Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

VT Logo header logo wrap shape

VT Logo header logo wrap shape

Award-Winning Dallas-Fort Worth IT Services.

Questions? Call (817) 595-0111

inner banner overlay

×

Error

The CEGCore2 library could not be found.

VersaTrust Blog

VersaTrust has been serving the Texas area since 1997 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Protecting Your Business Mac Computer from Cyber Infections: Tips to Know

Tips to Protect Your Mac Computer from Cyber Threats

Mac computers have an excellent reputation when it comes to cybersecurity, but they can still be targeted. Find out about protecting your Mac from threats.

Mac Cyberattacks

Malware, ransomware, phishing—the cyber threats on the internet abound, and these threats are generating an astounding cost to the people who rely on computer systems to do business. To date, the cost of cyber infections has racked up billions of dollars in costs to unwitting business owners, some of which thought they were protected. Even though Macintosh (Mac) computer systems are highly regarded for their security, they are still at risk. Here are a few tips you should know.

1. Keep your Mac properly updated.

Without a doubt, one of the biggest reasons Mac computers fall victim to a cyber-attack is because they are not updated as they are meant to be. The developers of the Mac operating systems, whether it is one of the older Mac OS versions or something more modern like Mojave, send out frequent security patches as new updates. If you have automatic updates turned off or do not take the time to update your computer manually, you could easily miss an important line of defense.

2. Use good security programs on your business Mac.

Just because you have a Mac that has a stellar reputation for protecting itself against cyber threats, it does not mean that you should not go a step further and install a good security program. These software programs are designed to catch all those things that get past the existing Mac firewalls and security defenses.

3. Keep your Mac free of unnecessary programs.

Every user has them—those unnecessary programs that are really not used often enough to be counted as valuable or useful. These unnecessary filler programs take up valuable space on your Mac computer and slow it down. If the system is already slow, it can make it harder to recognize when something is awry and something fishy is going on. Plus, the more unnecessary programs you have that you never use, the easier it is for malicious software to latch onto something and set up shop on your computer because you will never see it.

4. Get educated about the biggest threats to security on your Mac.

Knowledge is a powerful defense tactic no matter what type of computer or OS it is that you rely on as a business professional. You should take the time to familiarize yourself with the biggest MAC cyber threats and the types of cyberattacks most often occurring today. You should familiarize yourself with things like:

  • Phishing and how phishing attacks are carried out as well as how to avoid them
  • Ransomware and how it gets latched onto your Mac system
  • How to avoid things like malware that get attached to legitimate software

Whether you use your Mac for everyday tasks and projects at work or you have a system of Mac computers utilized by multiple employees and users within your organization, it is critical to protect your business Mac computers properly. Work with a managed IT service company to implement the best security measures and negate Mac cyber threats.

Continue reading

What Are Your Company’s Responsibilities Following a Data Breach?

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

Cyberbreach Marriott

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

How Did Marriott International Employees Fall Victim to a Data Breach?

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

Why Did Marriott Have a Difficult Time Finding Victims?

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

What Are Your Company’s Responsibilities in Case of a Data Breach?

The FTC recommends following these steps, some of which are legally required.

Secure your Operations

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

Fix Vulnerabilities

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

Work with forensic experts to track to determine what records were at risk.

Notification

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.

Continue reading

Stop Hackers Cold: Eliminate These Common Entry Points

Weak Points in Cybersecurity Hackers Love

Do you know where hackers are most likely to gain access to your private data? Discover the favorite entry points and how you can stop them.  

Cybersecurity Threats

It seems like every week that there are reports of another massive data breach hitting the news. The number of users affected is almost unimaginable. Cybercriminals accessed 983 million records at Verifications.Io and 885 million records at First American Financial Corp., alone. Its scary stuff, but what’s even more terrifying is the majority of compromised companies never show up in the papers.

During the first half of 2019, there an average of 30 data breaches per day. So, how are hackers stealing so many records so quickly? They have their ways.

Four Places Cybercriminals Love to Steal Your Data From

1. Old Websites. The internet is a graveyard of abandoned and unprotected half-built sites which are the favorite hunting grounds for hackers who are on the lookout for easy and virtually risk-free hacking opportunities. Although it is true that most of these sites contain nothing more than a few email addresses and dummy accounts, every so often, a cybercriminal can strike goldmine. On occasion, legacy and demo sites for large businesses are still connected to the company’s servers and provide a nice backdoor to confidential data.

You can protect your business by completely removing old sites from online and limiting which sites have access to your servers.

2. Free Code. Many sites offer free code snippets that you can use for free on your website. All you have to do is download it and you can save hours of time and thousands of dollars. Good deal, right? Well, have you ever heard the Japanese saying, “There is nothing more expensive than something free?” When it comes to the code for your website, it is a motto you should take to heart. Using someone else’s free code for your company’s website could be the most expensive mistake you ever made. While clean, secure codes for free does exist online, the majority of what you will find is usually poorly written, and as solid as a sieve.

Stop hackers from using embedded backdoors in public code by not using it for mission-critical websites.

3. Unsecured Cloud Storage. Everyone is talking about the benefits of cloud computing and cloud storage, and it seems like businesses can’t wait to make the jump to working on the cloud. But before trusting your company’s confidential data to any third-party cloud storage solution, you better make sure the vendor has tight security. Many big-name companies like Facebook and Microsoft forgot to ensure their third-party vendors had the proper security, and the results were embarrassing and costly data breaches.

Carefully choose who you use for outsourcing and take an active role in protecting your data, even if it is hosted on a third-party’s server.

4. Unprotected APIs. Does your business use custom apps that utilize APIs? If the answer is yes, you may be exposing your confidential data to hackers without knowing it. While in-house app developers spend a great amount of time safeguarding your app itself, from exploits, the APIs you are using from an outside developer to power your app may be a gaping hole in your defense.

Review the end-user agreements for the APIs you use and conduct penetration tests to check for vulnerabilities.

In the end, protecting your data and the confidential information of your customers falls on your shoulders. No one can be perfect when it comes to online security, but every single business can do better.

Continue reading

Want To Drastically Enhance Your Small Business Cybersecurity?

No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.

When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.

Cybersecurity Small Business

No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.

Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.

Use A Firewall

Your firewall is your first line of defense for keeping your information safe.

A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

A firewall inspects and filters incoming and outgoing data in the following ways:

  • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
  • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
  • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

Train Your Staff

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.

So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?

If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.

They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.

How Do I Train My Employees For Cyber Security?

A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use business technology without exposing data and other assets to external threats by accident.
  • How to respond when you suspect that an attack is occurring or has occurred.

Strengthen Your Passwords

Passwords remain a go-to tool for protecting your data, applications, and workstations.

They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.

That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.

There are three categories of information that can be used in this process:

  • Something you have: Includes a mobile phone, app, or generated code
  • Something you know: A family member’s name, city of birth, pin, or phrase
  • Something you are: Includes fingerprints and facial recognition

Protect Mobile Devices

Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:

  • Require password protection and multi-factor authentication for mobile devices.
  • Deploy remote access software that allows you to locate lost/stolen devices, and remotely wipe their data if need be.
  • Develop a whitelist of apps that are approved for business data access.

And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.

Manage Account Lifecycles And Access

This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.

  • Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
  • Implement secure configuration settings (complex passwords, multi-factor authentication, etc.) for all accounts.
  • Implement controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity

Protect Your Wireless Networks

Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.

  • Turn off broadcast so that your SSID is not available for others to see.
  • Use WPA2-Enterprise security, which forces per-user authentication via RADIUS for access.
  • Double-check your radio broadcast levels at default to make sure they don’t extend outside your building.
  • Create a Guest Network that’s segmented and has a limited bandwidth so that those visiting your building don’t have any chance of access to your data.
  • Monitor your network, and log events to track any activity by your employees and other contacts with network access.

