Tag Archives: cyber attack

Training Your Employees to Help Avoid Cyberattacks

Commonly, employees are thought to be the “weak link” in combating cyberattacks. What if, with thorough training, your employees become your best resource in fighting attacks like phishing, ransomware and malware, and social engineering attacks? These threats can all lead to your network and data being compromised as well as your business losing revenue and your clients’ trust. Read on to learn more about common threats and how to train your employees to have a role in combating them.

Know the Threat Landscape

Threats to cybersecurity abound, and some of the most common are ransomware and malware, which can get to your network via phishing schemes and social engineering attacks. Ransomware is a type of malware in which files are encrypted and become unreadable, and can only be available again if the user pays money (a ransom) to get a key to get the files unlocked. Malware, in general, is malicious software designed to steal confidential information, insert a virus into the network, or both. Commonly, malware and ransomware enter a network via social engineering attacks such as phishing schemes. A bad actor pretends to be someone the victim knows, and tricks them into giving confidential data. For example, the attacker may pretend to be a fellow employee needing assistance that requires access to the network. Instead of trying to find and exploit weaknesses in the system itself, the criminal tries to find “weaknesses” in the victim–a desire to help others, for example. 

Train Employees to Recognize and Prevent Attacks

There are excellent online and in-person training programs to prevent cyber attacks. This training can be a good foundation in knowing more about the risks and how to prevent them. Training is not just a one-time endeavor; rather, it needs to be practiced consistently. Part of training should involve teaching employees how to recognize social engineering attacks, such as phishing. Clues to a phishing email can include misspellings and grammatical errors in the body of the email, along with urgent calls to action (even threats). One way to assess which employees might fall prey to a phishing scheme is to send a fake phishing email with a link in it, and discover who clicks on the link. 

Aside from recognizing attempts to get into a company’s network, there are other common-sense practices to stay safe. One is effective password management, encouraging formulation of strong passwords initially, and changing them regularly. Also, not sharing passwords with others is a basic rule of thumb. Furthermore, discouraging use of unsecured Wi-Fi (which might be used by employees working outside the office) helps keep your network safe.

To learn more about the existing and evolving threats and how to combat them, contact your trusted technology advisor today.

Cyber Security

Train Your People to Fight Cyberattacks

With the advance of technology, many benefits have come to businesses—commerce taking place twenty-four hours a day and the ability to have meetings with workers half a world away, among others—but cybercriminals have learned to exploit technology, using practices such as phishing (planting a fraudulent link in an email) to gain access to business’s data and networks.  With social engineering, Phishing, and Spearfishing on the rise it is important for you to raise employee awareness about these threats. Read on to discover how to keep your business safe from this type of intrusion.

What Phishing is and How to Prevent It

Phishing is an increasingly popular way for attackers to access company data and plant malware in a network. A phishing attempt involves putting a fraudulent link in an email to get the recipient to click on the link and unwittingly import malware into their company’s network. Spear phishing, a related type of attack, focuses on an organization or individual. Employees can be trained to recognize an attempt by looking for clues. One is misspellings and grammatical errors in the message. Another tipoff is a strange or suspicious sender’s address; if it looks strange or suspicious, don’t open the email. Yet another practice is to point the mouse arrow over a link to look at it without clicking. All are things an individual can do, and there are additional effective practices.

Focus on the Fundamentals

The best preventive measures are simple. According to a CompTIA article, getting the basics right is one of the soundest investments a business can make. Prevention, as always, is far less costly than repair. While tools, current antimalware definitions and operating system patches are important, much of your company’s preventive power lies with employees. Developing a culture oriented toward protecting a business’s technological assets is far more effective than placing blame if a phishing attempt gets past defenses. Phishing schemes have become so clever they can catch anyone unaware. An all-day training can be a good start, but the training should be a regular part of your business’ strategy for keeping itself safe.

As technology advances, cyberattack attempts will keep pace. Companies should remember one of their most powerful assets—their people. To learn how to train your employees and develop a culture of security, contact your technology advisor today. 

Cybersecurity Risks and Preventive Action

Even with so much information available about how to protect your network and business from data breaches and cyber attacks, a surprising number of businesses aren’t prepared. Read on to learn about how to make your company an exception.

Know and Understand the Risk          

A recent Forbes article reports on a new survey of 600 IT security and IT Operations decision-makers. The results reveal the level of risk to networks and the level of business’s preparation—and how much education and preparation are still needed. According to survey results, 60% of respondents had a data breach within the last two years, and more than 30% had experienced more than one breach. Vulnerabilities can occur anywhere—in a company’s on-premise systems, or through an employee’s mobile device accessed in an unsecured area. All it takes is one weak spot in the network, to compromise the entire system. Common causes of breaches include lack of security protocols to begin with (52% of respondents), unpatched software (51%), and lack of automation in patch application.

Steps to Protect Your Network’s Security

Instead of simply lamenting the lack of security, these statistics serve to point the way to achieving network security.  Knowing problems common to businesses can guide your business in what aspects of network security to focus on first. Businesses can start by performing a network audit to find any weak spots where network security vulnerabilities may exist.

