Most business owners have an employee handbook. But when it comes to the online security of their business, often times this portion is either not adequately addressed, or not addressed at all. However, with cyber crimes an ever increasing threat, and the fact that employee error is one of the most common causes of a security breach, it is incredibly vital that your staff is informed of your policies. Here are four policies that every business owner should share with their employees.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with consideration from TechAdvisory.SOURCE

Ways to Repel Ransomware


Let’s put aside for a moment the mega data breaches that resulted in millions of confidential customer records going out the door. If 2015 is to be remembered for one thing in the world of cybersecurity, it might be the year ransomware hit the big time.

Ransomware is “kidnapping” malware that has been plaguing home users and businesses for many years, but which has significantly spiked over the past 24 to 36 months to become a hugely profitable racket for cybercriminals – and a source of great tension for IT and security professionals. The threat initially gained notoriety for its maddening ability to freeze individual keyboards and computers – usually with bogus statements from the FBI concerning child pornography – but in recent years it has evolved to encrypt sensitive data files, with the attackers the only ones holding the private keys to unlock them. The most recent strains of ransomware are going even one step further: They are being bundled with password stealers that are used to exploit weak website security.

The fraudsters won’t release the key, of course, until you make a payment, usually requested in bitcoins. The going-rate is around $500, but the shakedown can stretch into the several thousands of dollars for victims – never mind the costs associated with downtime and recovery, as well as potential legal and customer-related costs. Because the attack is so crippling, many businesses end up deciding to pay the ransom – an outcome that even the FBI hasn’t encouraged against. The most common ransomware family is CryptoWall, which the Internet Crime Complaint Center in the United States estimates was responsible for nearly 1,000 complaints between April 2014 and June 2015, with those victims reporting some $18 million in losses. TeslaCrypt and CBT Locker are two other families that are popular. Reveton and Chimera are still around, but somewhat outdated.

Purveyors of ransomware typically stop short of exfiltrating compromised data as we’ve become accustomed to with traditional data breaches. Instead, they aspire for a quick hit and an even quicker reward. Once compensated, they usually live up to their end of the bargain and release the data from their control – If they didn’t, nobody would ever pay the ransom – although that’s no guarantee they’ve abandoned their foothold in the target environment.

Ask any security expert why ransomware has become so popular and they’ll give you roughly the same answer: It’s not a complicated scam requiring different players handling specific tasks (as you might find in a credit card breach operation). It often results in quick cash – Trustwave researchers estimated the return on investment for ransomware attackers is a whopping 1,425 percent – and most of all, it works. The threat is often difficult to detect and even harder to remove once it has infiltrated a target, which, by the way, doesn’t just include PCs, but also mobile devices (where the threat is growing fast),Linux-based systems and even medical devices.

What steps can you take to rebuff a ransomware attack? Try these seven recommendation

1. Back up Your Data

This allows you to quickly recover from an incident. Be sure to regularly replicate file changes in your production environment, so your fallback point is an acceptable amount of time for your organization in case of an attack.

2. Disconnect from the Internet

At the first sign of a malware infection, detach the compromised machine from the network, cutting off the attacker’s control of it. However, take note that this will not stop the encryption process if it’s already been initiated by the ransomware.

3. Run Anti-Malware

It’s not enough to simply have anti-virus running on your desktops. You also need live anti-malware capabilities that can conduct real-time code analysis and dynamic URL categorization.

4. Spread Security Awareness

Ransomware scams tend to begin like most malware infections – with an end-user clicking or opening something malicious. Preach the importance of social engineering defense.

5. Deploy Advanced Email Security

To complement awareness with technology, you should adopt an email security gateway that incorporates threat intelligence to effectively thwart emails that contain malicious URLs.

6. Patch Your Software and Systems

Malware often requires an unpatched vulnerability to run, so ensure that your entire environment is updated with the latest security fixes. Vulnerability scans and security testing help businesses identify their network-connected assets and learn how those assets are vulnerable to attack.

7. Report the Event

If you’re a victim of a ransomware attack, you need to kick in incident response, which should include contacting the authorities and/or filing a complaint with IC3.