Limit Unnecessary Physical Access

Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.

It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.

  • Keep business devices under lock and key when not in use.
  • Maintain a detailed inventory of who has authorized use for specific business devices.
  • Don’t leave the login information on a sticky note on the keyboard of the device.

Follow Payment Card Best Practices

If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.

  • Work with banks and other financial industry contacts to make sure you’ve implemented the right cybersecurity tools and anti-fraud services.
  • Double-check your compliance requirements for FINRA, GLBA, and SOX.
  • Segment networks involving a point of sales and payment systems from any unnecessary aspects of your IT infrastructure. No unnecessary software or web access should overlap with these systems.
Continue reading

Should You Worry About Facebook Identity Thieves?

Tips for Avoiding and Reporting Facebook Identity Theft

Financial fraud and access to confidential business data rank among scammers’ reasons for setting up fake profiles in Facebook identity theft schemes.  

Elite Business Group

Right now, hundreds of people could be viewing your photos on Facebook — on an account that doesn’t belong to you. In recent years, Facebook identity theft has become a significant problem, leaving victims struggling to reclaim their rightful identities on the social media platform. What do you need to know, and how can you protect yourself?

Reasons Behind Facebook Identity Theft

Imagine receiving a sudden flurry of messages from friends and family members alerting you that someone is posing as you. After the initial shock, you might wonder why an individual would go to the trouble of setting up a fake profile that uses your name and other identifying details.

As banks and other financial institutions have become better at spotting fake identities, scammers have turned to using the identities of real people for a variety of purposes, including opening lines of credit and draining bank accounts. Setting up a Facebook profile can be one step in establishing ownership of an identity — especially if the scammer can manage to get the real identity owner locked out of their account in the process.

How Can Your Job Make You a Target?

In addition to financial fraud, prospective scammers often have another goal in mind when they target specific individuals: access. Facebook identity thieves may target people in certain jobs — including CEOs, IT directors and human resources managers — because of their valuable access to data, people and financial resources.

By posing as a key executive in an organization, an identity thief may hit the jackpot by gaining access to computer systems that hold confidential customer data, employee Social Security and bank account numbers, or proprietary information. Scammers may set up a fake profile in your name as part of a social-engineering scheme designed to persuade your Facebook contacts to turn over information or access.

Steps for Preventing Facebook Fraud

To help lock down your Facebook account and prevent identity theft, consider adjusting your privacy settings to control who can view your photos and posts. Allowing everyone — or even friends of your friends — to see your information can make you vulnerable to identity theft.

Avoid accepting friend requests from unfamiliar people, and use caution when posting photos; think twice before posting images that include your driver’s license or other documents with identifying information. In addition, consider setting your profile to unsearchable.

What if someone has stolen your identity on Facebook? If you receive a friend request from someone who already is on your friends list, you may be the victim of identity theft. You should take immediate action by reporting the suspect profile if you discover that someone is using your name, photo or other identifying details. In the event that an impostor reports your account as fraudulent and has you blocked, you may need to ask a friend to report the incident for you.

Continue reading

Cybersecurity Essentials for Business

Cybercrime is on the rise, and every business must have cybersecurity protocols in place. Read on to learn what steps you need to take to keep hackers at bay.  

Cybersecurity Business

Cybersecurity is a vital pillar of modern business. Hackers are shifting their attention to smaller enterprises, and data breaches can cost you time, money, and the trust of your customers. Below is a checklist of cybersecurity practices you should employ to minimize your risk of being hacked.

Use a branded email account

A branded email account exudes professionalism and gives you more control and security options than a free email service. Invest in an email provider that has the features you need, and make sure that your employees use only their business email to communicate with team members, customers, and business partners.

Keep software up to date

From operating systems to individual apps, it’s vital to install software updates in a timely manner. Outdated software may contain vulnerabilities that hackers can exploit. Rarely, an OS update may cause issues with certain programs, which brings us to our next tip.

Back up your data

Even the most comprehensive cybersecurity plan has its faults, and you’ll want a way to recover your data if the worst happens. Back up your data on a regular basis to an onsite and/or remote server. Consider investing in cloud storage or automated data backup solutions.

Educate and train employees

To maximize your company’s cybersecurity, you’ll need everyone to be on board and well-versed. Work with your IT team to design a versatile training program that caters to multiple learning styles. For example, you may have a bulleted presentation with concrete examples and a hands-on practice session. The program should teach employees daily security habits, signs of phishing, and what to do if they suspect a data breach.

Monitor all activity on your network

Data breaches can occur externally or internally, 24/7. A managed services provider (MSP) can monitor when devices connect to your network and what files are being accessed. Large data transfers or odd access times may point to a security risk.

Implement layered email security

Phishing is one of the most prolific tactics hackers use to steal data. By pretending to be a co-worker, supplier, or another person of trust, a hacker may send a malicious attachment or link to an infected website. When the victim opens the file or link, the system becomes infected with malware that may log keystrokes or encrypt files with passwords known only by the hacker. Using tools such as DKIM (DomainKeys Identified Mail), DMARC (Domain-Based Message Authentication, Reporting, and Conformance), and SPF (Sender Policy Framework), you can greatly minimize email vulnerabilities.

Manage accessibility and user permissions

It’s important to manage who can access certain files. By setting user permissions, you can grant or deny user access to certain documents. This helps prevent employees from sharing sensitive files with people outside the company or accidentally modifying a report. You’ll want to update these permissions when employees leave the company to prevent remote access.

Set password requirements

Weak passwords are a major vulnerability, especially if a hacker has done research on the account owner. Passwords should be at least eight characters in length and contain a combination of upper and lower case letters, numbers, and symbols. You should also mandate that all employees change their passwords at least

Use multi-factor authentication

Multi-factor authentication (MFA) uses multiple layers of identity verification in conjunction with the traditional username and password requirement. These might include security questions, a retinal or fingerprint scan, randomly generated PIN sent to the user’s mobile device, or a physical token that only the rightful owner of the account would have. The more layers present, the lesser the risk of a hacker getting through.

Just like the technology behind it, cybersecurity is constantly evolving. Whether you have an in-house IT team or an MSP you can trust, it takes teamwork and vigilance to keep your data safe and your customers confident in your business.

Continue reading

5 Cyber Security Statistics You Need to Know For 2020 and Beyond

Cyber Security Statistics You Must Know to Keep Your Company Safe

Cyber threats are constantly evolving. Here are 5 critical cybersecurity threats that you need to know to develop a strong strategy to keep your company safe.  

Cybersecurity 2020

Cybersecurity is more of a struggle for businesses every single year. With the number of data, users, and systems constantly growing, there are more points of attack and a greater prize for nefarious users. This is why new threats emerge on a practically daily basis.

In order to keep yourself and your company protected from these evolving threats, you must stay updated on the latest threats and trends. To help you get a better idea of the current state of cybersecurity and why it’s important to stay constantly vigilant, here are five of the most important current cybersecurity statistics:

1. New Ransomware Attacks Occur Every 14 Seconds

Ransomware attacks can be costly and put your valuable data and systems at risk. Unfortunately, experts estimate that a new ransomware attack happens every 14 seconds. That’s an average of over 25 attacks per hour and 100 per day! If you aren’t actively working to deter ransomware attacks, you’re bound to be a target sooner rather than later.

2. Almost Half of All Cyber Attacks Target Small Businesses

Many people think of cyber attacks as something that only major corporations need to worry about. After all, they’re the ones with the most valuable data. However, these businesses typically take a lot more effort to infiltrate. As a result, 43% of all cyberattacks target small businesses. These businesses are across all industries and sizes, proving that nobody is entirely safe when it comes to cyber threats.

3. Cyber Security Spending is Growing Massively

By the end of 2021, it’s expected that over $1 trillion will be spent on cybersecurity globally. Unfortunately, not all of those dollars are being spent very efficiently. In order to truly combat cyber threats, you must develop an all-encompassing cybersecurity strategy. That means spending on the right technology, but also training your employees on how to identify and protect themselves from cyber threats, and how to react in the case of an emergency.

