When it comes to your business and its sensitive data, security is key. It’s up to you to ensure its safety and it’s imperative to have a plan of action in place BEFORE disaster strikes. If you don’t have a ‘plan B’ set up and ready to go, we highly recommend you take action now to create one.
Tech Tip #8: Create and implement a business continuity plan and have an emergency/incident management communications plan in place.
1. Implement a process for creating retrievable back-up and archival copies of critical information.
2. In the event of a disaster or other security incident, have a procedure for notifying authorities.
• Identify who should be contacted in the case of a security disaster.
• Include all contact information.
• Sort and identify all contact information by incident type.
• Make sure your procedure identifies who should make the contacts.
• Identify who will speak to the press/public in the case of an emergency or an incident.
Make sure your communications plan covers internal communications with your employees and their families, and ensure that all emergency procedures can be appropriately implemented, as needed, by those responsible.
Again, if any of the above points refer to you and your company, and you’re not currently implementing them, it is time to reconsider what you are doing to keep yourself and your company prepared to face any type of disaster that impacts your business.
Computer equipment and IT is constantly changing. It seems that once we update our systems, new technology is introduced, making our ‘new’ systems seem like ‘yesterday’s news’. With all the constant upgrading we do, we must give careful thought to the proper and safe disposal of our old equipment in order to keep our sensitive data protected.
Tech Tip #7: When disposing old computer equipment, be sure to protect against loss of data by implementing proper disposal procedures (i.e. by erasing old disks and hard drives).
Make sure your disposal procedures identify appropriate technologies and methods for making hardware and electronic media unusable and inaccessible (such as shredding CDs and DVDs, electronically wiping drives, burning tapes) etc.).
Next week we’ll be focusing on tips to make you consider how well you are prepared for Disaster Recovery.
Let’s talk about Cyber Security Controls
This year we are kicking off our tech tip series with weekly pointers designed to get you to think about different aspects of your current security such as:
Account and Password Management
Confidentiality of Sensitive Data
Security Awareness and Education
Compliance and AuditTech Tip #6: When it comes to information security, how you save, retrieve and even dispose of sensitive data is extremely important. Consider the following tips to help keep your information safe and private:
• Create a process for retrieving back-up and archival copies of critical information.
• Implement procedures for the disposal of waste material.
• Be sure waste paper is binned and shredded, and that your shred bin remains locked at all times.
Continuing along the lines of maintaining and managing the Confidentiality of Sensitive Data, this week we bring more tips for you to consider putting into place, if you haven't already!
Tech Tip #5: Implement a policy which will identify the retention of information (both hard and soft copies).
- Put procedures in place to deal with credit card information.
- Implement procedures which will cover the management of personal, private information.
This week, our tech tips are meant to help you begin to carefully consider how confidential you are keeping the sensitive data that is under your company’s control.
Tech Tip #4: Consider the following and take note of any that you are not currently implementing. Use these areas as the starting point for tightening up on your information security protocols or call us and we’ll help show you the way!
1. Classify your data! Identify sensitive versus non-sensitive data.
2. Exercise responsibilities which will help protect sensitive data under your control.
3. Be sure that the most valuable or sensitive data is encrypted.
Tech Tip #3: Put policies and standards in place to cover electronic authentication, authorization, and access control of personnel and resources to your information systems, applications and data.
Ensure that only authorized personnel have access to your company’s computers.
Require, and enforce appropriate passwords for all authorized users/employees.
Be sure that all your passwords are secure and not easy to guess. That they are regularly changed, and do not allow use of temporary or default passwords.
Make sure all your computers are set up so that others cannot view your staff when entering their passwords.
Remember, if you not currently implementing any of the above points, it may be time to revisit this and speak to your local IT company to help create a stronger account and password management policy for your organization. Again, these items are all scalable based on the size of your company and the number of employees.
Tech Tip #2: This week we focus on considering your existing Cyber Security Controls for Physical Security and access.
1. Implement policies and procedures that address allowing authorized physical access, and limiting unauthorized physical access, to electronic information systems and the facilities in which they are housed.
2. Put policies and procedures into effect that specify the methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring.
3. Make sure that access to your computing area is controlled (ie: single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges).
4. All visitors should be escorted into and out of controlled areas by authorized personnel.
5. Be sure that all your PCs are inaccessible to unauthorized users (e.g. located away from public areas).
6. Ensure that your computing area and equipment is physically secured.
7. Implement procedures that will prevent computers from being left in a logged-on state, no matter how briefly.
8. Set all computer screens to automatically lock after being idle for more than 10 minutes.
9. Make sure all modems are set to Auto-Answer OFF, so as not to accept incoming calls.
10. Implement procedures for protecting data during equipment repairs.
11. Make sure you have policies covering laptop security (e.g. cable lock or secure storage).
12. Have a current emergency evacuation plan in place.
13. Put a plan in action to identify areas and facilities that need to be sealed off immediately in case of an emergency.
