(Image Courtesy of engadget.com)
You may have heard the recent news but if you haven't it could have implications for you and your organization. Secretary of Homeland Security Elaine Duke issued a "Binding Operational Directive (BOD)" on September 13th which directed Federal Executive Branch departments and agencies to remove any security products, services, and solutions associated directly or indirectly with Kaspersky Lab or related entities. The reason for this directive stems from Kaspersky's suspected ties with Russian intelligence. So what does this mean if you are part of a government agency? It means you have to make changes quickly. Specifically, the government has set up a time table that includes:
- Identifying whether Kaspersky products are being used in your system within 30 days.
- Discontinue present and future use of Kaspersky products within 60 days.
- Begin implementation of removal of Kaspersky products within 90 days.
If you are a government agency, this means that you need another solution and quick. While the ban is specific to government entities, businesses and organizations of all kinds should take note. The effects of this ban are already rippling through business and individual consumers. Shortly after the ban, Best Buy and Office Depot both said they will no longer be selling the software in their stores.
What does this mean for my business/organization?
This is a question being asked by a lot right now. The answer is not clear. However, some experts claim that businesses and organizations should minimize risk by removing Kaspersky. According to the Chicago Tribune, Michael Sulmeyer, director of a cyber-security program at Harvard, noted that antivirus software has deep access to the user’s computer and network.
“Voluntarily introducing this kind of Russian software in a geopolitical landscape where the U.S.-Russia relationship is not good at all, I think, would be assuming too much risk,” he said. “There are plenty of alternatives out there.”
Several organizations have approached us since the ban wondering if they should follow suit. Our advice is the same we provide to anyone who approaches us about their cyber-security protection, you don't want to have any questions about your cyber-security. You don't want to wonder if you are fully protected. You want assurance that you have the best protection possible. With so many types of cyber attacks, cyber-security is something you cannot afford to have questions about.
What are your alternatives?
There are many reasons that Pine Cove Consulting has been a Sophos Security partner for over 15 years. The main reason is that we believe that Sophos provides the world's most robust and comprehensive cyber-security. To read more about why we partner with Sophos check out our previous blog, "Why Sophos Security? | Pine Cove's Top 5 Reasons."
If you have any doubts about your cyber-security protection, then we recommend that you reach out to us and let us conduct a free cyber-security risk assessment. This assessment will allow us to identify any possible weaknesses you have in your current protection and we will also be able to provide more specific and personal solutions to those weaknesses.
Conclusion
If you currently operate with Kaspersky you should be keenly aware of this government ban and evaluate all options. If you are a government entity then you need a plan and quickly. Contact us for assistance. If you are an organization observing this ban from the outside, consider this a wake up call and opportunity to evaluate your cyber-security protection.
For the full statement from the Department of Homeland Security see: https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01
