Cyber attacks and data breaches are regularly in the news, and often come with a loss or exposure of customers’ data and a loss of reputation to the business. Large, well-known businesses are often in the headlines; small to medium-size businesses, however, are just as much at risk. Knowledge of cybersecurity practices has yet to keep up with new threats. According to CompTIA’s 2018 Trends in Cybersecurity report, “Businesses with fewer than 100 employees are far more likely than their larger counterparts to feel that their IT security is simply adequate or unsatisfactory. Without a deep resource pool to lean on, smaller firms struggle to address new facets of IT security.” To learn more about protecting your data, read on.
The Importance of Data Protection
When a cyberattack occurs, customer data can be either lost or get in the hands of cybercriminals. As a result, customers can lose trust in your company to keep their data safe, data that is generated through online interactions with your company. How do you protect this data, your relationships with your customers, and your company’s bottom line? Your business may also be subject to regulatory compliance, such as following GDRP, HIPAA or PCI-DDS. As ever, it’s important to keep antivirus and anti-malware definitions up to date and to monitor your network. Backing up data in the Cloud is also an option to consider. But just as important is to develop a culture of cybersecurity in your organization.
Develop a Culture of Cybersecurity
Managers and CEOs can set the tone for a culture of cybersecurity by emphasizing the benefits of data protection. Not only does it keep customers safe, it can keep employees safe, too. Educate your employees about every individual being an end-user, both at work and outside of work. Remind them of the importance of protecting their own data on social media, and how it’s easier to prevent a breach than repair the effects of one. The same goes in the workplace. Data protection can help keep the business running and keep employees working effectively without experiencing downtime.
Training employees doesn’t have to be a one-time event, nor does it have to be dull. Inventive executives can create incentives and rewards, such as the confidence that they are protecting the company and themselves or giving a prize to the first person to accurately recognize a phishing attempt.
Assess Your Current State of Security
A good place to start is to assess your current level of data security; an audit of your computing resources will help you know where you stand. Contact your technology advisor today to start on the road to data security.
The technology industry is working to patch two network security flaws known as Meltdown and Spectre Vulnerabilities. These hardware bugs can expose information being processed or stored in memory on your computer.
While there are no known exploits, malware or phishing schemes specific to these network security vulnerabilities, this reminds us of the importance of Network Security best practices to protect Windows PCs and Macs, as well as Android and Apple iOS Mobile Devices. While the industry rushes to patch these network security vulnerabilities, here are some considerations to protect your network.
Keep your Operating Systems Patches Up to Date
Make sure you install security updates for your operating system and applications. Apple (AAPL), Google (GOOG), and Microsoft (MSFT) have already released some patches. You can do this manually through automated updates, or subscribe to a managed service to keep your network current. Keeping your browser up to date will also prevent websites from attacking your processor to steal your password and other privacy data.
Don’t Forget Updates on Mobile Devices
The Meltdown and Spectre Vulnerabilities serve to remind us of the importance of keeping smartphones, tablet computers, and other mobile devices updated with the latest operating system and related security patches. Also, remember to download software only from trusted sources. Employers should remember to review acceptable use policies to ensure they are up to date and that employees comply with company mobile device acceptable use.
Train Your Employees on the Importance of Network Security
Your employees are on the front line of defense for network security. Through periodic education and training your employees will implement strong passwords and change them regularly. They will also be adept at identifying malware and phishing schemes to better protect your network.
Your network is the backbone of your technology infrastructure. Securing your network is a critical component of your technology strategy. If you have questions or concerns about your network security, contact your technology advisor today.
Last month’s blog provided information about ways to “Avoid Being Held Hostage by Ransomware.” Eight days later, on May 12, 2017, there was a global outbreak of the Wanna Cry Virus. With Cyber Threats on the rise, the importance of maintaining network compliance is top of mind with business owners and IT professionals alike. Industry compliance regulations, including PCI, HIPAA, and SOX, drive best practices in Network Compliance. However, most businesses today rely heavily on their systems to access Cloud Services, Voice, and Data Networks for mission-critical applications that run their business. What can you do to maintain network compliance?