Published with consideration from Trustwave. SOURCE

Potential IT security issues in 2016 – As a small or medium-sized business owner or manager, it’s only to be expected that you want to keep your company safe from cyber attacks and hacking attempts. But how much do you really know about online safety? With massive corporations such as Sony falling victim to attack, cyber security has never been more in the public eye. And that makes it the ideal time to learn just what it is you need to be doing to keep your business secure in 2016.

If you think that only big corporations and prominent organizations are targeted by cyber criminals, you are making a deadly mistake. It might be tempting to sweep cyber crime under the carpet and assume that you are flying below the average hacker’s radar, but that simply isn’t true. In fact, it’s the polar opposite, since smaller enterprises are actually far more likely to be at risk than larger ones, owing to their typically less sturdy security postures.

So where does that leave you as a small or medium-sized business owner or manager? Does it mean you need to be taking your cyber security even more seriously? You can bet your bottom dollar it does, as industry experts predict that 2016 is only going to become more of a minefield when it comes to online crime.

The headline trend that IT security professionals pinpointed this year was that no longer were criminals hacking into websites purely to bolster their bank accounts. 2015 has seen the emergence of another strain of hackers, launching cyber attacks as part of a moral crusade. These people are not purely after money although in some cases this may also be a contributing factor – instead, their claimed motivation is revenge, or righting what they perceive as wrong. It is this diversification in the hacking community that has led security watchers to predict that, as we enter 2016, we are likely to see some different behavior from hackers.
Among the unpleasant predictions being made, a number of experts agree that hacks of a destructive nature will be on the rise. The fact that hackers are using attacks for retribution rather than simple monetary gain means that a wider cross-section of organizations may well find themselves being preyed upon, all the way from government agencies – traditionally ignored by hackers – to online retailers and other commercial websites.

Remember when Snapchat got hacked back in October 2014, and the hackers threatened to make public as many as 200,000 photos? Well, the bad news is that apps are going to continue to be targeted. In particular, those mobile apps that request access to your list of contacts, emails and messages can, in the wrong hands, be used to create the kind of portal that enables a cyber criminal to steal data or gain access to a company’s entire network. All this means that in 2016, hackers could be taking advantage of apps to do more than just steal your social media photos – they might have in mind the takedown of your entire company.

As a local business owner, social engineering – a means of tricking an individual into disclosing revealing or personal information about themselves or their company – is something you definitely need to be concerned about. You might pride yourself on being too savvy to fall for a cyber criminal’s tricks, but what about your employees? Can you be sure that each and every one of them exhibits the same amount of self control, cynicism, and wariness that you do? Not only that but, as we enter a new era of online threats, the criminals that use social engineering are growing in confidence and creativity. Dodgy emails from a bizarrely named sender containing a link to an unheard-of website are yesterday’s news. Modern social engineering is highly evolved and extremely cunning, and has the potential to convince even the most streetwise internet user.

How confident are you that your entire team of employees would be completely infallible in the face of a stealth attack from a seemingly innocent source? Could you trust them to restrain from divulging not only their personal details but also information pertaining to your company? Multiply the number of employees in your company by the number of phone apps they potentially use, and add to that the fact that any one of them could at any time be targeted by a social engineering scam, and the end result is a less-than-perfect security posture.

The sad fact is that there are people who want to do you harm – regardless of whether you hold confidential information about celebrity salaries, or are privy to a database full of cheating spouses. People, no matter how well meaning or vigilant, are the weakest link in any security chain, which means that ensuring your business’s safety necessitates educating your staff and ensuring that your network is impenetrable.

Professional training and a vulnerability assessment are two great places to start, so why not get in touch with us? We’ll make sure your business is as hack-proof as it can be.

Should members of the U.S military who click on phishing emails be court-martialed? Admiral Michael Rogers thinks so. As director of the National Security Agency, he’s dealing with a hack of the Pentagon’s Joint Staff network that was enabled by four people who fell for phishing emails.

“When I looked at the email, I said: ‘Why would you have opened this? It makes no sense,’” Adm. Rogers recently told The Wall Street Journal. “And the answer I got was: ‘It was early in the morning. It was a Monday. I’m just blowing through my emails.’