4. Data Breaches Can Take Over Six Months to Detect

On average, some companies don’t even know that there has been a data breach for six months. By then, the damage has been done over and over again. This doesn’t take into account the amount of time required to actually identify the root cause and resolve it.

5. Average Cost of a Cyber Attack is Massive

As attacks become more sophisticated and user data continues to grow in value, the actual cost of a cyber attack is rising rapidly. In 2019, it’s now estimated to be over $1.6 million! If your business is smaller or just getting started, a single successful attack could put you out of business. There’s no bigger threat facing your company today.

Clearly, developing a strategy for comprehensive cybersecurity is a task that all businesses must take special care with, no matter how big or small they are. As the digital world continues to grow in scope, the threats will continue to grow as well. Keep the cybersecurity statistics above in mind as you develop your own strategy and work to stay a step ahead of the threats and hackers.

Continue reading

Proven Ways Not to Lose To Ransomware

Don’t let your small or medium business fall victim to ransomware. Make sure your data, network, equipment, and employees are safe from ransomware attacks.  

Watch our video below to learn all about ransomware and please feel free to share with your staff and social media networks.

October is Cyber Security Awareness Month. You may have heard about ransomware attacks on school districts, hospitals, and government organizations. Over 20 U.S. cities were targeted by ransomware attacks between January and July 2019. The cost to the city of Baltimore alone was more than $18 million between lost city revenue and repairs to the city’s computer network. Ransomware attacks on cities, schools, and hospitals are serious, but 71 percent of ransomware attacks target small and medium businesses.

According to Beazley Breach Response Services, in 2018, ransomware crooks demanded an average of more than $116,000 from over 3,300 business computer security breaches they directly tracked. Cybersecurity firm Coveware reported that the average ransomware demand to individuals and small businesses grew from $6,733 at the end of 2018 to over $12,760 in the first quarter of 2019.

How does ransomware work?

In the past, ransomware usually came in the form of unsophisticated “spam” emails that most people could recognize as hacking attacks. Hackers sent out hundreds of thousands of emails hoping to trick a few unsuspecting people into revealing their passwords and other secure information. Once installed on a business or individual computer, ransomware encrypts data and stops access to programs. The program then demands a “ransom” in the form of cryptocurrency, usually bitcoin, to restore the data and access.

Ransomware attacks are getting more sophisticated. A 2018 ransomware program, Ryuk, was developed by a North Korean group of hackers. Ryuk has been aimed at large businesses that can’t afford any downtime. The program individually maps the networks of target businesses and steals credentials in order to install the program and encryption. One business targeted by Ryuk paid over $360,000 in bitcoin to retrieve its data.

Ransomware is getting better at getting around anti-virus programs and computer firewalls. Hackers are using known applications and programs that users think are safe to get around security precautions. Expert estimates report that ransomware could cost small and medium businesses as much as $11 billion in 2020.

What can we do to combat ransomware?

  • First, make sure the operating systems for your network and connected devices are up to date. The 2017 WannaCry ransomware attack targeted computers running Windows 7. WannaCry was developed from U.S. National Security Agency tools that were leaked online. According to TechCrunch, up to a million computers are still vulnerable to WannaCry because they are running Windows 7 or earlier Windows versions. Microsoft also ends its support for Windows 7 in January 2020. Ransomware and other types of hacking attacks often target older operating systems that are no longer receiving regular security updates and patches.
  • Second, make sure your security software is also up to date. Check it at least once a month. A managed services provider (MSP) can help in this process.
  • Third, make sure you and your employees know how to recognize potential security threats. Practice good computer habits that prevent intrusions. For example, do not click on any links or images that come from an unknown source no matter how funny or appropriate the title of an email may look at first glance. Managed services providers can help to train you and your staff on good cybersecurity habits that can prevent ransomware and other attacks.
  • And finally, make sure you have a good offsite backup. Businesses that have successfully overcome ransomware attacks have strong and redundant backups for their data and programs. You may lose time, but you won’t lose all of your business data. If you’re in a field that keeps confidential client or customer information, it’s essential for your business to have secure, safe backups of data in the cloud and/or separate physical data storage.

Managed services providers (MSPs) are responsible for keeping track of ransomware threats and understanding the tricks hackers can use to take control of your computers and demand a ransom. They can help your business to prevent a ransomware attack and protect your business data and programs in the event an attack occurs. Malicious hackers have been causing damage to computers for years, but ransomware is the first major way they’ve discovered to earn a lot of money from their criminal activities. Don’t let ransomware interfere with your business operations, profits, and growth. Take our recommended steps to fight back and win against ransomware criminals.

Ransomware

Continue reading

The New Ways Cybercriminals Pose a Threat to Organizations

Cybercriminals no longer act alone. Find out the strategies and means cybercriminal networks are using to launch dangerous attacks against your organization. 

Cybercriminals business

According to technology industry blogs, cybercrime incidents are growing by 15 percent each year and cybercrime has become the most profitable type of criminal activity around the globe. Cybercriminals are no longer acting alone and carrying out destructive activities that are relatively simplistic. Instead, cybercriminals have become more sophisticated in their approach. Activities are more damaging and organized. IBM’s CEO and president has stated that the new cybercriminal dangers are “the greatest threat to every profession, every industry, every company in the world.” Being aware of the fact that cybercriminal activity is now executed using the same types of structures and approaches seen in businesses can help IT leaders guard against the dangers cybercrime presents.

Common Types of Cybercriminal Activities

The scale and scope of cybercriminal activities have evolved swiftly since the 1990s. Back then, cybersecurity-related attacks entailed destroying websites and executing simplistic codes that reflected a strong dislike of the corporate culture. Now, modern cybersecurity-related attacks have not only embraced the notion of the corporate model, but have exploited the corporate world’s reliance on digital connectivity. Common cybercriminal activity now involves extortion, the theft of data and information, and sabotage. The design and spread of ransomware through electronic means reaps over $11 billion annually.

Hierarchical Structures

Besides using more sophisticated and profitable methods of wreaking havoc, cybercriminals have formed networks that resemble hierarchical structures within traditional organizations. Many groups of cybercriminals are led by someone who operates as a pseudo executive of a firm who designs an overarching strategy and tasks that are delegated to other leaders who resemble middle managers. In turn, those who work on developing malware and ransomware code are concentrated in a single “department,” while another group is focused on developing and executing distribution methods. Each group represents and operates like a functional department within an organization. Training and recruitment programs are also developed and executed for hackers that wish to join these extensive cybercriminal networks. Knowing that these networks are employing the same strategies and tactics as an experienced corporate marketing department means that any cybersecurity defense plan has to respond in an identical fashion.

The corporate structure and mentality have resulted in the equivalent of million-dollar salaries for some. Cybercriminals are also starting to incorporate other types of illegal activities into their “business models.” Some of those activities include illegal drug production and distribution, human trafficking, and counterfeit goods. Stopping and removing the threats that cybercriminals pose mean considering the possibility that these cybersecurity threats are occurring in conjunction with seemingly unrelated activities. Any defense plan must consider all possibilities and guard all potential and vulnerable points of access.

Continue reading

The Price of Getting Hacked

Depending on the scope of the attack, the cost of getting hacked can be in the hundreds of thousands or more. Here’s what you need to know. 

Getting Hacked

When it comes to cyberattacks, all too often the bad guys win. Hackers have targeted local governments, airports, banks, and businesses, stealing usernames, passwords, and sensitive private data. While they may sell this information on the black market, they often hold it for ransom. With no other way to retrieve the stolen data, victims are forced to buy back their belongings while the thief vanishes into anonymity. Here is a look into the true price of getting hacked and what you can do to protect yourself.