14. Make sure all key personnel are aware of which areas and facilities need to be sealed off, and how.
Next, we will be raising some key points for you to consider about the Account and Password Management policies and standards you have set for your company. As you consider these tips, take note of any that you are not currently implementing. We encourage you to carefully review its applicability to your organization.
Remember, improving controls and implementing tighter security protocols can significantly decrease the potential exposure you face for falling victim to cyber threats and other vulnerabilities.
Tech Tip #1: This week, we start our analysis with a look at your Personnel Security.
Ask yourself the following questions when thinking about the security measures your company has in place, and keep in mind that these items are scalable to each individual company’s needs based on its size and number of employees:
1. Does your company require all staff to wear ID badges?
When it comes to Personnel Security, a good rule of thumb is to make ID badges mandatory.
Additionally, all ID badges should include a current photo of the employee.
2. Are there various levels and types of authorized access involved when it comes to your personnel (i.e.: employee, contractor, visitor)?
If your company has more than one level of authorized access, each level of authorization should be clearly identified on all ID badges.
3. Is there a security check for the credentials of all external contractors?
For the safety and security of your business, this should be a mandatory procedure. Be sure to check the credentials of anyone you are contracting to do business with.
4. Does your company have a background-check policy for all employees and contractors?
If your answer currently is ‘no’, it’s time to re-think that! Nowadays it’s crucial to know who you’re doing business with. Consider implementing a background-check policy for your business today.
5. When an employee or contractor’s employment is terminated, do you have a process in place to effectively cut off access to facilities and information systems?
The best answer to this question is ‘yes’. If your company does not have this type of procedure in place, now is the time to implement one!
As you review the above, take note of any answers that might reflect a “no” in regard to your company’s current situation. We strongly encourage you to carefully review its applicability to your organization! Improving controls and implementing tighter security protocols can significantly decrease the potential exposure you face for falling victim to cyber threats and other vulnerabilities.
The Holiday shopping season is upon us, and while many people ventured out to the stores on Black Friday to begin their shopping madness, many chose to stay home (or at the office) and ‘click’ the shopping season off on Cyber Monday - the official beginning of the online shopping season.
Today’s society seems to prefer to shop comfortably, and conveniently, from the warmth of their homes, the comfort of their couches, using laptops, tablets and cell phones. Some will shop from the train on their way to work. Others will shop from their offices, using the company’s high-speed connections.
No matter where you’re doing your online shopping, it’s imperative to take precautions. Otherwise what should be a happy season of celebration could end up with the Grinch who steals more than Christmas! Let’s kick off the holiday season with these safe online shopping tips:
Tech Tip #52: Oh, the weather outside is frightful – make online shopping at home delightful!
There’s no place like home, where you have a secure network connection! Be sure your network is safe and secure, and that you have a robust firewall in place. Especially when you’re transmitting vital personal information such as passwords and credit card numbers. If you’re using public Wi-Fi, it’s wise to refrain from making a purchase, but rather ‘window shop’ until you can have access to a secure connection. This doesn’t just apply during the holidays, but every day of the year.
The most important thing to remember whether shopping online or out in the public stores, is to use caution. If you are shopping on mobile devices, a great way to protect your device and data is to have mobile anti-virus software installed. If you want to find out more, contact us today.
Tech Tip #51: Shop ‘APPily’, and safely online
When shopping online via an app, be sure the app is downloaded from a secure and trusted source. Apps, when downloaded, will ask for ‘permissions.’ Read through the fine print to see what exactly the app is asking permission for, such as, is it asking for your list of contacts? That’s a red flag! Also, it’s wise to read through the comment section for feedback from other online shoppers who have shopped that specific site. Be sure to look for sites that have high ratings.
Tech Tip #50: Keep your devices safe in locked mode
The majority of people unknowingly leave their devices unlocked. By not locking your device, you’re opening the door of opportunity to thieves who might be able to ‘see’ (and steal) your personal information. By simply placing your device(s) in locked mode, using a password or code, you’ll keep your information safe and secure from prying eyes.
Tech Tip #49: Careful what you click on!
With all the emails you’ll receive this holiday season offering deals that seem too good to pass up, don’t let your excitement make you ‘click-happy’. It could be a phishing scam! Instead of clicking on the link in the email, type the full name of the website that is offering the ‘deal’ into your browser. Be sure you see the ‘https://” rather than ‘http://’ (without the ‘s’). If you see the ‘s’, that’s a sign that the site is ‘s’afe.
Plastic. It’s the way to pay in today’s society. With just a swipe of a card, or an input of numbers online, you can purchase anything - without ever touching a single dollar. But there’s a risk that goes along with every purchase. It’s called Credit Card (or debit card) Fraud, and unfortunately, it’s becoming more common. This month, we’ll share some tips with you on how to recognize and protect yourself from credit / debit card fraud.
Tech Tip #48: Keep your money safe and be careful where you use your debit card!