“If someone had said to me: ‘Hey, it’s lonely on post. It’s the middle of the night out in the middle of nowhere. I just pulled my gun out because I wanted to quick draw,’ we would never accept that. So why are we willing to accept this kind of behavior in the cyber world?”

That blunt assessment should be food for thought for any organization that uses email – in other words, everyone. Email’s ubiquity enables hackers to cast a wide net and as the Pentagon example shows, the amount most workers receive increases the chances that phishing and other attack methods will succeed.

Rethinking email security

But there’s another key aspect that many CIOs, CSOs and IT managers overlook: email is a gold mine of information that facilitates a wide variety of subsequent attacks. For example, a new employee might use email to provide HR with her dependents’ names and Social Security numbers. That information enables identity theft. Less obvious is how it also opens back doors to personal and professional data if she uses those names as passwords or as responses to security challenges. The risks multiply even further if HR sends her links to set up employer-related accounts, such as everything from health insurance to the corporate LAN.

It gets worse: most people don’t delete messages once they’ve sent them, which means the confidential personal and professional information they contain is there for the taking for any hacker who manages to get in. This confidential information in email could linger for months, years or forever, depending on whether her employer’s IT policies automatically purge messages after a certain time (if they purge at all). She’ll also probably archive HR’s messages so she has those links and other information handy, which means more valuable data for hackers.

If that sounds scary, it is. But practically every week, there’s a headline about a high-profile email hack, which shows that too many enterprises, government agencies and other organizations are growing complacent or simply desensitized. That increases the likelihood that they’ll eventually make headlines, too – or even have a law nicknamed after their organization because the breach was too big and too embarrassing for Congress to ignore.

Hyperbole? Imagine a hack of thousands or millions of patient accounts that was enabled because a single internal email contained that database’s login information. Actually, you don’t have to imagine it because it’s happened so many times. One example is the University of California Davis Health System, where a single physician’s email account stored 1,326 patients’ information. They’re now among the roughly 39 million patients nationwide whose health information has been hacked so far, according to the Department of Health and Human Services.

How to Fight Back

The good news is there’s no shortage of proven technologies and best practices for securing email and, in turn, all of the databases, networks, accounts and other things that those messages touch. These technologies and practices are applicable and effective in nearly every vertical, and in many cases, they’re becoming must-haves to ensure compliance with laws such as HIPAA and SEC regulations.

Encryption should be at the top of the list. It’s ironic: organizations typically back up their email servers because they recognize that the information they contain is so important to their operations, yet they frequently don’t go a step further to encrypt that valuable data.

Ideally that encryption should be applied end to end: when messages are in transit and when at rest on servers and devices such as desktops and laptops. Don’t overlook tablets and smartphones, which are the preferred, or sometimes only, devices that employees use for email. In fact, the proliferation of mobile devices in the workplace exponentially increases the need for technologies such as encryption. One reason is because unlike desktops, tablets and smartphones are portable and thus easily lost or stolen. On-device encryption secures the messages they store.

Organizations also should look for mobile device management (MDM) platforms that can remotely lock and erase lost and stolen phones and tablets, as well as enforce security policies. For example, when employees open an email attachment on their mobile device, that document often is then stored in RAM. An MDM platform could be used to enforce a policy that prevents email attachments from being stored on the smartphone or tablet so they can’t be accessed by someone who finds or steals the device.

By minimizing the chances that email and other systems will be breached, an MDM platform can save organizations a significant amount of money, such as legal fees, compensation for affected customers and marketing to restore a sullied brand (or even to maintain brand status quo). Industry- and country-specific regulations can further increase an MDM platform’s ROI when it’s used to enable compliance. Two examples are financial services firms and health care providers that use MDM platforms to securely archive messages such as trade orders and prescriptions.

No one wants someone else peering into their email. But without security, privacy cannot exist. By securing their email, organizations can provide the privacy that they and their employees want – and that hackers hate. Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from ITProPortal. SOURCE

While small businesses lack the big budgets of their enterprise counterparts, that doesn’t make security any less of an issue for SMBs. In fact, small and medium businesses are more and more often the target of cyber criminals precisely because they generally have fewer security measures in place. So to ensure your business has enough security to stay protected, here are a number of rules every SMB should follow to keep themselves secure.

