This Is The #1 Security Threat To Your Business … And It WILL Happen To You

Would you leave the front door of your business wide open every night? Of course, you wouldn’t. When nobody’s at the office, you’ve got to protect your assets, usually behind locked doors, a complex security system and often even a network of CCTV cameras. There are procedures in place in case a thief ever wriggles their way into your facilities. And you’ve got insurance if the worst ever happens.

But what about your digital assets? According to a report from Kroll, digital theft of small businesses overtook physical theft in 2017, for the first time ever. As surprising as it may seem, today your business is more likely to be penetrated by hackers than for a disgruntled ex-employee to boost a few PCs in the dead of night.

Despite this, data shows that the vast majority of small businesses are seriously underprepared for cyber-attacks. The 2018 Verizon Data Breach Investigations Report states that a full 58% of malware strikes were on small businesses over the last 12 months, a number that continues to climb. The average cost of these attacks has climbed in turn, now exceeding $1 million between efforts to recover data and restore daily business operations. Yet, according to a 2016 survey by the National Center for the Middle Market, less than half of midsize US businesses have an up-to-date strategy to address cyber security concerns and almost a third have no plan at all.

In effect, business owners are leaving their digital front doors unlocked, complete with a neon sign saying “Rob me!” flickering above. While it’s easy to assume you’re safe from the kinds of large-scale digital breaches you read about in the news every week, that false sense of security will eventually come back to haunt you. With more than half of small businesses targeted for digital attacks every year, it’s practically inevitable that you’ll end up in the crosshairs of cybercriminals. Without the proper security measures in place, that $1 million bill is going to hit your desk one day, and it may even shutter your business for good.

Luckily, with even a modicum of proper, proactive stewardship of your digital assets, you can turn that open door into a bank vault in no time. First, start with your employees. A full 51% of data breaches occur due to the negligence of hapless team members, according to CompTIA. Establish comprehensive security policies, lay them down in crystal-clear print and have your employees sign off on them. Build a thorough education program to school your employees on the risks and signs of digital crime. Topics should range from “How to spot a phishing e-mail” to the proper construction of company passwords.

While your employees are learning the ins and outs of basic cyber security, invest in multilayered protections for your network. This must go beyond a simple, free antivirus, and should include platforms to keep all your patches up-to-date, security measures seamlessly integrated with company e-mail and, preferably, the watchful eye of a managed services provider. If you’re not a professional, it’s easy to miss security holes that would be glaring to criminals, even if you do your research. Better to get the experts involved and keep them patching those holes as they arise rather than risk missing something that flips your company belly-up down the road.

Thousands upon thousands of other small-business owners are leaving their digital door wide open day in, day out. As a result, cybercriminals have begun to consider companies like yours to be easy pickings, vulnerable fruit ripe for harvest. Don’t be one of the millions of businesses that succumb to cyber-attacks every year. Invest in adequate protection and give yourself the peace of mind you need to focus on what you do best: making money.

Posted in eTechTip - PC | Tagged | Leave a comment

Security Alert! Hackers And Cybercriminals Are Targeting YOUR Business Right Now … Is Your Cyber Security Protection Up-To-Date?

Many small-business owners are blind to the risks of the modern age. They don’t read reports like Verizon’s 2018 Data Breach Investigations Report, which states that more than half of all malware infections hit small businesses last year. They don’t realize that this staggeringly high number is only going to continue to climb over the coming decade. They aren’t aware of the statistics in Kroll’s 2017 report revealing that, as of last year, cybercrime has overtaken physical theft as the #1 illicit threat to businesses of all sizes. Many of them are unaware that digital breaches are even a serious risk for small businesses, assuming that the high-profile breaches of Fortune 500 companies they read about in the news each month are the only kind that ever happen. Few of them know that the cost of these attacks on small businesses typically surge far past $1 million, reaching into the stratosphere as business downtime ticks on and on.

According to a 2016 survey conducted by the National Center for the Middle Market, these business owners aren’t reading the writing on the wall. They’re the reason why less than half of midsize businesses have an up-to-date strategy to protect them from cyber-attacks. A few of them – about a third – don’t have any strategy in place at all.