Using a debit card can be riskier than using cash, but if you absolutely HAVE to use one, it’s a good idea to set up several bank accounts to protect your money. Keep a minimal amount of funds in the account that is linked to your debit card and keep the majority of funds in a separate account. This way, if your debit card is compromised, the thieves won’t have access to ALL your funds.
Where you use your card can be dangerous. Especially at the gas pump! Gas stations typically put a hold on your account for up to four days. This can cause insufficient funds resulting in bounced checks. Then there’s online purchases. You’re better protected when you use a credit card. If you use a debit card and you don’t get your merchandise, you have little to no chance of getting your money back. If you use your debit card at the supermarket, ATM machines, and again, gas stations… watch out for skimmers! These sneaky devices copy and steal your card number and security PIN number, leaving the thieves with complete access to your account.
The bottom line is this: BE AWARE! Check your account statements every month and check your debit accounts daily! You owe it to yourself to keep your money where it belongs…in YOUR account.
Tech Tip #47: Understanding your rights if you are faced with credit/debit card fraud.
Once fraudulent activity is discovered, you should immediately notify your card issuer or bank and close the account. It should only take a few days to clear up the issue if any unauthorized charges are found, and those charges are usually reversed. Most credit card companies have strict internal fraud prevention standards in place and will not hold you liable for the charges made to your account.
Most of the time, fraudulent activity is investigated by the credit card provider or issuing bank when the amount is less than $2,000. For cases above $2,000, the local police will usually get involved…and in larger cases, the Federal Trade Commission may get involved.
By following safe credit and debit card practices, you can be sure to do everything you can to stay protected.
Tech Tip #46: Avoid debit cards. Use credit instead!
While debit cards appeal to card holders as a way of controlling spending, it’s the most dangerous way to make purchases. Yes, using a debit card will limit the amount you spend based on the amount of funds in your account, however, if thieves get a hold of your debit card or number, they’ll have access your entire bank account. When using a credit card, you suffer no immediate financial despair, and your money remains in your bank account until you pay your bill.
The plus side of using credit cards vs. debit cards is that credit card companies have protection plans in place that will offer immediate protection, whereas debit cards/banks can take several weeks to resolve the issue and there’s no guarantee that you’ll get your money back. Look out for next week’s tip where we’ll take a look at your rights when faced with fraud.
Tech Tip #45: Practice credit and debit card safety.
The best way to prevent credit/debit card fraud is to use your cards responsibly. By following these general credit card safety practices, you can protect yourself from becoming a victim of fraud:
- Keep all your cards in a safe place.
- Check your account statements and credit reports each month.
- Avoid auto-pay! This will ensure that you will look at your statements each month!
- Reduce the number of cards you have. The less accounts you have, the easier it will be to monitor your account.
- Sign all new cards as soon as you receive them….and use permanent ink! This will make it difficult for a thief to erase or sign over your signature if your card becomes lost or stolen.
- Avoid carrying your cards and cash together in the same wallet. By carrying two wallets, if one gets lost or stolen, you will still have the other.
- Report suspicious activity immediately.
- Don’t lend your card to anyone for any reason.
Tech Tip #44: Understanding what credit / debit card fraud is.
What exactly is credit / debit card fraud? Simply put, it’s the illegal and unauthorized use of your credit or debit card. When someone other than yourself gets a hold of your information and uses it to purchase goods without paying for them, or to withdraw funds from your account. It’s a type of theft which can lead to a larger scale of fraud if it goes unnoticed, such as identity theft.
The last thing you want (or need) to deal with is being the victim of credit card or debit card fraud. Awareness is key and knowledge is power, and with the holiday shopping season just around the corner, you'll need to be extra careful.
October is National Cyber Security Awareness Month, and we’d like to remind you that WHAT YOU CAN’T SEE, CAN HURT YOU.
It creeps its way into your system, takes control of your files, locks them up and holds them hostage…and if you want to get them all back, it demands ransom. ‘It’ is Ransomware, and its pretty scary stuff! This month, we’ll provide you with important tips that can help keep your network and data safe.
With Ransomware continually on the rise and running rampant in today’s cyber society, it’s critical for business owners to take serious action and implement preventative measures in an effort to avoid falling victim to an attack.
Ransomware can infiltrate your system by several methods. It can infiltrate a system via emails, using links or documents that appear legitimate; tricking the recipient to click on the link, opening the door to malicious codes that will lock your system up and encrypt your files.
So how can you prevent this from happening? Here’s this week’s tip:Tech Tip #43: Don’t pay that ransom!
When it comes to ransomware, we strongly advise that you do not pay the 'ransom' – remember you are dealing with cyber criminals, and there is no system of checks and balances. So even if they “say” they’ll give you the key to your data if you pay, it doesn’t mean they actually will. Besides, cyber criminals “talk” and paying the ransom once, makes you a likely candidate to pay it again (assuming you haven’t learned a valuable lesson the first time).