Automate Your Network Administration
Keeping operating systems and network configurations up to date is a top priority for network compliance. Each device that connects to your network needs to have up-to-date operating system security patches, anti-virus definitions, and malware threat prevention in order avoid un- intended intrusion of your network. There are abundant tools and managed services to help your business stay up to date without adding to your internal labor cost.
Proactively Monitor Your Network
Monitor your network to identify any systems that are out of compliance. Proactive monitoring can also identify unauthorized devices connected to your network. You can monitor your network traffic to identify unusual use of network bandwidth. Aside from slowing down your systems, excessive bandwidth may be the result of a malware-infected device that is exploiting your network.
Documenting Your Network Security Controls
Achieving compliance with documented security procedures including password policy, systems maintenance, backup procedures, and compliance measures, is critical to following most industry compliance regulations. It is a best practice to update these procedures annually. Reviewing your Network Compliance policies gives your business an opportunity to stay up to date and serves as a reminder of the importance of maintaining network compliance.
Contact your Technology Advisor if you have questions about maintaining network compliance or other concerns regarding ransomware and other related Cyber Threats.
Ransomware, spyware, phishing schemes, and other Cyber attacks are commonplace in today’s world of technology. According to a recent article in Forbes, ransomware attacks grew at an accelerated pace in 2016 with reports of 638 million attacks, almost 200 times more than the number of ransomware attacks in 2015. Most experts agree that Ransomware attacks will continue to occur–so what can you do to avoid being a ransomware hostage?
Not All Ransomware is Created Equal
Before you panic, find out what type of Ransomware you are up against. Scareware is a type of Ransomware that tricks you into thinking you have a bigger problem. A simple scan may quickly remove the pop from your browser cache and get you back on your way. Some ransomware is truly nasty — your entire system may be encrypted, meaning you will need to wipe your system and start over if you have a good backup. Otherwise, you may find yourself hostage to the cybercriminals to unlock your data.
An Ounce of Protection is Worth a Pound of Ransom
Data protection is an important element in minimizing the impact of Ransomware. Make sure your network security is fully compliant. Backup your data, update your antivirus definitions and make sure your security patches are up to date. Consider using Cloud Backup, Security as a Service, and Managed IT services to keep your network up to date. Having a strong offense to avoid ransomware is your best defense.
Don’t Forget the Human Element
Train your employees on a regular basis on the importance of staying vigilant against Cyberattacks and how to avoid being a hostage. There are many resources to get training for your team. Periodic updates about threats and security procedures serve as a reminder to your employees to ensure they adhere to best practices.
If you need security training or are interested in a review of your network, security vulnerability, or other technology infrastructure, contact your Technology Advisor today.
Defending against Cyber threats is no easy task. Understanding the risks and designing a defense strategy are important steps in protecting yourself from Malicious actors and Cybercriminals. Staying current on Operating System and Application Patches, Restricting Network Access, and maintaining antivirus and malware protection are known ways to protect your network. Employee awareness and education on how to identify threats, and the importance of adhering to policies, also bolster your defense against cyber attack. If you’re not convinced, review the following Cyber threats you need to protect against.
How Malicious Software (Malware) Works
Malware is self-propagating software designed to infiltrate your network. This software can come in the form of a worm that will infect your network via your router via your Internet Protocol (IP) address. If it doesn’t find a hole in your network it may automatically update to scan for the next sequential IP Address, infiltrating and corrupting networks as it goes along. Avoid Malware by proactively scanning your network and keeping your network in compliance.
Why Phishing Could Put You Out of Business
Every year, millions of SPAM emails are sent to unwary recipients with the hope of collecting private and personal information including, account/password, privacy data and other information that can be exploited for profit. What’s more, Phishing is a popular way for Cybercriminals to distribute Ransomware, a form of malware that holds your systems hostage in exchange for payment. In the event of a data breach, your company may need to disclose the impact to customers and other stakeholders. In addition to ransom and legal fees, your company’s reputation may be on the line. Email protection and web content filtering are ways to protect against phishing schemes. It is also important to train your employees in how to identify and avoid these types of attacks.