But whether they have the most powerful cyber security in the world or are one of the millions of small-business owners who simply assume they’re safe, the cybercriminals are coming for them. The difference lies in whether these attacks will bounce off the robust barriers the company has put in place or destroy the company from the inside out. Which group do you belong to? The hapless team that can’t imagine they’ll ever be attacked and go under within just a few years? Or the visionaries who can see where the trends are going and put protections in place to secure their futures for the long haul? Hopefully, you count yourself among the second cohort and are doing everything you can to beef up your security long before disaster strikes. Whatever measures you’re putting in place, start with your employees. More than half of all cyber-attacks are caused by the negligence of low-level team members. You may assume that everybody can tell what a phishing e-mail looks like, but you’d be wrong. School your employees on the necessity and basics of Internet safety, and you’ll be a big step ahead of most of your competition.

Of course, even if your employees are the savviest in the world, it won’t matter if you don’t have the proper barriers in place. Skip the bargain-bin antivirus and put your money into solutions that will actually stop the bad guys. It’s not a one-and-done approach; you need a multilayered strategy that closes the gaps as they appear. A little research here can go a long way, but honestly, the best way by far to protect your livelihood is to get a managed services provider on board. They’ll proactively check nearly every aspect of your network to ensure that nothing is ever amiss. When old, outdated systems are supplanted by more powerful alternatives, they’ll upgrade them. You can get rid of that nagging anxiety in the back of your mind constantly reminding you that there might be a loophole somewhere in your security.

There are two types of business owners in the world: those in the know and those stuck in the past. The second group are the heads of those companies you read about collapsing beneath the weight of cyber-attacks, while the first are the successful businesses that seem like they can weather just about anything. Which one are you?

Posted in eTechTip - AP | Tagged | Leave a comment

Could You Afford This $2.6 Million Mistake?

Two thousand and eighteen is the year of ransomware. According to the 2018 Verizon Data Breach Investigations Report, while malware and hacking breaches have been on a slight decline for the last year, the use of ransomware has skyrocketed. Criminals attracted to ease of use, minimal risk, and high hit rate associated with ransomware have flocked to the strategy in droves, costing small businesses across America millions of dollars in the process. About $301 million to be exact, as stated in Datto’s 2017 State of the Channel Ransomware Report.

But, of course, businesses aren’t the only organizations that have been hit by the ransomware epidemic. Just ask the city of Atlanta, whose systems were frozen by ransomware in late March of this year, locked behind a $50,000 Bitcoin deposit. One interesting component of the case is that, regardless of whether or not the city was actually prepared to pay the ransom, it seems they didn’t even have the opportunity. Hackers took down the payment portal not long after the breach, leaving Atlanta officials swinging in the wind. As officials scrambled to restore basic functions of city programs, it only took two weeks to amass a staggering $2.6 million bill — a figure that officials expect to climb another $9.5 million over the coming year.

Even if you’re not one of the 10 biggest cities in the United States, cybercriminals cast a wide net — most of the time, it’s more profitable to target dozens of virtually unprotected, smaller organizations than to draw the ire of big fish like the US government. If you were a small-time criminal, would you rather break into 10 high-end, unlocked homes abandoned by vacationing tenants, or pull a single, endlessly complicated Ocean’s Eleven-style heist? Attackers generally follow the path of least resistance. Your business is just that.

So, what do you do in response? Toughen up your barriers, tighten up your processes and enlist your entire staff in the battle against ransomware.

Ransomware attackers don’t steal your data, they just lock you out of it. So the best way to make your organization totally ransomware-proof is to make sure a ransomware breach won’t actually affect your day-to-day operations. That means regular backups, and lots of them, scattered throughout your primary network in places that won’t be compromised by the spreading malware. When ransomware hits, all you need to do is hunt down the source, delete it, and roll the entire system back.

The vast majority of ransomware attacks happen through phishing e-mails, which means employees are usually the ones to open the gates that let the malware in. Luckily, it’s easy to train your team to stay vigilant for the signs of digital scams and put procedures in place that will prevent them from ever clicking that shady link.

Of course, the best way to keep ransomware at bay is by putting a skilled team on the case. Unlike an isolated IT employee, a managed services provider has the combined know-how, time, and resources to proactively manage your network security, implementing systems that will make it all but impossible for ransomware to penetrate your data. To truly seal up all the holes in your digital security, it takes a complex, comprehensive strategy. Bring in the experts and ensure your business doesn’t become another statistic in the age of digital crime.

Posted in eTechTip - AP | Leave a comment

How To Make Sure You Never Fall Victim To Ransomware

Late last March, the infrastructure of Atlanta was brought to its knees. More than a third of 424 programs used nearly every day by city officials of all types, including everyone from police officers to trash collectors to water management employees, were knocked out of commission. What’s worse, close to 30% of these programs were considered “mission critical,” according to Atlanta’s Information Management head, Daphne Rackley.