Lake City, Florida mayor Stephen Witt announced that the city would pay hackers $460,000 to recover stolen data. The thieves seized control of major email servers, bringing the city’s operations to a grinding halt. Witt claimed that cyber insurance would cover all but $10,000 of the ransom, though it’s uncertain whether the city met the policy’s criteria for protection.

Ransomware: An Alarming Trend

Ransomware attacks are on the rise, and victims are paying exorbitant sums to regain their data. Three attacks occurred in April 2019 alone, hitting Tallahassee, Augusta, and the Cleveland Hopkins International Airport. The ransomware forced operations to close, with the Tallahassee attack costing the city nearly a half-million. Hackers frequently target municipalities and government organizations knowing the high value of the stolen data and its importance in operations. In many cases, the data isn’t exactly stolen, but encrypted to prevent access. After the ransom is paid, the hackers unlock the data, or so they promise.

Research conducted by SentinelOne found that only 26% of U.S. companies that fell victim to ransomware and paid the ransom were able to access their files. And even if the hackers honor their end of the deal, they may attack again. In fact, organizations that ponied up the cash were hit again 73% of the time. What’s worse is that some cybersecurity providers are in cahoots with hackers, splitting the ransom between them.

 

MSPs at Risk

Managed service providers (MSPs) are often the strongest line of defense against hackers. Unfortunately, hackers know this and have started to attack the software and systems that MSPs use to protect customer data. By infecting these systems with malware, hackers can access account credentials and use them to log in to customer accounts. They can then obtain bank accounts, addresses, phone numbers, credit card numbers, and other private data.

How Can MSPs Fight Back?

As hackers become more adept, MSPs need to step up their game. Frequent testing of defense systems, backup and recovery plans, and other cybersecurity measures is a must. The National Institute of Standards and Technology (NIST) has published a framework to mitigate cybersecurity risk to assist MSPs in keeping hackers at bay.

As is the case in medicine, prevention is the best cure for cyberattacks. Cities, corporations, and businesses must work together with MSPs to reduce their likelihood of being targeted and have multiple plans in place if a breach occurs. By staying proactive, the good guys can make it difficult for hackers to get what they want.

Continue reading

Companies Held Responsible for Tech Security

Major Fines for IT Data Breaches

Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes.

Technology Mistakes Meeting

As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise. Companies that are lax, poorly prepared or sloppy are facing disastrous tech breaches. Equifax, Uber, TJX and Visa are just a few of the companies that have had to face hefty payouts for data breaches. The public relies on companies to act professionally and secure their information. Many companies that face a security breach or lost data will not be able to stay in business.

With a security breach, the customer’s trust is lost. Not only will the reputation harm business, but fixing the issue will cost more than preventing it. Fines and payouts will also add to that cost. And, the more consumers affected by a major problem in the company’s security, the more painful the clean up. You can’t afford to slack when it comes to IT security.

Equifax Data Breach Settlement of $700 Million

The infamous Equifax data breach of 2017 has lead to 147 million affected customers. The settlement announced by the credit reporting company included $175 million to 48 states, $300 million towards free credit monitoring services for the impacted customers and $100 million to the Consumer Financial Protection Bureau for civil penalties.

Federal Trade Commission (FTC) Chairman Joe Simons said, “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

Facebook Faces $5 Billion in Fines for Privacy Violations

The FTC smacked Facebook with a $5 billion fine for the Cambridge Analytica incident. This privacy violations fine was in response to personal data taken from over 87 million Facebook users to create more persuasive and personalized ads.

Uber Faces $148 Million in Fines for Covering Up Hacked Accounts

In 2016, Uber had over 57 million user accounts compromised–and then tried to cover it up by paying the perpetrator $100k. This lead to the largest data-breach payout at the time of $148 million because they broke data breach violation laws.

Anthem Faces $131 Million for Data Breach of Customers

When the US health insurer Anthem was hacked in 2015, over 79 million customers had their names, birthdates, social security numbers and medical IDs compromised. The company paid out $115 million in a class-action lawsuit in 2017 regarding the breach. The US Department of Health and Human Services fined them an additional $16 million for HIPAA (Health Insurance Portability and Accountability Act) violations.

TJX and Visa Pay Out $40.9 for Data Breach

When over 96 million credit and debit accounts were hacked in a widely-publicized data breach that lasted from 2003 to 2007, TJX promised pay outs. This came under the terms that 80% of card issuers agreed to the recovery offer and promised not to take further legal action. TJX agreed to fund the settlement as a resolution to those U.S. Visa holders with cards from taking further legal action. This amount was not part of the $256 million the company said it had budgeted to deal with the breach.

Texas Cancer Center Fined $4.3 Million for Unencrypted Equipment

Between 2012-2013, the University of Texas MD Anderson Cancer Center lost one unencrypted laptop when it was stolen from an employee’s house and two unencrypted USBs that contained sensitive patient data. The health information of over 33,500 individuals was compromised and the center faced a $4.3 million fine for HIPAA violations.

FMCNA Fined $3.5 Million for Five Data Breaches

In 2012, Fresenius Medical Care North America (FMCNA) was fined $3.5 million for HIPAA violations after five separate breaches in different company locations. The Office for Civil Rights noted that FMCNA could have avoided this with a thorough risk analysis to find the potential risks and vulnerabilities. Many of their breach problems included lacking security policies and failing to encrypt sensitive health data.

A good company will take proactive IT security measures with a great tech team. By outsourcing IT security through a managed IT service company, you can get the best security without hiring a team full-time. Your IT team will provide an audit of your company to help you find the places where your security, devices or practices might be a threat to your company. Ensure you are using the right equipment and your employees are trained to meet compliance standards, privacy laws, customer expectations and more so your company can succeed.

Continue reading

Keeping An Eye On The Dark Web?

Keeping An Eye On The Dark Web?

Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc. – could be for sale right now. Do you know how to check if they are?

 

 

The Internet isn’t all funny videos and social media.

Between phishing, malware, and a seemingly never-ending list of scams, there are a number of serious dangers that are important to be aware of.

But there’s an even a darker corner of the web where few people dare to venture that can have a wide-reaching and severely damaging effect on your business: the Dark Web.

Recently, cyber thieves released a huge list of compromised emails and passwords known as Collection #1. It contains 773 million records, making it one of the largest data breaches to date. If your information has ever been breached, it’s most likely on this new list – and that list is on the Dark Web.

Even the federal government has had a hard time locating those responsible and stopping them. The Department of Homeland Security made their first bust involving criminals selling illegal goods on the Dark Web just last year. The arrests were made after a year-long investigation. Though this is good news, it doesn’t even scratch the surface of all the criminal activities taking place on the Dark Web.

The bottom line is that you can’t wait around for the government or anyone else to protect your business from cyber thieves. You have to be proactive about securing your database. Your personal and business information should not be for sale on the Dark Web, but how can you stop this?

What Is The Dark Web?

The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.

They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.

This unseen part of the Internet is a perfect place for less than scrupulous individuals to connect, network, and share tools, tips, and information. And it should go without saying that whatever their up to on these sites is nothing good.

Personal information such as school and medical records, bank statements, and private emails are all part of the immense Deep Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.

Why Is The Dark Web Used To Sell Private Information?

The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.

The Dark Web is like “The Wild West” of the Internet. It’s an area beyond the reach of law enforcement, hence the complete lack of regulations or protection. Although not everyone who uses the Dark Web engages in illicit activities — it has a history of being a platform for political dissidents and corporate whistleblowers — many visitors are there for less than upstanding reasons.

Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.

But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cyber criminals to share techniques and assist one another.

It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.

While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.

How can you protect yourself?

When a news story comes out about a large corporate hack, businesses often scramble to learn how they can better protect their businesses – but that’s the wrong time to start thinking about it.

Don’t wait until a breach occurs – start protecting yourself now. The advice you should follow centers around educating your employees about the dangers of online crime and developing company procedures to prevent it from happening.