Distributed Denial of Service Attack (DDoS)
Think of a Distributed Denial of Service Attack (DDoS) as a flood of system-generated traffic attacking your business infrastructure, designed to take you offline from the Internet. Hackers may try and extort your business or use DDoS in retaliation. Many Cloud Providers have excellent resilience and redundancy to defend against DDoS. If you rely on your own infrastructure, be sure to monitor for unusual activity and have a plan for failover in the event of a DDoS attack on your business.
Cyber attack threatens businesses large and small. Planning and network protection, combined with training, are your keys to defending against unintended data loss and business interruption due to Cyberthreats. Contact your Network Security specialist to find out what you can do to prevent a Cyber attack on your business.
It is no surprise, technology flattens the world for many businesses. What’s more, nearly every business sector finds it necessary to collect, maintain, analyze, and monetize user data. Many think Cybersecurity risks only apply to highly regulated industries, such as legal, healthcare and financial services.
Cybersecurity Risks Go Beyond Borders
Factors outside industry, including geographic considerations and sensitive consumer data, can create cybersecurity risks that need to be managed. These factors run the gamut of domestic and international laws, regulatory bodies, and private-party business agreements. Cybersecurity compliance can touch every business to some degree.
Internet of Things (IoT) and Cybersecurity
Adding to the list of concerns are non-traditional technologies entering your businesses network. IP-enabled technology called Internet of Things (IoT) is rapidly being adopted in the workplace. The Cybersecurity threat is moving beyond desktops, laptops and services. A new generation of mobile devices–Point of Sale (POS), IP video surveillance, embedded sensors, VoIP, and others–is just the first wave of emerging technologies that need to be secured.
How to Minimize Cybersecurity Risks
There are many things a business can do to reduce Cybersecurity threats. According to the Computing Technology Industry Association (CompTIA), the following elements are the building blocks for a cybersecurity program:
Documented policies, procedures & standards
Identity & access controls
Physical & environmental security
Cybersecurity threats are a reality of today’s world. The risks of data compromise and/or loss can cost more than dollars; such risks can cost your reputation. Your business is only as secure as your Network. If you have questions about your business needs, ask your technology advisor about how to manage Cybersecurity threats to your business.
Ransomware is a type of malware designed to block access to your computer until a sum of money is paid. Ransomware issues have impacted many individuals with home computers; however, it is only a matter of time before this malicious software attacks business. Starting with Cryptolocker in 2013, Ransomware exploits have become increasing sophisticated and have cost individual companies thousands of dollars in ransom.
Here are some tips to take to help your business avoid being held captive by Ransomware.
Backup to the Cloud to Recover from a Ransomware Attack.
An inadequate backup strategy without real-time backups or offsite backup could hamper your ability to recover from a Ransomware attack. Being able to recover data from your Cloud Backup could get your systems up and running in a hurry, avoiding the need to pay ransom.
Keep Your IT Assets Up to Date and in Compliance
If your systems get behind in operating system and applications patches and updates, you may create a security hole that can be compromised by Ransomware. Many managed security and managed service offerings include proactive management and delivery of these important updates so your network will not be held hostage by ransomware.
Training Your Employees to Detect and Report Ransomware
Your employees are your front line of defense when it comes to your systems security. Make sure your employees know how to identify a phishing email and understand the risks of opening documents and attachments (including unfamiliar file extensions or .exe file formats) from unauthorized sources. Ensure your employees understand what Ransomware is and how it can impact your company’s productivity and drain financial resources. Make sure employees are clear on procedures to quickly report any security breach to avoid widespread distribution of a Ransomware attack.
To avoid unnecessary downtime and costs associated with Ransomware, it is important to proactively protect your computer systems. If you have any questions about steps to take to avoid Ransomware in your organization, contact your trusted technology advisor.
