Posts

Showing posts from 2018

IT Defense in Depth Part II

Image
Defense in Depth Part IIIn our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are "assuming their employees know internal security policies: and "assuming their employees care enough to follow policy". Here are some ways Hackers exploit human foibles: Guessing or brute-force solving passwordsTricking employees to open compromised emails or visit compromised websitesTricking employees to divulge sensitive information For the human layer, you need to:Enforce mandatory password changes every 30 to 60 days, or after you lose an employeeTrain your employees on best practices every 6 monthsProvide incentives for securi…

IT Defense In Depth Part I

Image
In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can't map every possible avenue for attack. What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software. Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net. Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For exampl…

Data Security: A People Problem

Image
Phishing Scams – A People ProblemThere are some things that only people can fix. There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool. That is the phishing scam. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage. The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems. What's the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own "fake" p…

What is Ransomware and How Can it Affect Your Business?

Image
This cyberattack scheme hasn't garnered nearly as much attention as the usual "break-in-and-steal-data-to-sell-on-the-Internet version," but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in few cases they even have mini­call centers to handle your payments and questions. So what is ransomware? Ransomware stops you from using your PC, files or programs. The business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything. Interestingly, one of the more common "market segments" being targeted in the US has…

Data Breaches are a Question of When, Not If

Image
You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013 If  you're a small business, then you're a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks. Today's concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous. Your response determines whether…

Penetration Testing vs. Vulnerability Testing Your Business Network

Image
Hearing “all of your confidential information is extremely vulnerable, we know this because...” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.“All of your confidential information is extremely vulnerable... we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”

“All of your confidential information is extremely vulnerable...we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the…

Benefits of Using VoIP Technology

Image
Benefits of Using VoIP Technology More and more businesses are implementing Voice over Internet Protocol or VoIP technology because of its versatility, flexibility and cost effectiveness. With new developments in this technology, the scope of its applications is widening. It is becoming more than just voice communications technology. That is why businesses of all sizes are migrating at an increasing rate. Here is a short list of some of the benefits. Versatility/Flexibility: There are many VoIP service companies that have been working feverishly to enhance the use of this technology. They are bundling up other communication applications into a single unified communication platform to increase the efficiency for businesses. This means all modes of communication such as voice, fax, video, web conferencing and emails can be utilized, using a single software application. The ability of this application to convert voice into an email or fax into an email can bring a tremendous amount of effi…

BYOD: Why is This Concept So Attractive to Employees?

Image
BYOD: Why is This Concept So Attractive to Employees? Bring Your Own Device, or BYOD, to work was an idea a few years ago that is becoming a reality very fast. To use your personal smartphone, tablet or laptop for work seems increasingly natural. Employees are embracing this concept without any serious reservations. As more and more business activity becomes technology driven, to have electronic gadgets right by your side all the time make sense. According to a survey conducted by Logicalis about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets bring their own devices to work. Let's examine all the factors causing people to want to use their own devices at work. Familiarity: This may be the most relevant reason for someone to bring their own tablet or laptop to work. It may be the operating system, web browser, or other apps on their devices that they know so well and feel comfortable using.Convenience: Companies have been providing their…

VoIP: A New Dimension in Communication for SMBs

Image
VoIP: A New Dimension in Communication for SMBs Voice over Internet Protocol or VoIP is about a decade old technology that is gaining popularity among individual subscribers and businesses. In conventional systems, phone calls are made using telephones or handsets that are connected by phone cables. These calls are routed using the Public Switched Telephone Network (PSTN,) carrying a signal from one telephone to the other. But instead of connecting telephones to the phone cables through phone jacks in the walls, VoIP uses the internet where phones can be connected to broadband devices, adapters or PCs using broadband. With this system, voice is converted into a digital signal and carried over the Internet. Let's take a look at all the options that are available to make calls using VoIP. Make Calls from a PC: Using this platform a call can be placed from your PC. Your computer is connected to the Internet via broadband. A specially designed software app allows you to place and receiv…

SMBs: It is Hackers v. You - Don't Let Them Score

Image
SMBs: It is Hackers v. You - Don't Let Them Score Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client's personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver's license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare. Here are the channels hackers can us…

Business Disaster: What Threatens Small Businesses the Most?

Image
Business Disaster: What Threatens Small Businesses the Most? There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing…

Data Protection and Bring Your Own Device to Work

Image
Data Protection and Bring Your Own Device to Work BYOD refers to a firm's policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks? Here are some of the issues raised by BYOD A lost device - If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee's personal devices, do you still have that ability. If not, your data is at risk.Software updates - Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?Back ups - with data being entered on many different devices, something must…

Everyday Human Error Can Affect Data Protection

Image
Everyday Human Error Can Affect Data Protection Are you under the impression that data loss is all about putting up firewalls to protect against evil cyber attacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness. What are some of the unglamorous things that we do every day that leave us vulnerable? Passwords Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices. Emails Another significant problem caused by bad judgement is the tendency of people to open phishing scams. Most everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along everyday and people fall for them. This is such a serious source of virus infection that some companies now deliberat…

Disaster Recovery Plans: Do You Have One?

Image
Disaster Recovery Plans: Do You Have One? Disaster recovery and business continuity plans are issues that almost all small businesses fail to think about. More frequently, they decide they haven't the resources to address such "unthinkables." If your business was down for 1-2 days or more, what costs would you incur? Lost revenues and lost productivity. These are obvious. You won't make the money that you would have if you remained open. This is especially true if you provide a service. Services are inherently tied to time, and time cannot be re-created. Sure, you can work extra hours next week, but it won't be a service provided at the time it was expected. However, even if you provide a product that can be purchased next week instead of today, a customer didn't get it when they most wanted or needed it.

There are other far more serious consequences of business downtime than just unsold goods and services. There are the intangibles that can't be so easil…

Why Small Businesses Shouldn't Avoid Making Disaster Recovery Plans.

Image
Why Small Businesses Shouldn't Avoid Making Disaster Recovery Plans. Entrepreneurs and small businesses, especially ones that are fairly new, often don't think about making plans to recover in case of a disaster. However, it is the smallest business that most likely has the fewest resources to fall back on in case of disaster. Why does this happen? It isn't on an entrepreneur's radar - The challenge and hurdles of starting out are what drive small business owners. The excitement that comes with getting a new client or releasing a new product are what motivates them. To be honest, things like disaster recovery plans are a little dull and aren't part of the exciting day-to-day hustle of running a company. As a result, these issues get put on the back burner.Planning tools can seem too complex - Ideas like "risk assessment" and "business impact analysis" can be intimidating. Many SMBs may just feel the whole area is overwhelming and leave it to anothe…

Outsourcing? Really. Its OK: How it can save time and money

Image
Outsourcing? Really. Its OK: How it can save time and money Almost by definition, small business owners and entrepreneurs cringe at the concept of outsourcing. Those who start their own companies like the control and autonomy it provides them. Unfortunately, that preference for control and autonomy may have some bad side-effects when it comes to IT. Small business don't have the resources to fully support all of their IT infrastructure needs. The present in-house staff is most likely very busy putting out day-to-day fires. One statistic suggests 65% of IT budgets go to nothing more than keeping the lights on. In short, staff is busy making sure the printer works or reloading a PC infected by a virus after an employee fell for a phishing email. This means that small firm's expenditures on IT are not improving operational, efficiency, or enhancing productivity or competitiveness. There is an alternative. Managed Service Providers are outside consultants you can bring in to handle t…