The first step is to make sure you (and your staff) use stronger passwords…

Top 4 Password Mistakes To Avoid

Length and Complexity



Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.

Numbers, Case, and Symbols



Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.

Personal Information



Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.

However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.

Pattern and Sequences



Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

Maybe you think your passwords are fine.

It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.

Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?

If you’re so confident, then why not put it to the test?

Click here to test how secure your password is – take a few minutes and try a few.

How’d you do?

Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.

Top 3 Tips To Keep Your Data Off The Dark Web

Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.

Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.

Require the use of strong passwords and two-factor authorization.

It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.

Consider investing in hacking insurance and conduct penetration testing.

The cost of cybercrime will exceed 6 billion dollars by 2021. That’s a lot of money. Investing in cyber attack insurance is a good idea for businesses with a great deal of exposure.

Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cybercriminals taking your data in the first place. But what if you’ve already experienced a breach?

Even worse, what if you’ve experienced a data breach, but you don’t even know it? Case in point: it takes most businesses up to 6 months to find out that they’ve experienced a data breach.

What if you’re one of them?

How can you find out if your data is already up for sale?

What About Dark Web Scanning?

There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.

One of the most popular of these solutions is Dark Web ID, which is designed to detect compromised credentials that surface on the Dark Web in real-time, offering you a comprehensive level of data theft protection – it’s an enterprise-level service tailored to businesses like yours.

This Dark Web monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week – no exceptions.

Features include:

  • Security Awareness to keep your staff prepared to spot and stop hackers from harming your business
  • Password Manager to help you and your staff maintain complex, hard to crack passwords
  • Multifactor Authentication to prevent external parties from accessing your systems with stolen passwords
  • Data Leak Prevention to make sure the integrity of your business data
  • Vulnerability and Patch Management to make sure no weakness in your cybersecurity is overlooked.

This isn’t a matter of “what you don’t know won’t hurt you”. In fact, it’s the opposite. You can’t afford to ignore the dark web.

Continue reading

Data Security is Vital to Reducing Business Risk

Data Security is Vital to Reducing Business Risk

Traditional business risk has fallen into a few different buckets with the economy and competitors being two of the major forces under consideration. The tides change, and businesses today must add some additional items to that list and one of the most important is the issue of data security.

Photo of woman protecting data on network

From protecting the information that is being stored within your organization to creating a positive way to support the transfer of data between your clients, your business and third-party partners, data security and compliance are becoming hot-button topics in technology and business circles. Protecting your organization from the potential multi-million dollar problems that come along with a data breach is a critical component of IT leadership in the modern world.

What Are the Dangers of Poor Data Security?

You don’t have to look too closely in the world news to see the dangers inherent with poor data security: FacebookMarriott and even Equifax are recent survivors of serious data breaches. Each time a seemingly-indestructible company falls prey to a hacker, the business world holds its collective breath to see what will happen. Unfortunately, what’s happening is that these organizations are facing hundreds of millions or even billions of dollars in notification costs, lost productivity, poor consumer perception and remediation to ensure that their data stays more secure in the future. Even so, there are no guarantees that these businesses will not be hit again as they have already proven to be vulnerable from this type of attack. Major corporations are not the only ones being targeted, however. Small and mid-size businesses are also being targeted for attacks because there’s a perception that they do not invest heavily enough in cybersecurity and secure infrastructure.

How Can I Improve Data Security in My Business?

Improving your business’s data security often starts with an audit of your current situation. This could include where your organization stores data, the type of information that is being stored, the individuals who are able to access your data and how that access occurs, the privacy and security policies of third-party partners and the various integrations that your business systems have with sensitive data. Businesses that are storing personal information (PI) that includes first and last names, passwords or passcodes, health or financial information need to pay particular care as this type of information is extremely sought-after by hackers who are interested in selling it for top dollar on the dark web. Once an audit has been completed, it’s time to start improving the security of your overall systems and storage.

Does Moving Data to the Cloud Help Improve Data Security?

Just as with many questions in technology, there isn’t a cut and dried answer: it depends on the current situation with your data, the type of data that’s being stored and several other factors as well. The best option is to work with a proactive IT solutions provider who has a deep understanding of data security and has helped secure other organizations that are similar in size and storage needs to yours. This allows you to leverage industry best practices to help keep your data safe and nudge you towards the right decisions both now and in the future. In general, moving to the cloud may help improve your security, especially if you have a limited number of internal IT staff members who are able to maintain your systems and data infrastructure. Cloud-based data storage and applications work together fluidly and often without the requirements for ongoing updates as these are applied at the data center level. This can take some of the pressure off of internal IT staff to provide proactive maintenance and allow these individuals to focus on improving the overall security posture of your organization.

As we enter the second half of 2019 and into 2020, CEOs and other top executives are increasing their focus on cybersecurity as a strategic initiative. This provides an added impetus for organizations to thoroughly review their data storage and use strategies and create a cohesive solution for data in transit and at rest that will help reduce the overall risk to your business. Reviewing your data security on a regular basis can help alleviate concerns about your storage procedures and ensure that your organization stays up-to-date with the latest recommendations from security professionals.

Continue reading

Spoofing & Hacking: What’s The Difference?

Hacking and Spoofing

Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.

Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.

Hacking vs Spoofing—What You Need to Know

What does it mean when your email account has been hacked?

A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:

  • Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
  • Answering your security questions correctly
  • You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
  • You used the same password on a different site and the site used it to access your email
  • You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
  • Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password

If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.

Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:

  • Check your recent email activity to see if anything was sent that you were not aware of
  • Change your password
  • Use different passwords for every account
  • Start using a password manager to generate random, complex passwords
  • Update your system to the latest OS and update your security software
  • Run your antivirus and malware detection programs

Spoofing and Hacking

What does it mean when your email account has been spoofed?

Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.

Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:

  • Do not share your email address with anyone who does not need it for business purposes
  • Do not allow employees to share your email address

Improving Business Email Security

For more information about improving email security for your business, please contact our IT services team.

Continue reading

Most Small Businesses Pay The Ransom

Are you willing to pay the piper when it comes to cyberattacks?

Do You Pay The Ransom

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

  • The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
  • The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
  • Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
  • Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
  • Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

  • Network security that’s based in next-generation firewalls to identify and contain unwanted activity
  • Automated solutions to update anti-malware applications and install updates and patches
  • Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Continue reading

Hackers Steal Company Information

Hackers Steal Company Information

Cybercriminals have started 2019 off by stealing more than 1.7 billion records. They look for data that is profitable in some way, whether they sell it directly or use it as part of another attack. A successful intrusion attempt comes from various factors, such as an employee downloading a malicious file or the business failing to follow IT security best practices. Here are 10 ways that hackers find a way to get into business networks

Tricking Employees into Opening Malicious Files

Phishing accounts for 91 percent of successful network intrusions. Employees see an email that looks authentic. The hacker makes it appear like it comes from someone in leadership, an external partner or another significant entity in the organization. The email has a file attached or a link included in the body of the email. If the employee opens the file, it loads malware onto that system or directly to the network. The phishing emails with links work by taking the user to a fake login page or another screen that requests username and password information. The hacker uses this to get into sensitive systems. The URL could also lead directly to malware.

Visiting Unsafe Websites

You can block suspicious websites and downloads for equipment that connects through your business network, but if someone uses a personal device, they don’t have the same level of protection. The next time they get on the network with the compromised device, the malware has a way to get on your systems and spread throughout your organization.

Lack of Control Over Personal Devices

If your company doesn’t have “Bring Your Own Device” policies in place, then you could end up with unapproved personal devices using your resources. IT doesn’t have any oversight on these unauthorized devices, so they represent a significant threat.

