}
• CISA Cyber Guidance for Small Businesses - https://www.cisa.gov/cyber-guidance-small-businesses
• CISA Free Cybersecurity Services and Tools - https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools
• CISA Shields Up - https://www.cisa.gov/shields-up

Incident Response

• CISA Incident Response Training - https://www.cisa.gov/resources-tools/programs/Incident-Response-Training
• Huntress Managed Security Platform (Managed EDR, MDR for M365, Security Awareness_ - https://www.huntress.com/platform
• CISA Basic Incident Response Plan - https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf
• IRP Templates - https://www.cynet.com/incident-response/incident-response-plan-template/
• How to build an Incident Response Plan - https://www.upguard.com/blog/creating-a-cyber-security-incident-response-plan

Terminology

(courtesy of Microsoft Copilot)

• EDR, or Endpoint Detection and Response, is like a security camera system for computers. Just as cameras monitor for intruders, EDR watches over computer networks to detect and investigate suspicious activities, helping to protect against cyber threats. It’s a tool that helps keep an eye on the digital safety of a business.
• Managed Detection and Response (MDR)is like having a team of vigilant security guards for your computer network. Imagine your network as a bustling city with lots of digital traffic. MDR experts patrol the virtual streets, watching for any suspicious activity. They jump into action when they spot something fishy—like a hacker trying to break in or malware sneaking around. Their job is to investigate, assess the threat, and take necessary steps to protect your network. It’s like having cyber-savvy guards ensuring that your digital city stays safe! 
• Extended Detection and Response (XDR)is the next evolution of MDR. XDR connects data from different security tools, allowing them to work together seamlessly and giving visibility into the threat across your county.
• SIEM (Security Information and Event Management) is like a digital security command center for organizations. Imagine it as a high-tech control room where experts monitor all the digital activity happening within a company’s network. They keep an eye on things like login attempts, system alerts, and unusual behavior. When something suspicious occurs—like a potential cyber-attack or unauthorized access—the SIEM system raises an alarm. It’s like having cyber detectives who investigate and piece together clues to protect the organization from digital threats. So, think of SIEM as your trusty security team, ensuring that your company’s digital fortress stays strong.

Takeaways

• Standard antivirus software is no longer acceptable or adequate for protection.
• EDR takes antivirus software to the next level and becomes the de facto for endpoint protection.
• If you don’t have IT resources to manage EDR, MDR is the answer. Think of it as an extension of your team.
• SIEM aggregates logs and alerts the IT/Security team of abnormal behaviors and attacks.
• If you lack IT resources to monitor alerts and respond to incidents, XDR is the answer.
• If you have time and resources to focus only on three things, focus on web and email security and EDR

Contact ALTA at 202-296-3671 or [email protected].