Security rules for SMBs to follow

Recognize where your most critical data lies

Is it in the cloud? Hard drives? Backup disks? Mobile devices? Whether or not you have the budget and resources to adequately secure all of your data, the critical data that your business relies on must be sufficiently secure. If you’re unsure of what that is, ask yourself which data you would need to access within 24 hours of your business suffering a major disaster, in order to ensure your operations remained up and running. Once you’ve answered this question, talk with your IT managers to determine the security measures that need to be implemented to protect your most vital data.

Learn the basics

After you’ve bulletproofed your critical data, it’s time to arm your network with the basics. If you haven’t already done so, ensure that you have anti-malware protection on servers and endpoints, and firewalls for both wireless and wired access points.
If you have the budget, it’s worth seeking outside counsel from an IT expert fluent in today’s security best practices. They’ll ensure your business is protected from the latest cyber threats. However, if you don’t have the budget, then it’s time to take matters into your own hands. Read up on security trends, join technology networking groups, and ask your fellow business owners about their own IT security policies.

Cash a reality check

Bad things happen to nice people. Tornadoes, fires, thieves, and faulty technology couldn’t care less about how your business donates to local charities and supports your community’s youth sports clubs. What’s more, hundreds of small businesses across the country suffer severe data loss each year. Ignorance and turning a blind eye will not protect you, so make a wise decision and automate your data to be backed up daily. This allows your business to remain in operation if you’re hit by a security breach.

Dispose of old technology properly

Whether it’s a computer, server or tablet, any device that stores data on it must be properly disposed of when it conks out. Specifically, the hard disk must be destroyed completely. And remember, proper data disposal is not only limited to technology, as critical information is also revealed on paper files. So if you’re migrating the content of physical documents to the cloud, make sure to shred the paper versions too.

Mind your mobiles

The mobile age is here, and along with it come employees who may access your business’s critical information via their smartphones, tablets and other mobile devices. Recognize that many of these devices have different operating systems that require varying security measures. You and your IT manager should be aware of this, which leads to our last point…

Think policy

Have a policy for all your company’s devices. If you don’t inform your employees they shouldn’t access company information via their phones or tablets, then they’ll likely assume it’s okay to do so. But thinking policy doesn’t pertain only to mobiles. You should also determine acceptable online behavior for your employees, as well as how data should be shared and restricted. Put this in writing, and then have your employees read and sign it.
Of course, it’s not always wise to be overly restrictive. Rather the point is to have policies in place and make everyone in your organization aware of them because if you don’t each staff member will make up their own rules.

Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from TechAdvisory.org. SOURCE

The risks of using passwords – GC Infotech

We all use passwords to access and protect sensitive online data—whether it’s logging onto the network at work, shopping for goods on the web, or accessing personal email. Passwords are a basic function of the way we work, live, and socialize; yet as anyone who has had an account hacked can tell you, password protection is far from perfect.

With personal data playing an ever-larger role in the way we do business, current password functionality is in need of an overhaul. If you’re looking for a better way to secure your personal and professional data, here’s what you need to know.

The problem with hashing

In theory, passwords should work: if someone doesn’t know your password, they shouldn’t be able to log into a site or an account as you. Unfortunately, outdated storage methods and a lack of universal best practices have made it increasingly easy for hackers to get their hands on your passwords—and your data.

Each time you register a password with a website or service, that organization needs to store your password somewhere in order to authenticate your identity later. Some organizations store your password as plain text, which leaves you and your data extremely vulnerable if the sites’ password lists are accessed by unauthorized users or hackers. Security-minded sites take pains to create a protected version of your password known as a “hash,” dicing up your password into small pieces and rearranging the pieces so that they no longer resemble the original. In this case, when you re-enter your password, it goes through a hashing function where the result is compared to the stored hash for verification.