Your business relies more and more on healthy network infrastructure. Migration to Cloud, Compliance and IT Security all fuel the case to proactively monitor your network health. By proactively scanning your network, you can identify bottlenecks and other irregularities that could impact your network performance and network security. Identifying network compromise in advance will save your business time and money in the long run.
Here are some considerations of what to proactively monitor on your network and why:
Monitor Your Network Performance
Network performance monitoring may identify a number of issues impacting your employee productivity. In some cases it may be a hardware failure (network switch or router) that is causing intermittent outage. Data-intensive applications (e.g. remote backup, call center or VoIP) may need optimization to improve overall network performance. Regular proactive network monitoring will identify these issues that can easily be remediated to avoid any unnecessary downtime, loss of employee productivity, or other failures such as dropped calls and failed backups.
Monitor Your Network Access
A periodic scan of devices attached to your network will identify any unauthorized access to your network. You may identify devices including desktop, laptop and mobile access from terminated employees, unauthorized access on your wireless network, and other potential compromises to your network. A regular scan of your network helps you stay in compliance and avoid any security compromise.
Monitor Your Network Utilization
By monitoring your network utilization, you may identify usage patterns impacting your overall network performance. Social media and streaming technologies can chew up your company bandwidth. By monitoring your utilization you may need to implement internal policies on use of streaming and digital media to free up bandwidth for mission-critical services.
Monitor Your Network Security
Your network is as strong as its weakest link. Periodically monitor your network endpoints to ensure Operating System patch, Antivirus and Malware definitions are all up to date. One device out of compliance could be infected and compromise your entire network.
Proactive Network Monitoring is a healthy best practice that saves you money and time while reducing business risk. If you are unsure of your network health or need to know more about network monitoring contact your network specialist today.
How secure is your network? A recent study by CompTIA links human error as the primary cause of security breaches. In fact, human error is at fault 58 percent of the time, as compared to technology error occurring 42 percent of the time. This survey of over 1500 business and technology executives points to the need to teach staff the importance of Network Security.
Continue reading Findings Link Network Security to Human Error
Security is always top of mind with businesses migrating to the Cloud. Cloud Services are rapidly being adopted by most businesses today. According to IDC, the worldwide public cloud services market reached $45.7 billion in 2013 and is projected to grow at a compound annual growth rate (CAGR) of 23% through 2018. Cloud Security is an important consideration for businesses migrating to the Cloud. So, what are the top security concerns businesses face?
Top Cloud Security Concerns
CompTIA’s Ninth Annual Information Security Trends study identified system downtime/business interruptions, exposure or loss of data during file transfers to the cloud, and concerns over encryption of data (either transactional or at rest) as the top three issues identified by business owners and IT Professionals. In addition, respondents raised concern over complying with legal/regulatory requirements. What can a business owner do to migrate securely to the Cloud?
Cloud Security and Compliance
Most experts agree, start by understanding your Cloud Security requirements. If you have regulatory requirements, a Private Cloud solution may make it easier to comply with standards including HIPAA and PCI. However, this doesn’t mean you are more secure. Beyond encryption, having a solid strategy for using the technology in your organization is a key factor in Cloud Security.
Employees: Key to Tackling Cloud Security
Your employees may be your biggest threat to Cloud Security. Without the proper training, your employees may access your company’s Cloud Services from unsecure devices. This could cause security breaches and data leaks of privacy information. What’s more, it is important to control the adoption of Cloud Services within your business to help mitigate Cloud Security risks. Proper policy, training, and guidelines create awareness and educate your employees about Cloud Security Risks.
Other Cloud Security Factors
IoT (Internet of Things) presents a new risk to Cloud Security. Smart devices including TVs, appliances, office equipment, and other devices that collect and transmit data across the Internet, can cause exposure to your overall security. Research firm Gartner predicts that the IoT market will grow to 26 billion units installed by 2020. Proper network security and encryption is a first step in reducing this emerging security risk.
Migrating to Cloud Services provides many benefits to business of all sizes. Making the leap to Cloud Computing can be done securely with the proper planning & guidance. Reach out to your technology solution advisor to get help tackling Cloud Security.