Be sure to check that OS patches are up-to-date, and that antivirus and anti-malware definitions are current. Monitor endpoints including mobile devices and devices used by remote workers and perform periodic network scans to detect any data bottlenecks or weak spots. Depending on the nature of data your company gathers, and whether the company is subject to special industry regulations, public or private cloud environments can be used to protect and back up data. Just as important as these technical measures is educating your employees about how to recognize malware intrusions that can occur via “phishing” emails and how to identify and report breaches.

While the chance of a cyberattack will always exist, the risk to your business can be minimized. To evaluate and start improving the security of your network, contact your technology advisor today to get started.

The Importance of a Business Continuity Plan

With some parts of the country heading into tornado season, and with natural and man-made disasters a possibility anywhere, there’s no time like now to consider how to keep your business running in the event of a flood, fire, earthquake, or even a cyber attack. A Business Continuity (BC) plan keeps your business running both during and after a disaster, minimizing downtime and the resulting loss of revenue and reputation. Read on to learn more about what such a plan can mean for your business.

The Cost of Not Being Prepared

An event such as a storm or a cyber attack has the potential to severely impact your business. According to technology research firm Gartner, businesses that experience a data disaster have a two-year survival rate of just 6%. Also, for every hour of downtime, $42,000 can be lost. Moreover, the loss of reputation of your business if customer data is lost or leaked, can be significant. If your business is in an industry subject to special regulations (HIPAA, for instance), data compromise can bring about fines and other penalties. To avoid these consequences, and to get the best results from your business’ technology budget, ask questions to assess your risks.

Components of a Business Continuity Plan

One key consideration is which components of your business are mission-critical. Perhaps it’s maintaining access to data that is needed to run the business. Or it’s keeping the data you have safe. Perhaps it’s ensuring employees within your company can communicate with each other by email. Another part of the plan is to determine recovery-time objectives, how long your business can be interrupted without costing revenue through downtime. When it comes to human resources, decide in advance who is going to be responsible for which elements of recovery. Regarding data storage, decide whether you want it stored on-premise, in the cloud, or a combination of both. In developing a plan, imagine different scenarios; your plan in a natural disaster may be a bit different than in the case of a data breach.

Keeping your data safe and your business in business is the goal, whatever the hazard. If you need assistance developing or fine-tuning your business continuity plan, contact your technology advisor today.

Cyber Crime

Closing the Door on Cyber Crime

Businesses today are under constant attack from Cyber Criminals. Ransomware,  including the WannaCry Virus , is an example of a top threat to avoid. With the risk of lost data, lost productivity and lost reputation, isn’t it time to close the door on Cyber Crime? Here are a few tips to defend your company from potential cyber attacks.

Document Operating System Security Patch Policies and Procedures

Take the time to review and update your documented security policies and procedures.  Security and related patch policy should identify who is responsible for application and operation of system patches and system updates. Clearly determine whose responsibility it is to apply the latest operating system and related security patches. Whether this process is manual, or done automatically through a managed service, be sure your employees know which is the case. Also, document your policies to verify all your systems are in compliance.

Review your Cybersecurity Framework

Avoid data breaches resulting from lack of Cybersecurity defence. Ensure your AntiVirus and Malware detection definitions are up to date. Utilize spam filtering and other Cyber Threat detection to protect your business. Consider penetration testing to identify any weaknesses on your network. Also ensure your employees are periodically trained to identify and avoid malware and phishing schemes. If you have suffered a data loss due to Cyber attack, ensure you have a communications plan to notify all stakeholders and authorities within adequate time frames. Having a solid data protection plan including Cloud Backup can minimize your exposure and increase your recovery time.

Study Machine Learning to Combat Cyber Threat

Cybercriminals are using automation, artificial intelligence and machine learning to trick you and your employees to take the bait on phishing, ransomware and other cyber attacks. Why not fight fire with fire? Leading Cybersecurity suppliers  are pouring millions of dollars into research and development to embed Machine Learning to detect and combat Cyber threats. This Machine-to- Machine combat will evolve over time and soon combine with artificial intelligence (AI) to train your employees on how to identify and avoid these cyber attacks in the event your perimeter security is breached.

Cyber threat and related Cyber attacks are a top concern for many business owners. Staying one step ahead to protect your business network is a constant effort. Contact your technology advisor to find out more how you can close the door on cyber crime today.

Technology Trends for 2017

Technology Outlook 2017It’s that time of year when many businesses are setting goals and budgets for next year. This is a good time to reflect on the impact technology can have on your business. While Cloud Computing adoption remains strong, companies will increase migration from Public to Private Cloud and even migrate back “on premise.” Cloud adoption, digital transformation and streaming media will increase the demand for bulletproof networking. New technologies including SD-WAN will hit mainstream in 2017 to improve network performance in support of business requirements. Cyber threats will continue to keep business owners up at night with increased intrusions from ransomware and unplanned downtime from DDoS attacks. Here are a few takeaways to consider for your 2017 plan.