Lack of Cyber Security Awareness

IT security measures can only accomplish so much. Cybercriminals know that organizations have people of varying technical proficiencies. When an end user doesn’t have sufficient cybersecurity awareness, they fall victim to phishing and other attacks. Employees need to understand the steps they can take to protect against hackers, and get the training to learn about IT security best practices.

Poor Password Management

Employees may have weak passwords for their work accounts. In some cases, they may opt for no passwords. Data breaches at other companies could expose common username and password combinations that end up being in place at your business. Password cracking software makes figuring out this information trivial.

Insufficient Backups

Data backups are critical to helping your business recover from a cyber attack or another disaster. If the backup solution doesn’t work correctly or it fails at creating a complete backup, you could face losing months or years of work. The financial loss would be enormous and puts you in a situation that’s difficult to recover from.

Failure to Proactively Monitor and Maintain Infrastructure

Hackers look for vulnerabilities in your network that would allow them to launch a successful attack. If you don’t have IT security professionals monitoring your infrastructure and keeping hardware and software up to date, then you’re creating an environment that’s ripe for a data breach.

Lack of Cyber Security Measures

A failure to follow IT security best practices can lead to a workplace that doesn’t have enough cybersecurity measures in place. Some companies may be misinformed that all they need is perimeter defense to keep hackers out. You may be vulnerable to an intentional or unintentional breach by an internal actor, or be unable to defend against a sophisticated attack.

Unprotected Wireless Networks

Public wireless networks may be convenient for employees, but anyone within range can connect to them. A hacker can intercept the data traveling on the public Wi-Fi and use that information to get into company resources.

Sophisticated Social Engineering Efforts

Some hackers have attacks that involve a lot of social engineering. They may be trying to get into the financial accounts of upper management or accounting, or they could want to access trade secrets and insider information. They act like they’re an authorized person with a legitimate need to have the data or access that they’re requesting. Cybercriminals can be very convincing, especially when they have well-funded operations. If your company has a lot of turnover, or departments that don’t interact with each other, it’s difficult for employees to keep track of who actually works there.

Lack of Physical Access Control

One area that gets overlooked in a cybersecurity strategy is physical access control to data centers and other rooms that contain servers with sensitive data. A hacker could download that data directly from your systems or take the opportunity to load malware onto your infrastructure. If employees write down their account information and post it on their workstations, the hacker could save this information for later use.

Hackers have many ways to break into your business infrastructure and compromise your systems. Intrusions can lead to long-term consequences, such as major financial losses and damage to your reputation. Protecting against these common attack methods puts your company in a better position to limit your cybersecurity risk.

Continue reading

Security Update: What’s PhishPoint?

Phishpoint

The attack dubbed “PhishPoint” is a recent cyber-attack scheme being used by foreign hackers. It demonstrates the craftiness and the extent that cybercriminals will go to in order to harvest your Microsoft Office 365 credentials. It uses several familiar aspects of Office 365 to lull potential victims into an assumption that everything is above board. But it’s not. Here’s what you need to know about PhishPoint and how to protect your organization.

How Did The PhishPoint Attack Get Into Office 365?

The PhishPoint hackers use Microsoft SharePoint files to host their phishing links. Typically hackers use emails to host malicious links. Now, these crafty hackers have figured out how to bypass Office 365’s built-in security to leverage their attacks. This shows that there’s a critical flaw in Office 365 in this respect.

How Does The PhishPoint Attack Work?

You can recognize a PhishPoint malicious email by its use of “URGENT” or “ACTION REQUIRED” to urge you to respond. But beware, this email contains a link to a SharePoint Online-based document that you don’t want to click.

Here’s how it works:

The link will direct you to SharePoint. It will look legitimate and could trick you or your users unless you know what to watch for it.

At this point, you’ll be shown a OneDrive prompt –The SharePoint file will impersonate a request to access a OneDrive file with an “Access Document” hyperlink. This is actually a malicious URL, as shown below.

Then you’ll see a Microsoft Office 365 logon screen – Don’t enter your information even though it’s very authentic-looking login page. if you do, the hackers can access your user credentials!

What Else Should We Watch For?

Several things stand out here, and you should watch for them:

1. The email is unsolicited and has a generic subject of “ has sent you a OneDrive for Business file.”

2. Opening the document requires you to take a number of steps.

3. The URL for the logon page isn’t on the office365.com domain.

Why Didn’t Microsoft Stop This Scam?

Unfortunately, Microsoft didn’t see this coming. They continually scan emails for suspicious links and attachments, but even they were fooled. They didn’t think that a link to their own SharePoint Online would be malicious.

Another problem is that Microsoft link-scanning only goes one level down. It scans links in the email body but doesn’t scan files that are hosted on their services like SharePoint. If they did, they would have to scan for malicious links within shared documents.

And there’s another problem…they couldn’t blacklist the malicious URL unless they did this for the full URL for the SharePoint file. In this case, the hackers could just make a new URL in an uploaded file that contained content similar to SharePoint.

Since Microsoft isn’t scanning files hosted on SharePoint, hackers can easily use the platform to con their users and steal their credentials.

This scam exemplifies the risk associated with cloud-based applications. Using context and services that users are familiar with, cybercriminals can take advantage of a lowered level of alertness, and gain access to corporate resources online – all without the user or organization ever knowing it.

What Is Microsoft Doing To Prevent Scams Like PhishPoint?

Microsoft has been working behind the scenes to stop foreign attackers. Court documents that were unsealed on March 27, 2019 show that they’ve been waging a secret battle against a group of Iranian government-sponsored hackers.

Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

What Can We Do To Prevent Being Affected By PhishPoint?

It’s important that you share this message with all of your users:

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending an invite via email to open a SharePoint document.

The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!  

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked!  

Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

Here are some other things that you and your users should do:

  • Be wary of any email subject line that contains an imminent threat like “URGENT” or “ACTION REQUIRED.”
  • Always suspect URLs in the body of an email. It’s best not to click them. Most legitimate businesses no longer send links in emails.
  • Carefully review any logon page. Check to make sure that the URL is actually hosted by the service that you want to use.
  • If an odd-looking email shows up in your inbox from someone in your organization and you question its authenticity, contact the person by phone to see if they sent the email.
  • Use Multi-Factor Authentication for all of your software platforms and online accounts.
  • You should also sign up your users for Security Awareness Training. When you do, they’ll have a better chance of spotting the telltale signs of a cyber threat.
Continue reading

What Is The Estimated Cost Of Your Next Ransomware Attack?

ransomware

Successful businesses require smart leadership. How does a company effectively protect its profits? Planning for profits should also include company-wide management of expenses and security planning is high on the list. If the average ransomware payment has reached close to $15,000, a company’s leaders would want to plan ahead and ensure all security best practices for backups, network systems, cloud storage, and servers. Real profits include all revenues with an understanding of cost allocations for a business. Effective technology solutions can help make sure the right focus is on the products or services with higher profit margins. Security planning fits nicely with successful leadership, along with prevention plans to reduce all risks. Eliminating any unnecessary expenses from ransomware attacks could allow better allocations for salaries, employee satisfaction, company reinvestments, and provide improved planning for sales and profits.

How do you put a cost on employee reassurance for successful security planning? Do not allow a ransomware attack to affect your profits, employee satisfaction or customer confidence. How can you improve customer satisfaction with your plans for security? Employees and customers can benefit from understanding the successful planning for eliminating all security risks. Smart leadership with security planning includes documentation for policies, procedures and adequate communication for employees. Employee training should consist of documentation that clearly outlines security requirements. Employee retention and job satisfaction may not seem completely quantifiable but effective leadership is able to provide the best planning for staff morale.

Security planning

Effective leadership includes communication strengths, simplified technology solutions, employee support, and operational planning for client satisfaction. Marketing, client support, and branding require appropriate security planning and any security issues, such as ransomware attacks, are disallowed. On-demand support is important for employee support and client satisfaction. Security planning should be the focus of any customized IT services and flexible technology solutions. Support plans may include additional hiring and training for technicians. Packaged solutions and IT managed services are easily researched with the correct leadership involved and reviews of the cost-benefit analysis. Effectively managed IT support can help prepare a company for leading-edge technologies, cost savings, and marketing strategies. The improved promotions for profitability are part of the smart leadership of a successful business.