The culprit wasn’t some horrific natural disaster or mechanical collapse; it was a small package of code called SAMSAM, a virus that managed to penetrate the networks of a $371 billion city economy and wreak havoc on its systems. After the malicious software wormed its way into the network, locking hundreds of city employees out of their computers, hackers demanded a $50,000 Bitcoin ransom to release their grip on the data. While officials remain quiet about the entry point of SAMSAM or their response to the ransom, within two weeks of the attack, total recovery costs already exceeded $2.6 million, and Rackley estimates they’ll climb at least another $9.5 million over the coming year.

It’s a disturbing cautionary tale not only for other city governments, but for organizations of all sizes with assets to protect. Atlanta wasn’t the only entity to buckle under the siege of SAMSAM. According to a report from security software firm Sophos, SAMSAM has snatched almost $6 million since 2015, casting a wide net over more than 233 victims of all types. And, of course, SAMSAM is far from the only ransomware that can bring calamity to an organization.

If you’re a business owner, these numbers should serve as a wake-up call. It’s very simple: in 2018, lax, underfunded cyber security will not cut it. When hackers are ganging up on city governments like villains in an action movie, that’s your cue to batten down the hatches and protect your livelihood.

The question is, how? When ransomware is so abundant and pernicious, what’s the best way to keep it from swallowing your organization whole?

1. BACK UP YOUR STUFF
If you’ve ever talked to anyone with even the slightest bit of IT knowledge, you’ve probably heard how vital it is that you regularly back up everything in your system, but it’s true. If you don’t have a real-time or file-sync backup strategy, one that will actually allow you to roll back everything in your network to before the infection happened, then once ransomware hits and encrypts your files, you’re basically sunk. Preferably, you’ll maintain several different copies of backup files in multiple locations, on different media that malware can’t spread to
from your primary network. Then, if it breaches your defenses, you can pinpoint the malware, delete it, then restore your network to a pre-virus state, drastically minimizing the damage and totally circumventing paying out a hefty ransom.

2. GET EDUCATED
We’ve written before that the biggest security flaw to your business isn’t that free, outdated antivirus you’ve installed, but the hapless employees who sit down at their workstations each day. Ransomware can take on some extremely tricky forms to hoodwink its way into your network, but if your team can easily recognize social engineering strategies, shady clickbait links and the dangers of unvetted attachments, it will be much, much more difficult for ransomware to find a foothold. These are by far the most common ways that malware finds it way in.

3. LOCK IT DOWN
By whitelisting applications, keeping everything updated with the latest patches and restricting administrative privileges for most users, you can drastically reduce the risk and impact of ransomware. But it’s difficult to do this without an entire team on the case day by day. That’s where a managed services provider becomes essential, proactively managing your network to plug up any security holes long before hackers can sniff them out. The bad news is that ransomware is everywhere. The good news is that with a few fairly simple steps, you can secure your business against the large majority of threats.

Posted in eTechTip - PC | Tagged | Leave a comment

3 Questions Your IT Services Company Should Be Able To Say “Yes” To

At a time when businesses are more dependent on information technology than at any point in history, IT services providers need to rise to the occasion. The worst thing for your business to discover down the line is that your IT company isn’t actually as well-equipped to serve your business as they claim to be – or, even worse, that they aren’t actually fully invested in the success of your business.

Every business owner knows that finding a reputable IT services partner to steer the digital architecture of your organization in the right direction is a difficult, laborious process. Not all IT companies are created equal. If you don’t do your research, you could end up paying for more security and service than you’re actually getting.

But it doesn’t have to be so complicated. The best way to determine whether an IT company is a good fit for your organization is to ask them direct, well-thought-out questions. Here are three queries any IT services company you have in your corner should be able to say “yes” to. If they can’t, you shouldn’t be working with them at all.

1. Will you proactively manage my business’s network?

There are two types of IT companies. The first is the type you call up when there’s an outage in your network, your server finally gives up the ghost or your e-mails aren’t sending for some reason. They show up at your business, charge by the hour, (hopefully) fix the issue and leave. This is, understandably, an attractive option for many small businesses with tight budgets. Why pay to fix something if it doesn’t appear to be broken?

The problem with this line of thinking is the fact that, without a dedicated team of professionals working on your network every day, things get missed. No one’s really taking charge of driving the technology of your company into the future; no one is looking to optimize your processes and give your team the tools they need to do their best work. Security becomes a low priority because it’s assumed that everything is fine – until it suddenly isn’t.

