Free Webinar: Responding to Cybersecurity Insurance Eligibility Changes, March 17

2022-04-04T19:11:59-04:00February 25, 2022|Webinar Recordings|

Many broadband network providers are being put on notice by their insurance companies that they need to better secure their networks or else potentially face higher premiums or loss of their cybersecurity coverage. JSI invites you to a free webinar on Thursday, March 17, 2022, at 2:00 pm (Eastern) in which we will talk with Telcom Insurance Group President and CEO Peter Elliott about recent cyber incident claims that his company has seen and the increased protections insurers are demanding, including Multifactor Authentication (MFA).

JSI’s cybersecurity experts will then dig into these new requirements, how they can benefit your company even beyond your insurance coverage, and how they will affect your employees and operations. Finally, we will take an in-depth look at MFA: which systems are affected; how to choose, implement, and administer MFA software and policies; and what else is needed to get started.

Purchase Recording

If you were unable to attend this webinar, you still can obtain a recording of this program by emailing our marketing department by clicking the button below or by calling our Maryland office at 301-459-7590.

Protecting Your Network from Hackers and Cyber Attacks

2021-11-02T13:11:52-04:00May 18, 2021|e-Lerts|

As we recently saw with the Colonial Pipeline cyberattack, ransomware continues to grow as a threat to service providers, including broadband providers, and taking down services for a ransom is always in the news. As major companies pay ransoms to regain control of their networks more quickly, cybercriminals are encouraged to continue to attack. As such, security must not be an afterthought for ISPs.

Executives often assume their companies have proper backups to be able to recover quickly from an intrusion. But even with clean backups, restoring the network from last night’s backup often means an all-day outage, possibly much longer. Add to that, any work performed since the backup – payments, customer changes, maybe even a payroll – must be duplicated to return to normal. And if you find out you don’t have a good backup, you must obtain cryptocurrency to buy the key and hope the key works. Ransomware attacks, especially those where a ransom is paid, can have long-lasting effects even after the cyberattack is over.

Good backups are essential, but these are just one small piece of the security puzzle. More significant is to avoid becoming a victim. But as we see time and again in our network audits, ISP core networks are much less secure than management imagines. Here are a few takeaways from recent service provider network audits we’ve done:

  • End-of-life equipment is still widely used even though it’s no longer receiving security patches. Vulnerabilities in this equipment, even those directly related to security such as firewalls and session border controllers, are being taken advantage of to disrupt or breach the network.
  • Core routing and switching elements, as well as ISP servers, often are not behind firewalls nor have proper access control. Attempted breaches happen continuously but are not being monitored or addressed.
  • Unneeded default protocols and features haven’t been disabled. What’s worse, often no one in the organization is aware of these potential vulnerabilities.
  • DDoS mitigation is missing or inadequate. DDoS ransomware attacks are on the rise. Unlike restoring from a backup, DDoS mitigation can take days or even weeks to implement.

Well planned out, comprehensive security policies, especially for key infrastructure, are a must. And all employees must have a security-first mindset to recognize threats and protect the company’s network and data.

For more information on how to safeguard your company from these growing cyberattacks, including auditing your network’s current vulnerabilities, contact Dennis Wisdom at 806-866-9900.

Webinar: Protecting Your Broadband Network from Denial of Service Attacks

2020-11-10T14:27:58-05:00November 10, 2020|Webinar Recordings|

Denial of Service attacks are on the rise and your broadband network and your customers could be targets at any moment. Is your network protected from attackers trying to slow or even bring down your internet connection?

On our recent webinar, N-Com’s network security gurus talked about how easy it is to launch these attacks and the different ways to protect your network and customers from them:

  • What are DDoS attacks?
  • Why would someone start a DDoS attack?
  • How are DDoS attacks launched?
  • Why is attack mitigation difficult for ISPs?
  • Solutions rural ISPs can implement

This free webinar is geared towards both decision makers concerned about the network’s security and the technical staff who maintain your company’s network.

If you have questions about the webinar or if you’d like a copy of the recording, please contact Brenda Cordwell at 240-556-1295. You can also learn more about N-Com’s Automated Service Attack Protection (ASAP) at https://asapddos.com/.

About N-Com
N-Com is JSI’s newest division, added in September 2020. Established in 2004, N-Com engineers have a strong background in communications engineering that reaches back as far as the 1970s. Their participation in the industry evolution over the past several decades has yielded a unique perspective in planning a migration path to the future. From day one at N-Com, it was recognized that the future of telecommunications was broadband data. N-Com intentionally combined traditional telecom engineering services with IP technology expertise to assist rural telecom companies with their migration to carrier-class IP-based broadband networks. Today, N-Com is a strategic partner, working alongside those same providers as well as those who are new to and entering the broadband delivery market to help engineer, maintain and secure the complete communications network. N-Com can be found at https://ncom.co/.

Video Providers Reminded to Check EAS Equipment Security

2020-05-01T10:50:48-04:00May 1, 2020|e-Lerts|

Video providers recently received emails from the FCC reminding them of the importance of security measures for Emergency Alert System (EAS) equipment connected to the internet. The FCC said it is aware of various instances of IP-based equipment without adequate security to protect it from disabling or exploitative attacks.

Video providers should review the security of their system’s EAS equipment and are advised to ensure that:

  1. Default passwords have been changed;
  2. Equipment is updated with current security patches; and
  3. EAS equipment is secured behind properly configured firewalls and other defensive measures.

