Posts

Breaking Bad Habits

4 Ways Your Employees Are Putting Your Business At Risk Of Cyber-Attack

A couple years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

Your employees are instrumental when it comes to protecting your business from cyberthreats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might be endangering your business and themselves — and what you can do about it.

1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

2. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like 1Password and LastPass that make it easy to create new passwords and manage them across all apps and accounts.

3. They’re Not Using Secure Connections. This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.

4. They’re Not Aware Of Current Threats. How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses around the world – and hackers are relentless. They will use your own employees against you, if given the chance.

Your best move is to get your team trained up and educated about current threats facing your business. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and to avoid everything we’ve talked about in this article. Education is a powerful tool and, when used right, it can protect your business and your employees.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

A record number of businesses said goodbye to the traditional in-office work model in 2020. They embraced the remote work model as they adapted to the new COVID-19 reality. This switch to remote work was a huge shift that came with many challenges, and some of those challenges are still felt today.

One of those challenges was – and is – cyber security. Businesses wanted to get their remote workforce up and running, but there were a lot of questions about how they would keep their newly remote employees secure.

So, how can you enable remote work while keeping your business and your employees secure? How do you keep cybercriminals out? The answer is multifaceted. There is no one-size-fits-all approach to cyber security — that would make things much easier! But there are several steps you can take to help your remote team stay productive while keeping the cybercriminals out. Here are three things you need to do:

  1. Skip the public WiFi. This is Cyber Security 101. Never use unsecured, public WiFi, especially when working. For remote employees who have the option to work from anywhere, using public WiFi is tempting. It’s easy to access, but it comes with huge risks, including the potential to expose your device to intruders.Thankfully, there are plenty of options to help keep employees connected without having to worry about snoops. The most popular is the VPN, or virtual private network. VPNs allow remote workers to securely access the Internet, even through public WiFi. VPNs are ideal for remote workers who need to routinely access your network.Another option is the personal hotspot. This is a portable WiFi access point, usually paired with data service through a telecom like Verizon, AT&T or T-Mobile. these devices give remote workers flexibility to work anywhere they can get high-speed data service. Because the remote worker is the only person on the hotspot (and should be the only person), there is less worry about hackers snooping for your data.
  2. Have a strong device policy. When it comes to cost-cutting, it can be appealing to let employees use their own devices while working remotely. Avoid this, if possible. The bring-your-own-device (BYOD) approach has its benefits, including keeping costs down. We need to keep in mind the security costs could be massive, especially if an employee gets hacked or misplaces crucial data. In short, BYOD can get complicated fast, especially for businesses unfamiliar with the BYOD approach.That said, many businesses work with an IT services company to create a list of approved devices (laptops, tablets, smartphones) that employees can use. Then those devices are loaded up with malware protection, a VPN, and other security solutions. So, while employees may be using a variety of devices, they all have the same security and other necessary software in order to perform their duties.The best device policy, however, is to provide employees with work devices. This ensures that everyone is using the same hardware and software, and this makes it much easier to keep everyone up-to-date and secure. It takes a little more effort logistically, and it has a higher up-front cost, but when it comes to keeping your business secure, it’s worth it.
  3. Don’t forget about physical security. While businesses are focusing on digital security right now, they’re not putting a similar focus on physical security. They may have a team of people working remotely spread across different neighborhoods, towns, states or countries. This mobility comes with the risk of device theft or loss.
    If employees will be carrying their work devices with them, those devices should be kept nearby at all times. That means never leaving work devices in vehicles or unattended at a café or airport (or any location). Never leave a device where it has the potential to be taken.It’s important to remind employees to not only keep their doors locked, but also keep work devices out of sight. You wouldn’t want to set up a home office in a room facing the street outside while leaving the windows open and the door unlocked. Just as cybercriminals are looking for ways to break into your network, criminals are looking for opportunities to take high-value items.

The way we work is changing, so we must be prepared for whatever happens next. Implementing these three steps will give you a starting point, but they aren’t the end point. Work with an experienced MSP to get the most out of your remote work approach. Businesses may not return to an in-office model, so the more steps we take to secure our businesses and our remote teams, the better off we’ll all be.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Data breaches are serious problems with business-crippling results. Some organizations are unaware of the multiple ways cybercriminals can attack and are often unprepared to combat the issues that arise when such activities occur. Others let fear of attack control their response and deploy common solutions that they presume will protect them but may later find themselves compromised because of gaps in their data protection approach.

Cybercriminals thrive on both of these scenarios–using lack of preparation or overconfidence in what was deployed to their advantage.

In this eWEEK Data Points article, Index Engines Vice-President Jim McGann offers valuable industry information about how to thwart the possibility of succumbing to a ransomware attack. Enterprises should implement the following five defensive strategies:

Data Point No. 1: Deploy a real-time malware detector.

Cybercriminals are looking for the path of least resistance when attempting to break into data centers. Whether it is a remittance of old attacks hoping to find an unsecure target or one of the many new threats created each day hoping to infiltrate a system before they’ve been identified, having one of the commercially available anti-malware software protection solutions deployed is an important first line of defense. Ensure that the software is scheduled for frequent system scans, and that updates and patches are installed automatically to minimize protection gaps.

Data Point No. 2: Deploy a backup solution that supports full-content analysis of your data.