The thought behind password hashing is that if hackers manage to breach a website or online service, they won’t be able to steal users’ intact passwords. Instead, the hackers will be left with difficult-to-crack hashes that are either unusable or take a very long time to reverse engineer into passwords. However, with the rise of powerful, off-the-shelf components such as modern graphics cards and lists of pre-generated hashes for short passwords, hackers can easily reverse engineer passwords.

A modern high-end graphics card, for example, can easily perform more than 600 million SHA256 hash operations per second. A few of these relatively inexpensive cards arranged in an array can try every possible eight character password in about seven days. While that’s impressive enough already, attackers have far more advanced ways to crack hashes, and with the right tools they can crack hundreds of passwords per hour.

“Online sites are aware of these issues,” explains Jim Waldron, Senior Architect for Platform Security at HP, “and so some of them have increased the security by adding secret questions and answers like: ‘What is your mother’s maiden name?’ Unfortunately, much of this ‘private’ information can be legally purchased from online data aggregators.” In other words, even users’ private personal information is no barrier to a determined hacker.

The problem with best practices

To make the situation worse, once a hacker obtains a user’s password, they can use this information to try and access the rest of the user’s online accounts—such as their email or bank accounts. The reason for this is that most consumers—and businesses—skirt password best practices.
A secure password should adhere to three basic rules:

  • It should be long — at least 16 characters1
  • It should be complex — containing uppercase letters, lowercase letters, numbers, symbols, and spaces
  • It should be unique — i.e. you only use it once

You’re probably familiar with at least a few of these rules. Many password systems require users to create passwords of a certain length and complexity, but the resulting passwords are hard to remember and many users recycle the same password multiple times. In fact, 54% of consumers use five or fewer passwords across their entire online life, while 22% use three or fewer.2

So what’s next for passwords?

With all these issues, combined with an increasing number of high-profile online data breaches, the public is losing faith in passwords. Nearly 70% of consumers report lacking a high degree of confidence that their passwords can adequately protect their online accounts—and they’re calling on online organizations to add another layer of security to the process.2

“At a very high level,” says Waldron, “what we need are new, more secure methods for users to identify themselves to online services—methods that are also easy for users to perform.” While broad changes will take time and a large joint effort, there are some immediate actions businesses can take to improve their own authentication methods.

Passwords are still an important security feature, despite their many problems. Check the strength of your passwords—make sure they are long, complicated, and never repeat. You probably already have access to a Password Manager which can store your unique passwords for you. This is an efficient way to eliminate the headaches normally associated with remembering complicated passwords across multiple sites. You can also try to institute several layers of authentication at once—such as a fingerprint reader plus a password, or an iris scanner plus a smartcard reader. This is known as multi-factor authentication and is much more secure than any one method alone.

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means your focus can be on creating a successful company instead. Contact us today to learn more.

[1] CNET, The guide to password security (and why you should care)
[2] Telesign, Telesign Consumer Account Security Report

Published with permission from Hewlett Packard. SOURCE

Over the decades of the internet’s existence, cyber threats have evolved at a rapid pace. When once there were only viruses and malware to watch out for, now you have to protect your business from worms, trojans, ransomware and dozens of other online threats. But what’s the difference between all of them? Let’s take a look. Here are four of today’s most common cyber threats and the tips you need to protect your business from them.

Malware is the short version of the word malicious software. And this is a general term that encompasses many types of online threats including spyware, viruses, worms, trojans, adware, ransomware and more. Though you likely already know this, the purpose of malware is to specifically infect and harm your computer and potentially steal your information.

But how do the different types of malware differ from one another? How can you protect your business from them? Let’s take a look at four of the most common forms of malware below.

Virus

Like a virus that can infect a person, a computer virus is a contagious piece of code that infects software and then spreads from file to file on a system. When infected software or files are shared between computers, the virus then spreads to the new host.

The best way to protect yourself from viruses is with a reliable antivirus program that is kept updated. Additionally, you should be wary of any executable files you receive because viruses often come packaged in this form. For example, if you’re sent a video file, be aware that if the name includes an “exe” extension like .mov.exe, you’re almost certainly dealing with a virus.

