Use Strong Passwords: Create complex passwords (8-64 characters, including special characters). Use two-factor authentication and change passwords regularly to prevent brute force attacks.

Install Anti-Virus Software: Choose reputable software with daily updates. It scans for and removes viruses, protecting your system.

Use Anti-Spyware and Anti-Malware: These programs detect and remove harmful software. Use multi-layered security for better protection.

Perform Daily Scans: Regularly scan your system to catch/remove threats.

Backup Data Regularly: Use cloud services or external drives to back up data, ensuring it’s retrievable in case of an attack.

Update Your System: Regular updates fix vulnerabilities that hackers could exploit. Enable automatic updates for convenience.

Use a Firewall: Configure your system’s firewall to block unauthorized access. Update settings as needed.

Email Caution: Avoid opening emails from unknown senders and delete suspicious messages to prevent infections.

Internet Safety: Be wary of unfamiliar websites, ads, and pop-ups. Check URLs for accuracy before clicking links.

Learn Security Basics: Educate yourself and your employees on cybersecurity to make informed decisions and protect your network effectively.

Source:

Foley & Lardner LLP published its second annual Manufacturing White Paper examining business and legal trends that will influence the manufacturing industry.

As the global economy continues to face supply chain complexities, geopolitical tensions, and economic uncertainty, manufacturers continue to face rapid transformations across the sector. With new trade policies and increasing regulatory enforcement on the horizon, along with smart manufacturing and new technologies like generative AI, manufacturers are reevaluating their business strategies and operations.

Foley’s research explores these transformational shifts in detailed sections, including:
• Electrified and Connected All at Once: New Challenges Facing Supply Chains, Best Practices, and Lessons Learned
• Cybersecurity Threats in the Manufacturing Industry
• The New Era of Customs Enforcement
• How to Protect Intellectual Property During Product Development
• Terminating Reseller Relationships Amidst the Network-Consolidation Trend: What Manufacturers Need to Know
• Top Environmental Issues Facing the Manufacturing Sector: The EPA Tackles Climate Change and Emerging Contaminants
• The Dawn of Generative AI in Manufacturing: Opportunities, Implications, and the Future

To read the complete white paper on manufacturer legal issues, go to .

Members of our Association are entitled to no-cost 60-minute confidential consultations with attorneys. For legal help with dealer law, call Foley & Lardner LLP at (414) 319-7303.

| Member since 1994

In light of the growing number of cyberattacks, many companies are turning to two-factor authentication (also commonly called 2FA or multifactor authentication) to enhance their cyber security.

While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts. So how exactly does two-factor authentication work?

What Is Two-factor Authentication?

While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, two-factor authentication is key.

Two-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks and servers.

With two-factor authentication, it’s not enough to just have your username and password. In order to log in to an online account, you’ll need another “factor” to verify your identity. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand.

A more secure way to complete two-factor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm (meaning it’ll expire if you don’t use it after a certain period of time). With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.

Why Two-factor Authentication and Password Management Is Important

As two-factor authentication becomes more popular, some states are considering requiring it for certain industries. It’s possible that as cyber security concerns continue to grow and cyber attacks become more common, other states will follow suit.

Even if it’s not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.

Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.

Member Benefit: Association members are entitled to comprehensive cybersecurity resources. To activate your cybersecurity benefit, go to . Click on “forgot password” and follow the prompts to create a login. Contact Membership Director, Matt Rice, in the Association office at (314) 878-2304 or via email at Matt@FarmEquip.org if you experience issues or have questions.

In order for organizations to truly protect themselves from cyberbullying, companies must play an active role. Not only does involvement from leadership improve cybersecurity, it can also reduce their liability. To help oversee their organization’s cyber- risk management, companies should ask the following questions:

Does the organization utilize technology to prevent data breaches?
Every company must have robust cybersecurity tools and anti-virus systems in place. These systems act as a first line of defense for detecting and preventing potentially debilitating breaches.

While it may sound obvious, many organizations fail to take cyberthreats seriously and implement even the simplest protections. Companies can help highlight the importance of online security, ensuring that basic, preventive measures are in place.

Has the company’s management team identified a senior member to be responsible for organizational cybersecurity preparedness?
Organizations that fail to create cybersecurity leadership roles could end up paying more for a data breach than organizations that do. This is because, in the event of a cyber incident, a fast response and clear guidance is needed to contain a breach and limit damages.

When establishing a digital leadership role, companies need to be involved in the process. Online security leaders should have a good mix of technical and business experience. This individual should also be able to explain cyber-risks and mitigation tactics at a high level so they are easy to understand for those who are not well-versed in technical terminology.

Hiring a chief information security officer or creating a new digital leadership role is not practical for every organization. In these instances, organizations should identify a qualified, in-house team member and roll cybersecurity responsibilities into their current job requirements. At a minimum, companies should ensure that their company has a go-to cybersecurity resource.

Does the organization have a comprehensive cybersecurity program? Does it include specific policies and procedures?
It is essential for companies to create comprehensive data privacy and cybersecurity programs. These programs help organizations build a framework for detecting threats, remain informed on emerging risks and establish a cyberattack response plan.