Again, the best thing to do if you get hit with Ransomware, or cryptolocker, is to leave your “bit-coin” in your pocket, take your computer off line, turn it off, and call your IT professional as soon as possible.
Tech Tip #42: Back up your data
It is critical to back up all your data on a daily basis, and do not overlook the importance of having a strong disaster recovery plan in place. Additionally, all the information on employee’s devices should be backed up daily as well (full system image backups can be performed on a routine basis, once or twice a month is typically adequate). Multiple copies of your data, documents, pictures, etc., can be saved to a secure, offsite location, or on a back-up drive or cloud storage such as One Drive, Drop Box, etc.
When plugging in external hard drives, or a USB, be sure to scan it for viruses (be wary of using “thimb” drives received from vendors or salespeople, they too can be compromised).
Tech Tip #41: Have an up-to-date Anti-virus software installed
Cyber criminals have become more sophisticated, and Ransomware exposes the vulnerabilities with today’s data security. Where there’s a will, there’s a way, and if someone wants to get in, they’re going to get in.
The key to securing and protecting your system is by using a multi-layered approach. A bare minimum would include installing a firewall and Anti-virus software. Make sure all Anti-virus software subscriptions are renewed BEFORE they expire. Be sure to install a good firewall, not simply a router. Activating the integrated Windows Firewall & Windows Defender is a good place to start, however a Security Subscriptions from a proven provider is always preferable. AVG, SOPHOS, WebRoot, Avast, Trend Micro and Panda are just a few of the providers that we recommend considering.
Keeping all software, operating systems and applications up to date is a good idea, however at times that can be problematic too. The more complex the system, the more susceptible it can be to an incompatibility with an update.
If you’re unsure as to whether or not your have the proper protection in place, give us a call. We’re happy to help.
Tech Tip #40: Educate your employees...and be careful what data they have access to.
Make sure all employees are trained to read all emails carefully and verify their validity before opening any attachments or clicking on any links, especially from unknown sources. If it looks suspicious, delete it, and make all other employees aware just in case they receive the same email.
Limit the amount of important data that your employees have access to. Ransomware is an inside job, meaning that once someone within the company clicks on a link and launches the ‘attack’, the malware takes on that user’s identity and encrypts the data. Keep access to the company’s most vital data limited to only those who need to access it.
Implement a communication strategy which will inform employees if, and when, a virus has infected the company network.
Keeping your network safe is your number one priority. It’s our priority too, and we’re here to help.
September is National Disaster Preparedness Month. Your data is important to your business, and you can’t afford to have your operations halted for days, or worse yet, weeks, due to data loss or corruption.
A disaster can happen at any time, on any day, and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster happen before you have a plan in place to handle it. This month, we’ll share some valuable tips you should implement right away, to make sure your business could be back up and running again in the event of a disaster.
Tech Tip #39 - Image your server.
Having a copy of your data off-site is a good idea, but keep in mind that all of the information has to be RESTORED someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications (like Microsoft Office, your database, accounting software, etc.) even though your data may be readily available. Imaging your server is like making an exact replica. That replica can then be directly copied to another server, saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations, or favorites. To find out more about this type of backup, ask your IT professional.
Maintain Your System. One of the most important ways to avoid disaster is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.
Finally, test your disaster recovery plan once a year. If you are going to go through the trouble of setting up a plan, then it pays to invest in hiring an IT professional to run a test once a month to make sure your backups are in working order, and your system is secure. After all, the worst time to test your parachute is AFTER you’ve jumped out of the plane.
If you’re not sure if you have a back-up recovery plan, or would like help implementing one, we’re happy to help.
Tech Tip #38 - Automate your backups.
If backing up your data depends on a human being doing something, it’s flawed. The number one cause of data loss is human error (people not properly swapping out tapes, someone not setting the backup to run properly, etc.). ALWAYS automate your backups so they run like clockwork.
Have an off-site backup of your data.
Always, always, always maintain a recent copy of your data off-site, on a different server, or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.
Have remote access and management of your network. Not only will this allow you and your staff to keep working if you can’t physically go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant should be able to access your network remotely in the event of an emergency or for routine maintenance.
Tech Tip #37 - Hire a trusted professional to help you.
Trying to recover your data without professional help after a disaster strikes, is business suicide. One misstep during the recovery process can result in weeks of downtime, or worse yet, losing your data forever. Be sure to work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you CAN restore your network), and experience in data recovery.
Implement a solid communications plan. If something should happen where your employees couldn’t access your office, e-mail, or use the phones, how should they communicate with you? Make sure your plan includes this information, including MULTIPLE methods of communication.
Tech Tip #36 - Have a written plan of action.
As simple as it may sound, just thinking in advance of what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back up fast.
At a minimum, your disaster recovery plan should contain details on what types of disasters could happen (i.e., hurricane, flood, fire, etc.) and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers, and username/password information for various key web sites.
Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that can get you back up and running sooner than later. Here, you may want the ability to virtualize your server, allowing the office to operate off of the virtualized server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper solutions. Consult with your IT team to find the right solution for your business.
Once your disaster recovery plan is written, print out a copy and store it in a fire-proof safe. Also, keep a copy offsite (at your home) and another copy with your IT consultant.
August is a hot month and cyber security is a hot topic! For any company that wants to protect the data that it stores, accesses and uses on a day-to-day basis, simple login credentials and passwords are no longer doing “enough”. Enter the age of Two-Factor Authentication (2FA) as an added layer of protection against cyber-thieves. Tech Tip #34 – Why arm your business with 2FA?
It’s clear that Two-Factor Authentication is a must have for savvy business owners that are looking to bolster their cyber security defenses.
But although 2FA isn’t new, it is certainly becoming more and more popular as a secondary measure to ensure your security. Remember that the more access points into your business that you can protect, the greater you are able to reduce the chances of a hacker hacking their way into your accounts.
Requiring multiple components to help confirm a user’s identity goes a long way to protecting your employees and your business. That's why 2FA makes good sense for your business.
Tech Tip #33: How Does 2FA Work?
If you add a 2FA feature, here’s a brief overview for how it works when you try to login.
1. You type in your username and password as usual.
2. You proceed to the next step, which will ask you for an authentication code.
3. You open the authenticator app to get the code.
4. You type the security code into the website, and you’re in.
Not to worry, most browsers will keep you logged in long enough to go through the process, and a few extra seconds on the front end to ensure your security on the back end is time well spent.
Tech Tip #32: So just how does 2FA protect your data?
2FA is a type of multi-factor authentication. It works by confirming a user’s claimed identity during login by running an extra verification check on the user attempting to log in with their username and password. With 2FA, a user will enter their username and password as normal.
But, to prove it’s really the account owner trying to log in, the user will then have to provide the “second factor”, which can be based on something you know, something you have and something you are (bio-metrics). For instance, using a PIN number, a security question answer or a password is something that you would “know”. Having the appropriate bank card details, or being able to confirm through your phone or having a security token would be something you “have”. Finally, something biometric, like a physical fingerprint, or facial recognition, a retina scan or voice activation would be something you uniquely “are”.
Adding any one of these elements can vastly improve the security of your accounts.
Tech Tip #31: So just what is Two-factor Authentication?
Two-factor Authentication (also known as 2FA) allows users to add an extra security layer to their login process. In addition to the initial login where you need to have your user name and password, 2FA requires that an auto-generated code is created and sent to you (typically on your mobile phone) that provides a unique security code which you then enter as part of your login credentials.
This type of multi-factor authentication helps protect valuable or confidential information by preventing unwanted parties from getting access to your accounts.
The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year. That number is growing rapidly as more businesses utilize cloud computing, mobile devices and store more information online. Tech Tip #30: Keep Your Network Up-To-Date.
New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office. Therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
If you are not under a managed IT plan or you are unsure if you currently are, contact us today to find out why this alone can be one of the best measures you can take to protect your network, your data, and your business.
Tech Tip #29: Require STRONG passwords and passcodes to lock mobile devices.
Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised.
Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.
Tech Tip #28: Create An Acceptable Use Policy (AUP) – And Enforce It!
An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls.
We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.
If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
Tech Tip #27: Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.
Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.
Make cyber security an important part of your corporate culture and keep your network and your data safe.
With phishing and spoofing emails on the rise, we want to help keep you safe in the inter'NET' of things. We’ve p:ut together some ‘phishing tips’ that are aimed to help you identify phishing, or spoofing, emails. Tip 26: Always have your guard up and don’t be so trustworthy when it comes to receiving emails.
Never click on attachments! A common phishing tactic is to include malicious attachments that contain viruses and malware that can steal your passwords, spy on you without you knowing it, and ultimately damage files on your computer. Unless you know the sender and you were expecting the attachment. DON’T OPEN IT! It’s a good idea to check with the sender (if you know the sender) to make sure the attachment is legitimate.
Phishers will try to reel you in by spoofing the header in the email address. Not only will they spoof the brand in the ‘from’ section, but they will also spoof it in the display name. Always be observant of the sender’s name!
Absolutely never give out any of your personal information. Legitimate companies such as banks, or the IRS, will never use email to ask for personal credentials – so be sure not to give it to them.
In conclusion, phishers are pros at their game. Be very skeptical when opening your emails. Simply because an email appears to have ‘real’ brand logos and a valid email address, and the language in the body of the email appears convincing, doesn’t mean it’s legitimate. If it looks the slightest bit suspicious, don’t open the email.
Tip 25: Look out for mistakes in grammar and spelling and watch out for threatening language!
Legitimate companies take their emails seriously. After all, their reputation is on the line. Always read through the email carefully, and if you find major spelling errors and/or poor grammar, steer clear of engaging in that email, and report anything suspicious.