Business growth

A company’s growth can be comfortable for leadership teams and employees. Appropriate planning would be for new hiring, cost management, accounting and administration, and information security. A company’s asset allocations for new hires are a smart focus for scalable business growth. Support for the human resources departments can help simplify the hiring process, training procedures, and employee effectiveness. The technology staff and any partners for technology solutions should be high on the priority list for smart business growth. Technology teams can be some of the best for effective cost management, profitability, operations planning with sales projections, and marketing priorities. Experienced IT consultants can help with planning and success throughout a company.

Expense management

Appropriately allocating expenses with accounting and administration is an effective strategy. Technology teams and business executives are able to better focus on profitability and growth strategies. A thorough understanding of staffing needs is improved with effective expense management reviews. Some of the expenses and cost projections to consider include the following:

  • Employee expenses including computers, mobile devices, and salaries
  • Administration overhead with product and services support
  • Technology costs with security planning, salaries, commissions, and partnership agreements
  • Asset allocations and maintenance costs
  • Trained technicians and experience with cost cutting are improvements for the business
  • Product development expenses and allocated costs with packaging, distribution, and promotions
  • Sales and marketing costs are monitored continuously for profitability and growth projections
  • Costs for press promotions, media announcements, and public relations
  • Social media support with company messages and communication plans

Regular security assessments

Reviews can include usability of information systems and an analysis of graphical user interfaces for all technology implementations with user access. Smart leadership could consist of a review of the regular security assessments for planned improvements, user support, and communication enhancements. Confirmation of success is smart for operations and client reassurance. Sales and marketing teams can use healthy reporting to demonstrate successful planning for security procedures and privacy of client information. Looking organized is also part of effective management with security reviews and regular assessments. Security plans should be a part of expense management and corporate planning.

Network administration

The salary for a network administrator is important to review often for effective leadership and employee planning. “An in-house network administrator can cost your business somewhere around the salary range of $45,000 to $80,000”,  https://www.payscale.com/research/US/Job=Network_Administrator/Salary. Having the right successful leadership in place is a smart way to manage all business expenses and plan for successful growth. Working with the managerial staff, the network administration team can prepare the best documentation for employee training and new hiring processes. As some of the smartest planning for sales and marketing promotions, smart plans for the employees can help improve profitability for a business. Smart priorities can help assure employees are impressed with a company’s plans for success and business growth. Security planning can be improved with communication of the policies for networking, backups, remote access, client information, and employee administration.

Employee training

Training can be helpful for all employees, including new hires. Plans to prepare training can include impressive presentations or documentation to impress potential or current clients. The best type of training for technology and information systems, such as security plans, can easily be prepared to benefit the entire company. Communication with all levels of employees is friendlier with documentation or reports highlighting prevention plans and confirming the correct policies for security. Risk assessments and security reviews can foster better communication with employees or clients. The focus can benefit plans for profits and sales successes.

Successful planning to completely dismiss any risks of ransomware attacks is smart business. Preparing for profits and protecting your business work are good leadership plans. The appropriate planning can be appreciated by business executives, business owners, and managers. Confirmation of the best preparation for salaries and commissions is important for the network administrators and the entire staff for a company. Having the right leadership in place can help reduce all security risks and eliminate unneeded expenses of any cyber attacks or vulnerabilities.

Continue reading

5 Cybersecurity Tips For Employees

Cybersecurity Employees

Imagine waking up one day only to realize that the company you work for has been hacked. Your files are missing, bank accounts are hijacked, and sensitive information is on the loose. Although this sounds like a rare situation, it has become more prevalent in this day and age. While there are some solutions to catching hijackers and cybercriminals, the damage done can be quite extensive. Furthermore, cyber attackers can now attack a company from many different angles. This is why, today more than ever, it is extremely important to understand cybersecurity best practices and to make sure you’re staying as protected as possible. However, cybersecurity isn’t only about protecting your infrastructure and device endpoints. There are other assets that cyber attackers have been focused on — employees. While there are many employees trained in cybersecurity best practices, many employees act carelessly when it comes to staying protected. Employees may not care about protecting the company or they may not know how to best protect their information. Whatever the case may be, ensuring top-notch cyber protection at the workplace can help prevent a disaster. Not only can a hijacking lead to the release of confidential information, but it can also result in the termination of an employee. In this post, we’ll discuss 5 cybersecurity tips for employees.

Keep an Eye on Your Devices

A top method for a cyber attack starts with the theft of important devices. Whether it’s a phone, computer, tablet, or even a notebook, these all can contain valuable information that might be used for a cyberattack. No matter how small your business is, keeping your devices safe is a best practice to follow. Devices such as laptops are very important to keep an eye on, as these can be used to stir up a great deal of confidential information. In addition, if you don’t need a password to enter into your device, it makes it that much easier for a cyberattacker to access very important material. Therefore, it’s always best to keep a close eye on your devices. If you have your devices in a public place, always have them in an arms reach. If you have to step away for a few minutes, take your devices with you. However, watching your stuff doesn’t only pertain to being in public. Even at the workplace, things get stolen and devices get hijacked. Always keep a close eye on your phone, laptop, and other devices. While this mostly pertains to large companies with many employees, small businesses too are also at risk. It’s best practice not to get careless with your devices and to always know where they are.

Practice Proper Web Browsing Techniques

Another popular way for cyberattackers to make their money happens when employees carelessly use the web. While an employee may feel that they’re doing nothing wrong, an attacker may take advantage of their careless mistakes. While there are some obvious threats that you know not to fall for, other threats aren’t so apparent. Keep reading to find out some common threats to be aware of while browsing the web.

Maladvertising

This threat is a type of malicious code that distributes malware through online advertising. This can be hidden within an ad, included with software downloads, or embedded on a web page. What makes this so threatening is that maladvertising can be displayed on any website, even ones thought to be trustworthy.

Social Media Scams

With the explosion of social media in the last 10 years, cyberattackers have been hard at work developing scamming techniques. Whether it’s through click-jacking, phishing techniques, fake pages, or rogue applications, hackers have been very successful with these social media scams. While Facebook is a common platform used for hacking, Twitter also poses many threats. This is because Twitter is both a microblogging site and also a search engine.

Web Browsing Tips

  • Don’t click on any ads or links that seem fishy
  • Don’t click on links in emails
  • Only interact with well-known sites
  • Confirm you’re using non-fraudulent sites
  • Be cautious with online downloads

Keep Mobile Devices Secure

While you might think that the biggest threat to cyberattacks involves the use of your computer, your mobile devices are also something to pay attention to. With the growing sophistication of cell phones, tablets, and laptops, hackers are chomping at the bit trying to get their hands on any of these devices. Cell phones are basically a mini-computer nowadays and tons of confidential information can be easily assessable on them. This is why mobile security is more important than ever. However, given the small size of these devices, it poses many challenges to stay safe. Since laptops and phones are getting smaller by the day, it’s now harder to keep an eye on these devices, in addition to trying not to lose them. However, there are multiple security measures you can take to ensure that your mobile devices are secure. From security apps to creative passwords, there are numerous things you can do to keep these cyberattackers at bay. Take a look at a few of these solutions below:

  • Keep Devices Clean — As with most things in life, a good cleaning is usually beneficial. Same goes for your mobile devices. With so much information on such a small device, it’s vital that you clean up your device from time to time by deleting files and using an antivirus program.
  • Setup a Passcode — Sometimes all it takes to stay protected from a cyberattacker is a strong password. This is the first thing that the attacker has to crack, so this is your first line of defense. Make the password unique and difficult to guess.