Companies should ensure that cybersecurity programs align with industry standards. These programs should be audited on a regular basis to ensure effectiveness and internal compliance.

Does the organization have a breach response plan in place?
Even the most secure organizations can be impacted by a data breach. What’s more, it can often take days or even months for a company to notice its data has been compromised.
While cybersecurity programs help secure an organization’s digital assets, breach response plans provide clear steps for companies to follow when a cyberattack occurs. Breach response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damage.

Companies should ensure that crisis management and breach response plans are documented. Specific actions noted in breach response plans should also be rehearsed through simulations and team interactions to evaluate effectiveness. Additionally, response plans should clearly identify key individuals and their responsibilities. This ensures that there is no confusion in the event of a breach and your organization’s response plan runs as smoothly as possible.

Has the organization discussed and formalized a cyber-risk budget? How engaged is management in terms of providing guidance related to online exposures?
Both overpaying and underpaying can negatively affect an organization. Creating a budget based on informed decisions and research helps companies invest in the right tools.

Has management provided adequate employee training to ensure sensitive data is handled correctly?
While employees can be a company’s greatest asset, they also represent one of their biggest online liabilities. This is because hackers commonly exploit employees through phishing and similar scams. When this happens, employees unknowingly give criminals access to their employer’s entire system. In order to ensure data security, organizations must provide thorough employee training. Management should help oversee this process and make training programs meaningful and based on more than just written policies.

Has management taken the appropriate steps to reduce online security when working with third parties?
Working alongside third-party vendors is common for many businesses. Management can help ensure that vendors and other partners are aware of their organization’s cybersecurity expectations. The company’s management team should draw up a standard third-party agreement that identifies how the vendor will protect sensitive data, and whether the vendor will subcontract any services, and how it intends to inform the organization if data is compromised.

Does the organization have a system in place for staying current on online trends, news, and federal, state, industry and international data security regulations?
Digital legislation can change with little warning, often having a sprawling impact on the way organizations do business. If organizations do not keep up with federal, state, industry and international data security regulations, they could face serious fines or other penalties.\Companies should ensure the chief information security officer is aware of his or her role in upholding online compliance. In addition, they should ensure that there is a system in place for identifying, evaluating and implementing compliance-related legislation.

Additionally, companies should constantly seek opportunities to bring expert perspectives into security related discussions. Often, authorities from government, law enforcement and cybersecurity agencies can provide invaluable advice. Building a relationship with these types of entities can help organizations evaluate their digital strengths, weaknesses and critical needs.

Has the organization conducted a thorough risk assessment? Has the organization purchased or considered purchasing cyber liability insurance?
Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage you need varies on the company’s range of exposure. This article is provided by Zywave, which offers Association members resources at no cost.

To activate your cybersecurity benefit, go to . Click on “forgot password” and follow the prompts to create a login.
Contact Membership Director, Matt Rice, in the Association office at (314) 878-2304 or via email at Matt@FarmEquip.org if you experience issues or have questions.

Answer: The United States is behind other countries in clarifying companies’ responsibilities in the wake of a cyber security breach. There are only agency-by-agency, or state-by-state requirements. Consult your IT provider, insurance company and/or legal counsel to determine which requirements apply to you.

We recommend, however, that companies report the nature and scope of cyber security breaches to law enforcement agencies and the companies and individuals potentially impacted.

The FTC has published a “Data Breach Response Guide for Businesses,” which can be found at . Among suggestions in the guide:

• Determine your legal requirements by state or applicable federal regulations;
• Notify law enforcement;
• Notify affected businesses, including financial institutions, if applicable;
• If social security numbers have been involved, contact the three major credit bureaus (Equifax, Experian, Transunion) to obtain additional information and advice;
• Notify individuals, based on the circumstances of the breach and your requirements under No. 1.

The guide includes a letter template that can be used for drafting such notifications.

All 50 U.S. states have enacted some form of legislation requiring government and/or private entities to notify individuals when a breach of Personally Identifiable Information (PII) has occurred. Unfortunately, there is no consistent definition of what constitutes PII. Some states define this information to be solely “critical PII,” such as social security numbers, drivers’ license numbers, or bank account numbers. Other states define PII more broadly to include date of birth, address, or in at least the case of California, information as broad as a name and zip code.

Further, states currently do not agree on the definition of what constitutes a breach, nor on the timing for how soon after a breach is discovered that individuals must be notified, nor on what exemptions might exist, such as an exemption if the only information taken was encrypted.

Companies with customers in several states can be subject to a patchwork of different regulations. It is considered best practice to comply with the most-restrictive regulations your company could be subject to, which in the U.S. are the guidelines in California or Illinois (depending on the nature of the data disclosed).

Given the attention being paid to this issue at all levels of government, it seems likely that the U.S. will soon have a comprehensive set of cybersecurity regulations and disclosure requirements.

Until then, what should companies do in response to a breach?