Spyware

Just like a spy, a hacker uses spyware to track your internet activities and steal your information without you being aware of it. What kind of information is likely to be stolen by Spyware? Credit card numbers and passwords are two common targets.And if stealing your information isn’t bad enough, Spyware is also known to cause PC slowdown, especially when there is more than one program running on your system – which is usually the case with a system that’s infected.

A common mistake many people make is they assume their antivirus software automatically protects them from Spyware. This is not always true as some antivirus isn’t designed to catch spyware. If you’re unsure if your antivirus prevents Spyware, get verification from your vendor. And for those that are already suffering from Spyware infestation, two programs that work wonders to clean it out are Malwarebytes and SuperAntiSpyware. If you are still unsure what to do, reach out to one of our IT experts.

Worms

Similar to viruses, worms also replicate themselves and spread when they infect a computer. The difference, however, between a worm and a virus is that a worm doesn’t require the help of a human or host program to spread. Instead, they self-replicate and spread across networks without the guidance of a hacker or a file/program to latch onto.

In addition to a reliable antivirus software, to prevent worms from infecting your system you should ensure your firewall is activated and working properly.

Trojan

Like the trojan horse from ancient greek mythology, this type of malware is disguised as a safe program designed to fool users, so that they unwittingly install it on their own system, and later are sabotaged by it. Generally, the hacker uses a trojan to steal both financial and personal information. It can do this by creating a “backdoor” to your computer that allows the hacker to remotely control it.

Similar to the other malware mentioned above, antivirus software is a dependable way to protect yourself against trojans. For further safety, it’s wise to not open up suspicious attachments, and also ensure that your staff members aren’t downloading any programs or applications illegally at the office – as this is a favorite place hackers like to hide

Curious to learn about other common malware that can cause trouble for business owners? Want to upgrade your existing network security system? Give us a call today, we’re sure we can help.

Security-concept-Shield

Cyber Security Myths Small Businesses

We are teaming up with the leading internet security companies to help small businesses resolve to be better about their cyber security in 2015. Experts have repeatedly cautioned businesses of all sizes against the dangers of leaving data unprotected, leading to tightened security measures across the country. Professionals still are not sure they have done everything they can to protect their networks, since many business owners and department managers would never claim to be tech experts.

Small businesses are especially concerned about network safety. Industry publications and blogs are filled with warnings about cyber threats, leaving entrepreneurs unsure what to believe. In all of this, several myths have emerged. To help small businesses discern truth from fiction, here are a few of the most popular cyber security myths.

Our IT Provider Handles That

Many small businesses outsource IT, either to a cloud provider or a local company that handles tech support. Whether IT is handled by an in-house IT professional or one that is offsite, IT can only go so far in protecting your network. In truth, the biggest threat to an organization is its own employees, who engage in risky behaviors like unsafe web surfing, clicking on unsecure email links, and careless password behavior, among other activities.

The truth is, regardless of the resource you entrust with your IT security, the ultimate responsibility falls on your business’s leaders. If an incident occurs, your own staff will be forced to answer to your customers, as well as any regulatory authorities. While some providers accept a certain amount of liability, a business’s reputation can still be damaged.

My Business Flies Under the Radar

Hackers are increasingly targeting small businesses, seeing them as relatively easy targets. Big businesses take extreme precautions on their networks, making it almost impossible for malicious activity to get through. Realizing small businesses don’t have the resources to invest in heavy-duty security measures, hackers see those business types as prime targets.

It’s important to check your business’s IT security measures and ensure strong encryption is in place. If you’re using cloud service providers, carefully scrutinize each service’s security measures and ensure your data is safe.

Make sure you have good antivirus protection

Invest in a strong antivirus product, make sure the product stays up to date and schedule regular scans of your devices. These products provide critical protection to secure your PCs, Macs, smartphones and tablets against viruses, malware, spam and more. It’s crucial to take a look at all of the technology devices that make your small business run, and make sure you have cyber security protection for all. For instance, a recent survey of small business owners found that while nearly all have a cyber security system installed on their desktops (98 percent) and laptops (96 percent) only around two-thirds (65 percent) do so on their tablets, and a little over half (56 percent) on their smartphones.