Be wary of emails that include threatening or drastic language in the subject line. A common phishing tactic involves invoking a sense of fear, or urgency. If you receive an email which claims your “account has been suspended” or you had an “unauthorized login attempt”, beware! This could be an indication of a potential phishing attack.
Tech Tip #24: The way an email is addressed (and signed) can reel you in - ‘hook, line…and sinker!’
It’s a good idea to get in the habit of analyzing who (and how) an email is addressed. If it’s addressed vaguely to a “Valued Customer,” then your red flag should go up. Legitimate businesses will address their emails by using a personal salutation, including your first and last name.
Next, you should always look at the way the email is signed. Phishing emails generally lack details about the signer. If there’s no company information, and no indication of how you can contact the sender, there’s a good chance you’re being baited! A legitimate business sending a legitimate email will always provide you with their contact details.
Tech Tip #23: Be wary of the sender’s display name
One of the most popular phishing tactics used by cybercriminals is spoofing the display name of an email. Emails that arrive in your inbox using an address such as 'My Bank Account' <firstname.lastname@example.org> should indicate a red flag and shouldn’t be trusted.
These emails appear to be legitimate because the inbox will only show the display name as ‘My Bank Account’. But chances are, 'My Bank Account' doesn't own the secure.com domain. Therefore, never trust the display name and always check the email address in the ‘From’ section of the header. If it looks suspicious, don’t open the email!
Furthermore, if you look the email over, be sure not click on any links! You can hover the mouse over any links attached to the email to see if the address looks suspicious, and if you have the urge to test the link, simply open a new window and type the website address in full. This is much safer than clicking on links embedded in unsolicited emails.
Tech Tip #22: There are no bullet-proof cyber protection plans, and like many things, the best protection is prevention. However, nothing can take away the fact that the quickest key to getting back up and running lies in having a robust back up.
When you do, make sure that you take a multi-prong approach to your back up strategy that ensures that you have three copies of your data in two different places, and that one of those places is completely off-site from the other. This simple 3-2-1 rule will help you get back to business sooner than later in the case of a cyber-attack.
Tech Tip #21: When it comes to ransomware, prevention is the best defense. Make sure you have the following things in place, in addition to a robust back up system.
- use a multi-layered strategy for your IT security that include commercial grade firewalls and anti-virus
- spend time and money on user-training – most attacks are because of employer error, so teach your team how to spot bogus emails and teach them best practices for surfing the net and engaging in on-line correspondence
- make sure that your security software is updated regularly with all available patches, this will proactively help you keep new cyber threats at bay.
- use a multi-layered strategy for your IT security that include commercial grade firewalls and anti-virus
- spend time and money on user-training – most attacks are because of employer error, so teach your team how to spot bogus emails and teach them best practices for surfing the net and engaging in on-line correspondence
- make sure that your security software is updated regularly with all available patches, this will proactively help you keep new cyber threats at bay.
Tech Tip #20: Being the strong, silent type when you get hit with Ransomware is not really the best thing to do.
First, you are going to want to make sure you get all users that have reported being attacked, or that have been affected by the attack, off the network.
Once you have a handle on the cause of the infection (perhaps identified the phishing scheme or bogus email with malicious link), share an alert with other users to let them know what they need to watch out for. If there is anyone else outside of your company that needs to know about the attack, advise them as soon as possible. It's better to be pro-active than to find out you’ve been the doorway for someone else’s cyber-attack.
Tip #19: When it comes to ransomware, we urge you...Make No Pay Day for 'MayDay'! – remember you are dealing with cyber criminals, and there is no system of checks and balances. So even if they “say” they’ll give you the key to your data if you pay, it doesn’t mean they actually will. Besides, cyber criminals “talk” and paying the ransom once, makes you a likely candidate to pay it again (assuming that you haven’t learned a valuable lesson the first time).
Again, the best thing to do if you get hit with ransomware, or cryptolocker, is to leave your “bit-coin” in your pocket, take your computer off line, turn it off, and call your IT professional as soon as possible.
Tip #18: If you get hit with ransomware, you may not know it at first. Sometimes, the cyber creep that is hacking you, will work behind the scenes to encrypt a good deal of your data before letting you know that you’ve been attacked. Other times, they will not wait long at all, so in these cases you should be able to retrace your steps to figure out what triggered the attack. Either way, some questions to ask the ransomware “victim” are:
- Did you open a document that might have seemed odd, or different in some way?
- Did you click on and open any links or attachments in an email?
- Did you visit any websites that you typically don’t go to?
Once you realize something is wrong, the most important thing to do after an attack is to isolate the infected computer(s) as soon as you can. Taking the computer(s) offline by disconnecting them from the network will enable you to learn more about the attack and where you need to begin to fix the issue.
Remember to contact your IT professional. They can help you identify the encrypted files, and investigate how far the infection has spread. Getting help quickly is key, so act fast!
Tip # 17: If you really want the highest level of security, some secure messaging apps offer a self-destruct functionality. This function automatically deletes messages after they’ve been read. Depending upon the level of security you need, this might be an option for you.
