Important Yet Affordable Cybersecurity Defenses

March 27, 2024

Cybersecurity is a critical topic for the land title insurance and settlement industry and an ongoing threat to every title operation regardless of size, location or years in business.

ALTA is dedicated to helping members safeguard their operations from the constant threat of cyber attacks. Here’s a collection of helpful links to cybersecurity resources provided by ALTA’s Information Security Work Group and other trusted sources. (Note that some solutions require a monthly/yearly fee.

ALTA Resources

  • ALTA Cybersecurity Incident Response PlanUse this tool to help your team to establish and maintain secure systems and be prepared to act quickly if an incident occurs.
  • ALTA Cyber System OverviewUse this narrative to improve your understanding of a Cyber System Inventory, why it is important to Cybersecurity efforts, and how to create and maintain your company's inventory.
  • ALTA Cyber System Inventory WorkbookUse this model workbook to create and customize your company's inventory.
  • ALTA Business Impact AnalysisUse this guide to examine your software applications, determine which resources are critical to your operation, and discover when to add resources to minimize the business impact of downtime.

Security Awareness

Essential Security Tools

Endpoint Detection and Response (EDR) tools

This is a cybersecurity technology that continuously monitors devices to detect and respond to cyber threats like ransomware and malware. Here are some solutions:

Email Security Tools

Web Security Tools

Suites (bundles)

Password Managers

A password manager is an app on your phone, tablet or computer that stores your passwords, so you don't need to remember them. Here are a few providers:

MFA Apps

Mobile authenticator apps provide a more secure way to log in to websites and online accounts using multi-factor authentication. Here are some options:

  • Authy (free) - https://authy.com/ [most universal, cloud backup]
  • Google Authenticator (free) – download from Apple or Google store
  • Microsoft Authenticator (free) - download from Apple or Google store
  • Duo Security (free up to 10 users) - https://duo.com/

Security Keys

A security key is a small external device that looks like a thumb drive or tag, which can be used for verification when signing in to an account using two-factor authentication.

Logs Aggregation (SIEM)

These platforms aggregate historical log data and real-time alerts from security solutions and IT systems like email servers, web servers and authentication systems. They analyze the data and establish relationships that help identify anomalies, vulnerabilities and incidents.

Security Subscriptions and Resources

Incident Response

Terminology

(courtesy of Microsoft Copilot)

  • EDR, or Endpoint Detection and Response, is like a security camera system for computers. Just as cameras monitor for intruders, EDR watches over computer networks to detect and investigate suspicious activities, helping to protect against cyber threats. It’s a tool that helps keep an eye on the digital safety of a business.
  • Managed Detection and Response (MDR)is like having a team of vigilant security guards for your computer network. Imagine your network as a bustling city with lots of digital traffic. MDR experts patrol the virtual streets, watching for any suspicious activity. They jump into action when they spot something fishy—like a hacker trying to break in or malware sneaking around. Their job is to investigate, assess the threat, and take necessary steps to protect your network. It’s like having cyber-savvy guards ensuring that your digital city stays safe! 
  • Extended Detection and Response (XDR)is the next evolution of MDR. XDR connects data from different security tools, allowing them to work together seamlessly and giving visibility into the threat across your county.
  • SIEM (Security Information and Event Management) is like a digital security command center for organizations. Imagine it as a high-tech control room where experts monitor all the digital activity happening within a company’s network. They keep an eye on things like login attempts, system alerts, and unusual behavior. When something suspicious occurs—like a potential cyber-attack or unauthorized access—the SIEM system raises an alarm. It’s like having cyber detectives who investigate and piece together clues to protect the organization from digital threats. So, think of SIEM as your trusty security team, ensuring that your company’s digital fortress stays strong.

Takeaways

  • Standard antivirus software is no longer acceptable or adequate for protection.
  • EDR takes antivirus software to the next level and becomes the de facto for endpoint protection.
  • If you don’t have IT resources to manage EDR, MDR is the answer. Think of it as an extension of your team.
  • SIEM aggregates logs and alerts the IT/Security team of abnormal behaviors and attacks.
  • If you lack IT resources to monitor alerts and respond to incidents, XDR is the answer.
  • If you have time and resources to focus only on three things, focus on web and email security and EDR

 


Contact ALTA at 202-296-3671 or [email protected].