To keep your business safe, you’ll need the latest standards in data encryption for every data transmission, as well as strict password requirements on your servers. Your devices should be encrypted, as well, to protect against theft and any mobile devices should have remote-wiping capabilities. For additional tips on how to resolve to be better about cyber security in 2015, reach out to GCInfotech to assess your current network security and any potential vulnerabilities.

Cyber attacks are a real concern for businesses today, but it’s important to be able to separate myth from reality. Education is key to protecting your business against an attack and keeping your business and customer data safe.

 

Most of us know we should make our passwords more difficult (sorry, folks, “1234” or “qwerty” just doesn’t cut it) and use an up-to-date version of antivirus software. But all too often, we opt for an easy life – use familiar passwords and put upgrades on the back burner. But security can be simpler than you think so here are a few not-so obvious tips that will make your online experience a whole lot safer. Here are three to keep in mind.

Embrace two-factor authentication

Also known as two-step verification, most of us have likely dealt with this at one time or another. When you’re logging onto your bank’s website or your email account from a different computer than you normally use, you’re sometimes prompted for a one-time password – sent to you via text message, email or via some other method.

Nowadays, many sites such as Facebook, Dropbox and Twitter also give you the option to use two-factor authentication each time you log in. So if you’re looking for an easy way to up your security, it can give you that extra protection without slowing you down too much.

Update browsers and devices

Did you know that dated versions of browsers, operating systems and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. And hackers are ever aware that people can be lazy – saving that update for another day that never seems to come. They’ll often try to take advantage of this, searching for outdated devices to infiltrate while their victims watch YouTube on last year’s version of Firefox.

Yes, installing an update might take 15 minutes of your time. But it can pay dividends in preventing a security breach that could cost you or your business thousands.

Use HTTPs

When was the last time you typed those letters into a browser? Probably not this decade. It’s no wonder most people are unaware of this tip. So for those who are oblivious, https is the secure version of http – hypertext transfer protocol. Believe it or not, that last “s” actually adds an extra layer of protection. It encrypts information sent, both ways, between a website’s server and you.

You’re probably thinking, adding that last “s” to http (or even typing in http in general) is a complete pain in the rear. So to make this easier you can actually install a program like “HTTPS Everywhere” that’ll automatically switch an http into an https for you. Currently “HTTPS Everywhere” is available for Firefox, Chrome and Opera.

Looking for more tips to boost your internet security? Get in touch to find out how we can help.

Published with permission from TechAdvisory.org. SOURCE

 

Privacy and security are major concerns for businesses developing a data protection strategy. Ensuring critical data is safely backed up, kept private, and readily available is essential to maintaining productivity and eliminating downtime caused by data-related interruptions or malfunctions. Implementing a data backup plan that meets your privacy and protection needs is a business priority.

Online backup services provide an ideal combination of protection and privacy. Most of them offer a variety of unrestrictive options that encourage businesses to scale plans to fit their specific security, storage space, and pricing needs.

Utilizing a trusted cloud service for data backup promotes heightened privacy and protection for your critical files in a number of ways:

  • Keeping data backups offsite ensures data is protected from physical harm such as theft or natural disasters like fires, floods, etc.
  • Having backups in the cloud allows for remote management and data is able to be restored to any location with internet access.
  • The redundancy used in the online backup process provides the assurance that there will always be a backup available, no matter what.
  • Data is always stored safely using a highly secure encryption process and many services also offer a private key for extra protection.

Some industries are governed by strict regulations and are required to follow specific guidelines for storing and backing up sensitive data. Most online backup services are able to work with individual businesses to ensure they are meeting compliance regulations and mandates. It’s important to do your research before signing up with any cloud service; make certain you know their privacy policies and security procedures. The success of your business can only be improved by taking the appropriate measures to fully safeguard your data. Whether your business is regulated or not, data security and privacy should be a priority in your online backup strategy.

Sources:
Maier, Fran. “Can There Ever Really Be Privacy in the Cloud?” Mashable. N.p., 19 Oct. 2011. Web. 06 Jan. 2014.
Spector, Lincoln. “Is Cloud-Based Backup Safe?” PCWorld. N.p., 22 Aug. 2011. Web. 06 Jan. 2014.