It is important to note that no messaging application is completely foolproof, but savvy business users that are concerned about the privacy of their emails can certainly look into additional measures to limit any exposure. As we close out this month, remember that the internet is the gateway of communication for your company but it also opens your front door to hackers and cyber criminals to rob you of your data and compromise your business.
Let us know if you would like help finding a secure messaging application that can work for you and your team. We’re always here to help!
Tip # 16: When it comes to sensitive data, many of our clients (particularly accountants) are finding an added level of security by using a “Secure Messaging” platform. This helps tremendously in keeping sensitive e-mail communications protected when exchanging private info with clients and your internal teams.
Secure messaging encrypts your messages before they leave your device. Even if a message is intercepted, the encrypted messages cannot be read by anyone other than the intended recipient. Want the ultimate confidence that your data will not be compromised? Consider adding a secure messaging application today.
If you need a hand, we’re here to help.
This month we continue our focus and tech tips on updating network security.
Tip # 15: Each week, news stories remind us of the constant threats that exist. In business, our exposure is just too great to rely on a simple router that can be purchased at Best Buy or Staples.
As we review our client’s system performance we have seen a noticeable difference between our customers in terms of Internet threats and intrusions that have a firewall and those that have a router.
When it comes to potential cyber threats, clients that use commercial grade firewalls fare much better than customers who rely on a router.
If you are ready to upgrade your router to make sure that it is doing all it can to protect you, we can help.
Tip #14: Let’s face it, there is no rest for the weary when it comes to tax season, particularly for businesses and the accountants that prepare their taxes. The information you share with your accountant is just about as confidential as it gets, so April it is the perfect time to focus our tech tips on the value of updating network security.
If you own your own business or particularly if you own your own accounting practice, you must protect your assets and data as well as the personal and financial information of your clients.
Off the shelf routers from box stores are simply not robust enough to truly guard you against the proliferation of internet threats and intrusions. Upgrading your router to a commercial grade firewall provides vastly superior protection for today’s network and is an easy, cost effective way to safeguard your company while potentially saving you thousands of dollars in costs associated with data loss and downtime.
Tip #13: World Backup Day is March 31st – are you ready?
Here we share 7 more tech tips for winning backup strategies.
- You’ll want to make sure you have a solid baseline for subsequent backups, so make sure that your first backup is robust.
- When you run your backup you will want to make sure that all files and folders (and partitions if you are doing an image backup) are included. Make sure to include things like your calendar, your address book and the all important e-mail. When trying to see where these things are stored on your system, you will want to open the application and look for the option for “file-storage settings” to find out.
- If you really and truly want your data to stay private, consider using password-protection and encryption.
- You can always save some space by compressing the backup.
- Always make sure that the data has been copied correctly, so use the application’s “verify” function to do this.
- Rather than run the backup twice, create a second copy of the backup so you have two (in case one gets damaged. Remember in the future, you can save space and time by doing differential or incremental backups (this only backs up the data that has been changed since the last baseline backup).
- Lastly, never overwrite your original baseline backup, but feel free to overwrite any of the differential or incremental backups as you continue to create data.
Tip # 12: Here are some startling stats you should know:
- Only 25% of users frequently back up their files, yet 85% of those same users say they are very concerned about losing important digital data.
- More than 22% said backing up their PC’s was on their “To Do” list but they seldom do it.
- 30% of companies report that they still do not have a disaster recovery program in place, and 2 out of 3 feel their data backup and disaster recovery plans have significant vulnerabilities.
- 1 in 25 notebooks are stolen, broken or destroyed each year.
- Today’s hard drives store 500 times the data stored on the drives of a decade ago. This increased capacity amplifies the impact of data loss, making mechanical precision more critical.
Tech Tip #11: In the words of William R. Stanek, “Because data is the heart of enterprise, it’s crucial for you to protect it”.
We continue to concentrate on the importance of back up! Here we share the key causes for data loss.
o 78% Hardware or system malfunction
o 11% Human error
o 7% Software corruption or program malfunction
o 2% Computer viruses
o 1% Natural disasters
Simple anti-virus programs are not enough to keep you safe. The biggest issues are addressed by keeping your hardware and systems updated and by providing on-going user training. Both of these can help you greatly reduce the chances of data loss. A reliable IT provider should be able to provide this for you…we certainly do!
Tip #10: To avoid a major IT security blow, make sure to ask your IT company to provide you with a professional management and monitoring plan so that you are never scrambling to salvage your data if disaster strikes.
Here are some of the things that a professional management and monitoring plan can do for you and your data.
Proactively manage, maintain and monitor:
Your IT company should use monitoring software, 24x7/365, sending them an alert for system events that require attention. The benefits of having management and monitoring include:
- All server event logs
- Proper AV updates and activity
- Backup status: On-site & Remote
- Firewall activity
- Hacking and Spam Attempts
- Application services
- Other web-based support and reports
1) improved productivity (your systems will be consistently updated and working at optimal levels).