First, recognize that cybersecurity is one of the few areas where the victim of a crime can become subject to legal jeopardy as a result of their victimization. While this may seem unfair, in this case, companies are acting as custodians of their customers’ personal information. Even though the company is itself a victim of cybercrime, it has a responsibility to protect its customers from further harm.

In the jurisdictions where they exist, these cyber response laws are not optional! Failing to prepare or fulfill your responsibilities under these laws can subject a company to penalties worse than the fallout from the actual breach.

Companies must develop an incident response plan and train staff on a breach response. Following best-practices and notification rules leads to the best outcomes. Companies, individuals, and enforcement agencies respond more favorably to incidents that were well-handled and well-communicated.

The Association has partnered with Enquiron, which provided this article, to offer members the Shortline Cyber Resource Center. This no-cost resource provides access to information, training and tools to help companies prevent a cyberattack and respond effectively if they fall victim, including help in creating an incident response plan. If you haven’t yet activated your member benefit, go to . Click on “forgot password” to follow the prompts to create a login. Call the Association office with questions at (314) 878-2304. Or, contact Enquiron at (877) 568-6655; press one for assistance.

Experts say they are right to worry.

“We are on the cusp of a global pandemic,” Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, recently told Congress.

The threat is not a biological disease in this case but rather digital.

No company is safe from ransomware. Preventing even bigger future attacks will require a so-far elusive degree of coordination between the public and private sectors in dozens—if not hundreds—of countries.

“Cybersecurity will be the issue of this decade in terms of how much worse it is going to get,” IBM CEO Arvind Krishna said recently.

Analyst Allie Mellen said companies’ main strategy is to pay up if hit—and to try to be slightly less vulnerable to attack than their competitors. “What do security pros do right now to lower their risk in the face of future ransomware attacks? Outrun the guy next to you,” Mellen said.

Association partner Sentry recently introduced an online cyber liability resource available to members who are policyholders. Through a relationship with Enquiron, Sentry is offering a library on topics such as phishing, ransonware, privacy, passwords, hacking, malware, and threat analysis. Policyholders also have access to:

• A cyber risk assessment template
• Online cyber training for managers and employees
• Webinars
• Phishing security testing, and
• An incident response plan template.

To learn more about this resource, contact Sentry at (715) 346-6985.

“There is no silver bullet for solving this challenge,” says a report from the Institute for Security + Technology. “No single entity alone has the requisite resources, skills, capabilities, or authorities to significantly constrain this global criminal enterprise.”

While the work continues with the National Security Council as well as technology organizations—private and public—companies must be aware of the risks and proactive in addressing them.

Sources: Axios, Sentry

Research suggests that over 60 percent of data breaches are linked to third-party vendors, which means organizations that focus only on securing their own networks offer backdoor access to a wealth of customer and product information.

Managing these vulnerabilities requires companies to collaborate with key supply-chain partners in ways such as jointly assessing risks in the supply chain and coordinating investments in safeguards. Writers offered four fundamentals:

• Understand the risks;
• Map the end-to-end supply chain;
• Model the likelihood and impact of relevant risks; and
• Coordinate investments to protect the entire supply chain.
• See the article at the Association’s .

Today’s scams, however, are sophisticated frauds that cost American businesses and individuals billions of dollars a year, federal investigators say.

Estimated losses have soared in recent years from scams known as business-email compromises, in which swindlers con victims into directing money into accounts controlled by criminals. In 2019, the Federal Bureau of Investigation received 23,775 complaints of business-email and email-account compromises, up from 20,373 the prior year.

Annual estimated losses increased too, rising from $1.2 billion in 2018 to more than $1.7 billion in 2019, the FBI said.

“Now the actors involved are a lot more sophisticated, and share intelligence and organized networks,” said Michael Driscoll, special agent in charge of the cyber-and-counterintelligence division of the FBI’s New York office.

Business-email scams first appeared on the bureau’s radar about a decade ago. Back then, the scams tended to be relatively simple, designed to imitate an email from a chief executive asking an employee to transfer money.
Over the years, the scams shifted.

Perpetrators targeted personal email addresses in 2014, pretended to be lawyers in 2015, then moved on to requests for tax information and targeting real-estate transactions.

One new iteration, federal officials said, involves fake requests to divert payroll funds. In this scam, someone in a business’s payroll or human-resources department receives an email purporting to be from an employee. The email asks to update direct-deposit information for that pay period, which then goes into an account controlled by a swindler.

The scams also have shifted from using spoofed emails, often sent from an address similar to one within the company, to the actual hacking of accounts, said an attorney who represents victims of the scheme.

“The email gets hacked, and the bad guys can step into the email threads,” said the attorney and former cybercrime prosecutor. “This is no longer a situation where some person who wasn’t paying close attention got duped.”

Source: Wall Street Journal

The division of Homeland Security that oversees cyber risks warns that older versions of Firefox include a critical vulnerability that allows an attacker to take control of a user’s complete operating system, and that vulnerability is already being exploited.

Get details on how to update your browser at .