Many backup products on the market today have some level of analytics functionality to determine whether any particular data has been corrupted. However, many of these solutions are metadata-only based, only looking at basic information about a file or database. Others use metadata analytics on the first pass and then follow up on suspicious results with content-based analytics. But this approach is flawed and can miss more sophisticated attack vectors, providing a false sense of confidence. A comprehensive content-based analytic scan deployed from the start validates the data’s integrity and delivers the high level of confidence that advanced or hidden attacks are found and neutralized.   

Data Point No. 3: Use forensic analysis that includes machine learning.

Because of the efforts of real-time malware detection providers and content-based analytic backup solutions, most cybercriminals have to consistently change approaches in their efforts to infect and attack business operations. What was once a bunch of loosely affiliated opportunists have turned into well-funded and organized syndicates using advanced technologies to re-engineer their attacks. Forensic analysis software that employs machine learning and artificial intelligence as part of its learning can detect patterns and anticipate changes that human-based intervention cannot. The cybercriminals are using ML to their advantage; so should you!

Data Point No. 4: Don’t pay a ransom.

Because of the swiftness and scale of these cybercriminal activities, it is possible that they may still find a way into your computing and storage infrastructure. Human error, falling for phishing schemes or intentional damage from a disgruntled employee can be the gaps that data thieves need to penetrate organizations that have deployed the proper security defenses. As overwhelming as it may be to find out that your data has been compromised and/or encrypted, don’t play into the hackers’ hands by paying a ransom for a return of your business-critical information. It is possible that you may still not recover your data even after paying. The security exploit that was leveraged may still be intact and cybercriminals may re-target your systems. Criminals may see you as an easy mark for having paid the ransom and have reason to come at you again, knowing that you’re willing to pay to get back up and running.

Data Point No. 5: Focus on best practices for cyber-recovery.

Not paying a ransom does not mean that you cannot get your systems back and operational. Nor does it mean that there has to be an excruciatingly long recovery period. The right protection software can turn a ransomware attack into just another disaster-recovery scenario. It can find the most recent clean backup prior to an attack and help recover any lost or infected data. In addition, the right cyber-recovery tool can launch a post-attack forensic discovery to find the breach and the malware that executed the attack in order to guide the post-attack recovery process and protect against future intrusions.

“Cybercriminals will strike any organization, no matter how big or small, if they feel like there is a good chance of collecting a ransom,” McGann said. “Taking steps to fortify your defenses and ensure fast, efficient recovery in case you do fall victim is paramount for protecting against ransomware in the first place. Criminals want the easy score. Deploying a solution like CyberSense that serves as a safety net against ransomware makes working for a win not worth the time and effort.”

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from eweek.com  SOURCE

Cybercriminals are always looking for new ways to steal data and make a buck at the expense of someone they’ve never met. They don’t care if they ruin someone’s life or destroy a business in the process. This is why it’s so important to stay up-to-date with the latest technology.

Cyber security threats are constantly evolving. If you let your software or hardware – or both – fall behind the times, then you put your business at serious risk. Five years ago, your malware protection might have been the best on the market. If you haven’t updated since then, you need to change that. Here’s what you can do right now to protect everything you’ve worked so hard to achieve.

Stay updated. After a while, developers and manufacturers stop supporting their old hardware and software. Many of them simply don’t have the resources to keep updating older products. They need to make sure their current products are supported and secure. After five years, they may stop sending out security patches for their software. Or they might not offer help-desk support for a seven-year-old router.

If you run into this situation, you may need to invest in new equipment or software. It can be a tough pill to swallow, but it doesn’t compare to the cost of dealing with a hack or data loss. Data loss can be devastating for a business. Some never recover and have to close their doors because the cost is so high – and customers don’t want to give their money to a business that isn’t going to keep their data secure.

At the same time, you need to update your existing equipment and software. Make sure everything has the latest security patches. Most hardware and software come with an option for automatic updates. If you’re concerned that you’ll miss an update, then keep this option on. It is a good idea, however, to check everything periodically to make sure the updates are being applied, just in case.

Say yes to proactive monitoring. Proactive network monitoring can be your best friend in the fight against cyber-attacks. Many IT security firms now offer proactive services. Basically, they watch your network 24/7. If a threat is found, they can stop it before it does any damage. They act immediately to stop those threats.

You can sign up for real-time reports or just get updates once a week to stay informed so you know what’s going on with your network. Proactive monitoring can also make sure your systems are up-to-date (coming back to our first point). If they detect a vulnerability, then they can work to patch it. This means you have so much less to worry about so you can focus on what really matters: growing your business and taking care of customers!

Back up everything. If you don’t have data backups for your business, it’s time to change that. Setting up a data backup system – whether it’s local or cloud-based – can sound like a lot of work. You might have a ton of data, especially if you’ve been in operation for long. But not having a backup system can tear your business apart.

If a piece of hardware fails or a hacker gets into your data, you may have to dig deep into your pocket to recover it or you may just lose it all. There are a lot of scenarios where data can be lost.

Investing in a backup system, like a secure cloud backup, solves this. You can set up a secure system that backs up data daily (or nightly), weekly or whenever you need it. It’s good to keep backups off-site just in case anything happens on-site (electrical surges, flood, fire, theft, etc.). If data is lost or your network falls victim to ransomware, then you can restore your data and continue operations!

These tips can seem like a lot, but when you partner with a dedicated IT services company, you can overcome a lot of hurdles. Working with IT specialists is how to keep your business safe in a world where cybercriminals are actively trying to break in. You want someone with the expertise to secure your network watching over your shoulders.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE