Navigating the Evolving Landscape of Cybersecurity: Must-read from Tower MSA Partners

October 30, 2024

Navigating The Evolving Cybersecurity Landscape | Tower MSA Partners

The Critical Role of Cybersecurity in Building Trust and Integrity

At Tower MSA Partners, we recognize that in today’s digital age, cybersecurity isn’t just a technical issue—it’s a critical component of trust and integrity in our industry. As cyber threats become increasingly sophisticated, it’s essential for all of us to stay informed and proactive, working together to protect our industry.

As National Cybersecurity Awareness Month concludes, we’re excited to share that our very own Chief Technology Officer, Jesse Shade, has authored an insightful article published in WorkCompWire: The Evolving Landscape of Cybersecurity: Essential Measures for Trusted Industry Partners.

In this article, Jesse explores:

  • The latest trends in cyber threats affecting workers’ compensation and Medicare Secondary Payer (MSP) compliance.
  • Essential cybersecurity measures that trusted industry partners should implement to safeguard sensitive information.
  • Strategies for building a robust cybersecurity framework that protects your organization and reinforces trust with clients and partners.

Cybersecurity is more than firewalls and encryption; it’s about cultivating a culture of security awareness and resilience. Jesse’s article provides valuable perspectives on how organizations like ours can navigate the complexities of cyber threats while maintaining the highest standards of service and compliance.

We encourage all our clients, partners, and colleagues to read the full article to gain deeper insights into safeguarding your operations against cyber risks.

Read the full article here: The Evolving Landscape of Cybersecurity: Essential Measures for Trusted Industry Partners.

Tower’s Cybersecurity Measures Go the Extra Mile to Protect Your Data

April 3, 2024

Tower MSA Partners Cybersecurity Measures Go the Extra Mile to Protect Your Data

Navigating cybersecurity landscape: Insights from CTOs on cybercrime trends

Cybercrime continues to mount, threatening organizations of all sizes and types. The right cybersecurity measures matter. And which cyber risks worry Chief Technology Officers the most?  That would be the danger of an employee accidentally opening the door to an attack.

A recent survey of CTOs showed that 59% considered human error a significant security threat.  Highlighted in a March 12 Risk & Insurance brief, the survey was conducted by STX Next with results reported in Technology Magazine.

The phenomenal increase in the sales of cyber insurance underscores the growth of cybercrimes and corporations’ concerns about their impact.  Cyber insurance sales, which were $1 billion in 2013, soared to $16 billion in 2023.

Still, only half the companies surveyed had a cybersecurity insurance policy. Tower, of course, has had cybersecurity insurance for years. It’s necessary, but we hope we never have to use it. Our focus is on detecting and preventing attacks in the first place.

Cybercrime spotlight: Cybercriminals zeroing in on users

Cybercriminals are becoming more sophisticated.  Forget the lone hacker in his basement; now there are large “professionalized” cybercrime operations. They know most companies that hold sensitive personal health or financial data have reinforced their networks and systems, and now criminals have their sights on soft targets, the people.

One wrong click can launch a devastating breach. Without the right kind of education and ongoing awareness of new viruses and scams, employees can easily fall prey to phishing, vishing, smishing, and social engineering issues.

Fortifying remote workforce: Tower’s cybersecurity education to combat cybercrime

Cybersecurity education is essential for a remote workforce, where an employee can’t quickly turn to a teammate for a second opinion on an email. Tower’s employees receive extensive cybersecurity training and understand how to do their part to prevent breaches.

Tower equips our remote workforce with virtual desktop infrastructure (VDI), including VPNs, anti-virus software, and software that analyzes and downloads electronic email attachments before they can be accessed by any of our devices. We also conduct monthly training sessions that cover topics such as how to detect phishing attacks and procedures for reporting suspicious email and malware, and how to handle email attachments that may contain them.

Enhancing cybersecurity protocols: Tower’s robust defense system against cybercrime

We don’t stop there, though.  We conduct annual penetration testing, also called pentesting, where a third-party security expert tries to find and exploit vulnerabilities. Ntierty, our cloud provider, keeps us up to date on the latest viruses and scans our network every week. Tower’s IT department also conducts its own weekly scans using different software as an extra precaution.

And the Tower management team engages in annual cybersecurity tabletop exercises to simulate real-world attacks on Tower’s systems.  These simulations probe for known vulnerabilities, which allows us to develop new strategies and procedures to secure our systems.

We also review our controls, processes and procedures to assess their effectiveness every year in a formal SOC 2, Type 2 audit.  All this is done to continually identify potential vulnerabilities so we can proactively fortify our defenses.

Tower invests significant amounts of time and money to ensure business continuity and the protection and privacy of data. This may sound like overkill, but we understand the risks, and we’re not willing to take chances on our security and the protection of our clients’ data.

To learn more about Tower’s security suite, please contact Chief Technology Officer Jesse Shade at jesse.shade@towermsa.com.

Links

Human Error is Biggest Cybersecurity Threat, CTOs Say | Technology Magazine

5 things business leaders must know to combat the cybercrime menace – Liberty Mutual Business Insurance

https://towermsa.com/your-settlement-partner/security-confidentiality/

New Ransomware Attack Threatens Healthcare Sector

October 30, 2020

threatening hooded figure with the word cyber security superimposed to illustrate post on best practices for cybersecurity

Tower’s cybersecurity partners, Avertium and Vigilant, have advised us of a major ransomware attack, primarily targeting the healthcare sector.  The threat actor, known as “Ryuk,” uses phishing e-mails to gain access and then control of the victim’s computer and ultimately the company’s network.  Once in control, files are encrypted and only decrypted in exchange for a “ransom.”

Avertium sent Tower this joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) detailing a resurgence of this threat.  Avertium also provided its cyber intelligence report which includes information on the attack and preventive measures.

Tower’s Response to Ransomware Threats

As a company that works directly with the healthcare sector, protection of our client’s information is critical to our Medicare Secondary Payer compliance services.  Consequently, upon receiving the report of the Ryuk threat we immediately contacted our cybersecurity partner, Vigilant Technology Solutions, to confirm protections are in place to counteract any threats to Tower’s system.

Vigilant assured us that cybersecurity best practices are in place.  First, its CyberDNA solution actively monitors Tower’s data traffic 24/7 and responds to threats in real time.  Second, our network-installed McAfee Endpoint Protection (MEP) identifies a potential threat as early as possible and prevents the threat from entering the network or database.  Third, our IT pros have previously taken the following recommended actions to keep customer data secure:

  • Ensure MEP is fully deployed to all applicable/at risk assets within your environment
  • Provide security awareness communications to employees as a reminder to be mindful during day-to-day activity:
    • Never open unsolicited emails and their attachments. 
    • Be wary of suspicious looking advertisements.
    • Limit / avoid the use of personal email on company assets.
  • Regularly update infrastructure (both operating system and application software) with the latest patches to ensure full coverage in addition to updated McAfee Anti-Virus software.
  • Ensure backups of data/records are regularly performed and available.

We urge our clients to confirm the above preventive measures are in place for their own network security. 

For more detailed information on preventing ransomware attacks, CISA provides an updated guide which can be found here.  If you have any questions regarding Tower’s cybersecurity program, please contact Jesse Shade, VP of Information Technology at jesse.shade@towermsa.com or 888.331.4941.