More Choices for Cloud Computing

In a recent study by the Computing Technology Industry Association’s (CompTIA), 43% of those using Public Cloud are expected to migrate to another Public Cloud Provider. For example, companies using Hosted Exchange may find themselves adopting Office 365 or Google for Work to keep current on the latest version of these communications and collaborations applications. The CompTIA “Trends in Cloud Computing” research also revealed 21% of Cloud usage will move from Public Cloud to Private Clouds. This scenario is driven by the need for compliance with industry regulations, including HIPAA regulations for health care and SOX compliance for Financial Services, among other business requirements.

Digital Transformation Will Emerge as Competitive Advantage for Business of All Sizes

Businesses will adopt new strategies for reaching new customers and servicing existing customers in 2017. These new strategies will fuel the need for digital transformation. Reaching new buyers through digital channels, along with automating customer service, order or fulfillment, and linking supply chains, will drive this digital transformation in support of new business strategies. Cloud Contact Center, Customer Relationship Management (CRM), Marketing Automation, eCommerce, and other customer-facing technologies will emerge as transformation enablers. Other technologies helping with administrative functions (including workforce recruitment and development) will help companies maintain competitive advantage and manage their growth.

Resolve to Bulletproof Your Network in 2017

In 2017 Business Networks will become a strategic advantage. Access to Cloud infrastructure, connecting remote offices, reliance on VoIP, Cloud Call Center and video streaming will all drive demand for high-performance networking. Technologies allowing wide area networking optimization, known as Software Defined Networks or SD-WAN, will become mainstream technology in 2017. Through simplified management and reliance on business class Internet, network performance is expected to increase while related costs are expected to decrease.

Security will Continue to Keep Business Owners Up at Night

The Gartner Group predicts demand for Security related to the Internet of Things (IoT) will be driven by 11 billion connected devices. Similar to adoption of mobile devices in the workplace, connecting “things” will create the need for additional security and proactive management. Additionally, Cyber Threats from malware and phishing schemes will continue, as will additional threats and downtime from Ransomware and DDoS attacks in 2017. Keeping your network running will be more complex and more important for the foreseeable future.

As you adjust your strategy to accommodate the rapidly changing business environment, consider how technology can influence your outcome in 2017. If you feel you need help with your 2017 technology plan, contact your technology advisor today.

Costs of Data Breaches Up 23% from Last Year

A new report from the Ponemon Institute, an organization that publishes the annual “Global Report on the Cost of Cyber Crime,” recently announced that the cost of a data breach has jumped 23% from last year. Here’s what your small to medium sized business needs to know about being prepared in case of a data breach.

The Data Breach by the Numbers

The report revealed that a data breach will cost a large company about $640,000. This price tag includes hefty costs, such as business disruption, information loss, and detection. The report also revealed that it takes a company an average of 31 days to recover, yet experts advise that the time to remediate from a breach should only be less than one week. Interestingly, small organizations have a higher per-capita cost than large organizations. So, what can your business do to be more prepared?

Have a Data Breach Incident Response Plan

An Incident Response is an organized approach to responding to and managing the aftermath of a security breach or attack. The goal of such a plan is to limit damage and reduce recovery time and costs. An Incident Recovery plan should include a clear-cut definition of what your company constitutes as an incident and a subsequent step-by-step process that should be followed carefully after an incident occurs.

Consider Hiring an Information Security Firm

If you contact an Information Security firm after a data breach occurs, your organization will have to pay more money and wait longer to recover. You may not be prepared to remediate and respond in time. Knowing who to call helps your organization avoid loss of downtime, loss of reputation and other potential damages. Investing in preventative measures in the possible event of a data breach is one of the smartest things your business can do to protect itself and its money. If you need help assessing your risk of data breach, contact your trusted IT advisor today.

Cyber Attacks in the News (Again)

Cyber Attacks are in the news again. Last week domain registrar Network Solutions suffered a denial of service attempt impacting the websites of their customers. Cyber attacks like this are high profile and always in the news. This raises the questions, are small business vulnerable to cyber attacks?

Small business are Targets of Cyber Attacks

Cyber Attacks are as likely, or more likely to occur on small businesses. Cyber attackers know small businesses may have less protection, thus making them easier targets for cyber attacks. Larger companies may have entire departments dedicated to cyber security. Harder to hack and quicker to detect, larger organizations may be tougher to penetrate and exploit with a cyber attack. Meanwhile, small businesses may have less protection against a cyber attack, leaving them more exposed and less likely to detect a cyber attack.

Small Businesses may be Less Resilient from Cyber Threats

Larger organizations not only are likely to respond quicker to a cyber attack, but have stronger brands and deeper pockets to withstand the impact of a cyber attack. When a cyber attack occurs there may be financial penalties for non compliance with industry regulations (e.g. PCI regulations). What’s more, the impact of a cyber attack may also cause loss of brand equity as a result of the negative publicity related to a cyber threat. In most cases a cyber attack may be too much for a small business to recover.

How do I Protect my Business from a Cyber Attack?

Consider contacting your IT Service & Support specialist to conduct an IT security assessment.  By performing an IT Security assessment you will gain a better understanding of  your internal security policies and procedures, exposure to vulnerabilities, adequacy of your internal security training plans and overall readiness to respond in the event of a cyber attacks.