Keep a Clean Desk

Another tip for staying safe in the workplace involves cleaning your desk. It may sound so simple, but a messy desk has a strong chance of obtaining some important information. Remember that note you got from your boss last month? How about those files that were put on your desk last Tuesday? If you forget about these materials and they contain some confidential information, you could risk a cyberattack. Furthermore, if someone steals something from your messy desk, it can be very difficult to notice. Sometimes days or even months go by before you notice that note is missing or that folder isn’t there anymore. While you’ve gone a long period of time without even knowing these materials went missing, you could already be a victim of a cyberattack. Here are some other common mistakes to avoid:

  • Leaving USB drives or phones out in the open
  • Writing down usernames and passwords and leaving them on your desk
  • Leaving credit cards out in the open
  • Forgetting to erase notes
  • Leaving confidential papers on your desk for extended periods of time
  • Forgetting to lock a cabinet or drawer

Be sure to avoid these mistakes as they can make it that much easier for a cyberattacker to access your important information.

Beware of Phishing Attacks

Phishing is a fraudulent practice that involves emails being sent to entities to induce the exposure of credit card numbers, usernames and passwords, or other valuable information. Attackers may pose to be friends, family, or trusted businesses in order to gain information from an employee. Another tactic that makes these attackers successful is the appearance of authority. They may mention something requested by the CEO or something that involves some of the higher-ups. Since employees never want to disappoint the CEO, falling victim to these attacks is common. While it’s very common for an attacker to try to impersonate someone else, they might take another approach. Sometimes links are embedded into emails that will redirect the employee to a fraudulent web page, or sometimes the attacker might attach a file that can expose confidential information if downloaded. Understanding these different methods used by hijackers can help protect you from a cyber disaster. Take a look at a few other best practices below:

  • Verify suspicious email requests by contacting them directly
  • Utilize malware and antivirus protection programs
  • Check the security of websites
  • NEVER reveal personal or financial information via email

While phishing is a common technique used by cyberattackers, understanding how to protect yourself can make you well-prepared for anything that comes your way.

Say Goodbye to Cyberattackers!

Even with the many methods of attack for these cyber-hijackers, there are many things you can do to ensure you’re staying protected. While following the list above will get you well on your way to staying educated on the topic, your employers should also consider training their employees on best practices. Even if it’s done once a year, cyberattack trainings can go a very long way. Try talking to your boss about it in the next meeting or go the extra mile and talk to your whole team about it in a group discussion. Another method of protection involves hiring a company that specializes in cybersecurity. These companies are growing by the second and there are many services available for both large and small businesses. Whether you seek external resources for your cybersecurity efforts or you prefer an in-house approach, cybersecurity is something not to shy away from. Not only can a cyberattack lead to lost revenue and the exposure of confidential information, but it can also send a company burning to the ground. By using the five tips mentioned above, employees can stay safe from the trickery of cyberattackers.

Continue reading

The Ultimate Small Business Owner’s Guide to Ransomware

Small Business Ransomware

Your employee innocently clicks a link within an email or visits a sketchy website and the next thing you know your digital assets are being held hostage by a cyber attacker. It only takes a few keystrokes to cause potentially irrevocable damage to your systems, and hackers are always looking for new victims. With ransomware, you may be able to regain full access to your files and other digital assets — but at what cost to your business? No size of business is immune to cybersecurity assaults, and ransomware is on the rise in small businesses. In this Ultimate Small Business Owner’s Guide to Ransomware, you’ll learn more about the threat, tips to protect your business and suggestions on how to recover after your business has been infiltrated.

What is Ransomware?

Ransomware is a specific type of malware that results in you losing access to your digital assets until a ransom is paid to the attacker. The assumption is that as soon as you have paid the cybercriminal, you’ll regain access to your information — but there is no guarantee that hackers will unlock your files after payment. The loss of access to your information and business systems can be crippling for your business, sending productivity into a downward spiral and frustrating customers and vendors alike. The faster you or your IT security provider are able to react, the more you will be able to limit the damage done to your organization and reputation due to ransomware. The three primary types of ransomware are:

  • Data encryption or fundamentally changing the format of your files
  • Programs that hijack your desktop files and require payment to unlock them
  • Mobile ransomware that prompts you with payment instructions

Each type of ransomware presents particular challenges for your organization.

Dangers of Ransomware

Aside from losing access to your files, your business may effectively be at a standstill with a widespread ransomware attack. Computer and phone systems, your website, your email servers — all are interconnected and can be vulnerable to this type of aggressive malware. Today’s data and technology platforms are often tied tightly together which expands the reach of a particularly malevolent attack. The effects can be far-reaching, from an inability of customers to place orders or check order status to causing your automated production lines to grind to a halt. Until you are able to regain access to your data and files, your business may be relying only on printed information. This is particularly damaging when you consider how many of today’s offices are going paperless.

How is Ransomware Spread?

Ransomware is spread in a variety of ways, but the most common is through someone clicking a link within an email or visiting an infected website. These back doors to your systems provide hackers with easy access to business-critical systems and information, allowing them to virtually lock the door to your digital assets. Social engineering is another way that unsuspecting staff members are tempted to provide the keys to the virtual kingdom. Hackers are becoming extremely deft at using information stored on social networks to create ads or messages that seem to be from trusted colleagues — yet lead to malware.

Are Small Businesses Vulnerable to Ransomware?

You may think that only larger businesses with deep coffers would be tempting to cybercriminals, but small businesses are considered quite vulnerable and may be ideal targets for a quick attack. Small business owners are often lulled into having a false sense of security thinking that they are too small to be a target. A 2018 data security report by Verizon shows that 58% of malware attack victims were small businesses. Stealing your customer information can be the work of a few hours for a hacker, and these data points are extremely valuable on the dark web. It’s relatively easy for individuals to gain access to the tools that are required to break through basic security measures. It’s crucial for small businesses to stay informed and enhance their security profile in order to protect sensitive competitive and customer information.

How Can I Protect My Small Business from Cyber Attacks?

Protecting your small business from cyber attacks begins with assuming a more aggressive security posture. It’s no longer a matter of simply scanning emails for viruses and adding a firewall. The increasing scope of data breaches means you will need to either invest in internal security infrastructure or work with qualified professionals who specialize in cybersecurity. Protecting your business from ransomware and other cyber attacks requires a range of protective measures, including:

  • Staff training on creating adequate passwords and the importance of never sharing passwords
  • Limiting data and systems access for unauthorized users
  • Thorough review of endpoints, including secure employee and guest WiFi access
  • Close monitoring and review of when and how contractors are allowed access to systems
  • Maintenance of government regulations and compliance mandates
  • Advanced antivirus software, preferably with active monitoring
  • Regularly reviewing and enhancing backup and recovery strategies
  • Applying software patches and updates in a timely manner

Each of these strategies will take time and effort to implement, and they all work together to help protect your organization from being the target of a ransomware or other type of malware attack.

Recovering After a Ransomware Attack

Understanding the type of ransomware that has been added to your system is the first step in recovery. This will help you or your technology service provider determine the next steps for restoring full system usage. If you planned ahead and have a solid backup and recovery program, this is likely when you’ll begin taking those steps. IT security professionals recommend taking these steps to recover from a ransomware attack:

  • Disconnect everything to limit infiltration to unaffected systems
  • Take pictures or screen captures of the ransomware screen, including the payment requirements and information
  • Begin taking steps for recovery
  • Learn more about the specific type of ransomware that is affecting your system
  • Determine whether you are able to completely restore your systems from backups

Finally, create a crisis communication strategy that will allow you to provide customers and employees with the information they need to continue working after the attack.

The best option for your business to survive a ransomware attack is to avoid it — but that’s not always possible. Become educated on the dangers of this particular type of malware and how you can prevent it, or you risk becoming yet another statistic in the ongoing fight against cybercriminals.

Continue reading