2) greater reliability (small issues can be identified and dealt with early on before they create larger issues).
3) significant cost savings (pro-active support is always less expensive and more consistently delivered than reactive).
Tech Tip #9: To Celebrate World Back Up Day (March 31st), we’re dedicating the entire month of March to data backup awareness. Each week we’ll provide you with valuable statistics, tips and information regarding the importance of backing up your data.
First, we want to share some startling facts.
Did you know that:
· Only 34% of companies test their backups and of those who do, 77% have found failures.
· 60% of companies that lose their data will go out of business within 6 months of the disaster.
· Over ½ of critical corporate data resides on unprotected PC desktops and laptops.
· The average failure of disk and tape drives is 100% - all drivers eventually fail.
Don’t allow your business to fall into one of these scary statistics. If you’re wondering if you’re doing enough to protect your data, you probably can use some support. Let us know how we can help!
Tech Tip #8: As no single or group of technologies can be 100% effective in protecting your network and your data, it is important that YOU also take an active role in your own cyber security. Safe computing practices and on-going staff training (on what to look for and what to look out for) are critical in minimizing your exposure to cyber threats. In the meantime, you will also want to:
Make sure that your IT service provider offers remote monitoring and has recommended this type of service to you.
Make sure you have asked your IT service provider to monitor your system off-site and as well as having an on-site backup.
Make sure that your IT service provider backs up your network BEFORE performing any upgrades or other types of projects.
Make sure that your IT service provider is based locally. The last thing you need is to have to deal with an outsourced tech-help hotline that is based in a foreign country!
Look for techs that maintain current vendor certifications, and that arrive on time and are dressed professionally. They should be courteous and never tell you that your problem is ‘not theirs to fix’.
Ultimately, your IT company should be committed to your satisfaction and take pride in making sure that you know that your technology is in great hands.
Tech Tip #7: It's week #3 of our 'What to look for in your IT provider' series. Your IT company should:Provide You With One Stop Shopping.
Your IT provider should have the experience, partners and resources to know exactly who to call when you are having a complex technical issue. So whether you have a problem with software, the network, your internet provider, your mobile devices, the printer, the copier, or your phone or security system, one call to your IT provider does it all.
Make Sure You’ll Be Ready.
When your technology runs smoothly and efficiently, so can your business. Make sure that your IT provider is offering you both routine and proactive service maintenance options that will enable them to handle any blip on your technology radar, ensure business continuity, data retention and quick response to disaster recovery.
Keep You in the Know.
Your service provider should be constantly educating and informing you about best practices or new cyber threats through blogs, newsletters and important updates on sneaky viruses, computer scams, and manufacturer support changes that can impact your business so you are always prepared and up to speed.
Tip # 6. It’s week two of our 'What to look for in your IT provider' series. Make sure that they provide the following:
Detailed Attention and Responsive Service. Your business doesn’t wait for you to catch up, so you shouldn’t have to wait for service. Make sure your IT company offers remote support services so that they can address your issues in real time and get you back up and running. Tech Answers in Plain English. Make sure that your provider speaks in another language than “Geek Speak” and can provide you with answers to your technical questions quickly, comprehensively and in a language that you understand.Budgeting and Forecast Accuracy. Your IT provider should be able to provide you with budget forecasts for your technical expenditures to help you plan for growth and to be prepared for upgrades, reliable maintenance, service and change.
Tip #5. Does your IT service provider insist on remotely monitoring your network 24/7/365?
Are they able to provide you with periodic reports showing all the updates, security patches and status of your network so you know for SURE your systems have been secured and updated?
Do they have back-up technicians on staff to help in case your ‘regular guy’ gets sick or goes on vacation?
Can they provide written documentation detailing what licenses you own, your user information, and all critical information? Your service provider shouldn’t be the only one with the ‘keys to your castle’!
Tip #4.Too many passwords to remember? There are password managers you can use that will enable you to manage the plethora of passwords you use. Do some research and find the one that works best for you.
Tip #3.Never use the same password twice, and don’t use the same password on shopping sites that you do for your banking or other sensitive sites.
...and remember, the FDIC does not insure losses resulting from debit card fraud…make a point today to change your debit card and never use it on line!
Tip 2. When creating a new password, get creative! Passwords need character! For instance, the number 1 can be used in place of an L. The @ symbol can be used for the letter a, you can use an ! instead of an l, 3 for an E, 5 for S, 4 for H…you get the idea!
Consider creating a phrase or use a word that has meaning to you but cannot be easily guessed.
So for example if your password is: baseballs123, make it B@53ba!!s!23 instead or you may want to use a phrase like I like golfing….1Likeg0lfing
Tip 1.For a strong password, use no less than 12 characters (16-20 would be optimal).
Include a combination of at least 1 uppercase letter, numbers and special characters, and remember to NEVER share your password!