There are detailed best practices concerning administration of the EAS system. JSI can provide a copy of these best practices upon request. The FCC also encourages EAS participants to contact their equipment manufacturers if there are any questions regarding the internal security of EAS equipment.

Please contact Marty Kluh or Valerie Wimer at 301-459-7590 if you have questions.

Webinar: Data Defense, Part II – Cybersecurity Risk Assessment Preparation

2017-10-30T11:29:59-04:00January 26, 2017|Webinar Recordings|

Learn how to meet the FCC’s new broadband security risk assessment requirement

Although many of the rules in the FCC’s October 2016 Broadband Privacy Order will not be applicable for small ISPs until later down the road – or at all, depending on how the rules hold up against the incoming administration – one requirement has an upcoming deadline. By March 2, 2017, all telecom providers and ISPs, including those of JSI clients, must implement “reasonable” data security measures to protect customer information. The FCC suggested providers use the National Institute of Standards and Technology’s (NIST) framework as part of their overall data security risk management.

Recently experts from JSI, as well as NTCA’s cybersecurity risk assessment guru Jesse Ward, held a special webinar guiding clients through what is involved in implementing data security measures that comply with the FCC’s requirement, plus the tools and processes companies can use to conduct their data security risk assessment.

In this webinar, you will learn:

  • Details of the risk assessment requirement that must be completed by March 2
  • Roles of directors, managers, and other key personnel in the data security risk assessment process
  • Features of NTCA’s cybersecurity tool
  • Benefits of following the NIST framework
  • Managing the costs of data security
  • Maintaining an ongoing risk assessment strategy
  • Changes coming to the FCC and how the broadband privacy rules might fare under a new chairman and commissioners

A recording of the webinar is available for $249. This webinar also is part of our 2017 Video Compliance Webinar series. Companies that subscribe to JSI’s Video Compliance Service will receive a $70 discount on this event.

For more information or to request the webinar recording, Brenda Cordwell in the Maryland office at 301-459-7590.

FCC Sets Deadlines for New Broadband Privacy Rules, Eliminates Annual CPNI Filing

2017-05-19T10:09:36-04:00January 13, 2017|e-Lerts|

The FCC’s Order applying CPNI and other privacy requirements to broadband Internet Service Providers (ISPs) became effective January 3, 2017. The Order eliminated several existing rules, but added additional key requirements for ISPs to meet.

JSI, in partnership with NTCA, will hold a webinar, “Data Defense, Part II – Cybersecurity Risk Assessment Preparation,” on January 26, 2017, at 2 p.m. Eastern (1 p.m. Central) to discuss these requirements in more detail and focus on data security obligations which become effective March 2, 2017.

Rules Eliminated
With the effective date of the Order, changes made to existing rules have taken effect. Most notably for JSI clients, this includes eliminating the requirement for telecom and VoIP providers to annually file a CPNI certification and procedures statement with the FCC. Accordingly, no annual CPNI certification must be filed by March 1, 2017.

The Order also eliminated the requirement to train personnel regarding the use of CPNI and to have an express disciplinary process in place. JSI cautions, however, that companies should continue to train their staff and have a disciplinary process in place to ensure that employees’ actions do not subject the company to fines for violating FCC privacy rules.

Additional changes to the existing rules include eliminating all of the requirements pertaining to “opt out” notices, including the requirement to send notices every two years. The Order also eliminated all recordkeeping requirements, including instances where CPNI was disclosed or provided to third parties. According to the Order, eliminating these requirements reduces burdens for small carriers “which often may not need to record approval if they do not use or share customers’ proprietary information for purposes other than the provision of service.”

Major New Rules & Effective Dates
Data Security: Voice and broadband providers must take reasonable measures to protect customer proprietary information (PI), which include adopting practices “appropriately calibrated” to the nature and scope of the providers’ activities, the sensitivity of the underlying data, the size of the provider, and technical feasibility.  Effective date: March 2, 2017.

Breach Notification: Voice and broadband providers must notify affected customers, the FCC and the FBI/Secret Service of data breaches unless the carrier is able to “reasonably determine” that a data breach poses no reasonable risk of harm to the affected customers. Effective date: June 2, 2017 or Paperwork Reduction Act (PRA) approval date, if later.

Notice and Customer Approval: Voice and broadband providers must provide privacy notices that “clearly and accurately” inform customers about what confidential information they collect, how they use it, under what circumstances they share it, and the categories of entities with which they will share it (examples of such “categories” include communications-related services, marketing firms or nonprofit organizations). Providers also must inform their customers about customers’ rights to opt in (for sensitive PI) or opt out (for non-sensitive PI) of the use or sharing of their confidential information. Providers must distribute their privacy policies at points of sale and have them posted on their websites and give customers advance notice of any material changes to the policies. Effective date: December 4, 2017 or Paperwork Reduction Act (PRA) approval date, if later; smaller providers have an additional 12 months to comply.

JSI remains committed to assisting interested clients with compliance activities associated with the new rules. JSI is revising its CPNI training materials to incorporate the changes and will provide further information regarding additional ways we can assist you in the coming weeks. In the meantime, our broadband privacy team is available to answer any questions. Please contact John Kuykendall or Terri Parrilla in JSI’s Maryland office at 301-459-7590, Dee Dee Longenecker in JSI’s Texas office at 512-338-0473, or Lans Chase in JSI’s Georgia office at 770-569-2105 for more information.

Source: JSI e-Lert

Go to Top