Any managed services provider worth their salt won’t wait for your system to fail before they take action. Instead, they’ll proactively work to keep your network running at its highest level – security, optimization and everything else. When you crunch the numbers and really break down the cost of an outage or digital crisis, it’s easy to see how this approach will help you in the long run.

2. In the event of an issue, can you give me a guaranteed response time?

When you and your team are in the trenches, putting stress on the network while you go about your operations, the last thing you need is a long outage. These blips in service bring productivity to its knees, frustrating your customers and costing thousands of dollars. So you need someone on your side that can give you a definite time frame of when they’ll be on the scene in the event of a crisis. If an IT company dodges the question when you ask them for this, run for the hills – they’re not a company you want on your team.

3. Do you have extensive knowledge of the best practices for my industry?

Even if an MSP is solid and experienced, that doesn’t mean they’re experienced in your particular line of business. You need someone who’s worked with organizations like yours for years, with tried-and-tested methods for addressing industry-specific concerns and streamlining workflows. If your MSP can’t answer this question with a definitive “yes” and provide examples and insight into how they stay abreast of your field, keep shopping for an organization that can.

Posted in eTechTip - AP | Tagged | Leave a comment

4 Questions You Should Ask Any IT “Expert” Before Letting Them Touch Your Network

As businesses have become ever more dependent on technology, IT services providers have been popping up left and right. They’ve all got different strengths, capabilities and price points to consider. Some charge you by the hour and, while available to address any concerns you may have, they are pretty hands-off. Others are working on your network around the clock but charge more in turn. Many may boast an impressive record when working with a broad range of companies, but lack the experience necessary to understand the ins and outs of your specific industry. Some cost way too much month-to-month, while others try the “bargain bin” approach, but as a result, can’t afford to field the staff needed to respond to issues in a timely fashion.

There’s certainly a lot to consider when looking for an IT services provider for your business. And if you’re not particularly knowledgeable about information technology yourself, it can sometimes feel like you’re going into the process blind.

To suss out whether an IT company will mesh with your business’s workflow and industry specific requirements, it’s important to vet them thoroughly. The key is to ask the right questions. Here are four that will allow you to zero in on any IT company’s priorities and strengths, and help you determine whether they’re a good fit for your organization.

1. DO YOU TAKE A PROACTIVE OR ‘BREAK-FIX’ APPROACH TO IT?

When your car breaks down, you take it to the shop and you get it fixed. The mechanic charges you for the work done and for the parts, and then sends you on your way. Many business owners consider their computer network to be the same kind of deal. Why not just wait until an outage happens and then call up somebody who charges by the hour to fix it? That way, they imagine, they won’t be paying for “extra” services they think they don’t need.

But unfortunately, unlike your car, when your network is out, you’re losing dollars every single minute. The cost of a network outage is difficult to overstate – not only will it bring your business to its knees while it’s out, but it’ll frustrate customers and employees and result in a cascading set of problems.

Instead of a “break-fix” technician on hand, you need a managed IT services provider. These experts work directly with your company to optimize your network and its security at every turn, and are available nearly any time to address your concerns. And they’re genuinely invested in providing the best service possible, since it’s in their best interest as well.

2. WHAT IS YOUR GUARANTEED RESPONSE TIME?

We’ve all needed something fixed before and had to wait for hours, days or even weeks before anyone bothered to come by and solve the problem. Don’t let that happen to your business. If a company can’t guarantee a response time, it’s probably not a company you want to be working with.

3. WHAT WILL COST ME EXTRA?

This question is particularly important if you’re looking at a managed services provider (which you should be). The last thing you need is for a crisis to strike, only to discover you need to shell out a bunch of surcharges to get your network back up and running. Make sure the costs and services included are crystal clear before you sign anything.

4. HOW MUCH EXPERIENCE DO YOU HAVE?

As scrappy as the “new kid on the block” may be, you don’t want them in charge of one of the most important aspects of your business. Make sure any IT professionals you do business with have extensive experience not only in IT, but in your particular industry as well. That way they’ll know exactly what to do to optimize processes and keep your data under lock and key.

Posted in eTechTip - PC | Tagged | Leave a comment

Employees Keeping Your Data Safe? Don’t Count On It

One morning late last year, an unemployed man was making his way across London, heading to the library to continue his job search. But on the way, he encountered something peculiar: a USB stick, peeking out among the fallen leaves and shining in the morning sun. Not thinking much of it – and perhaps afflicted with a morbid curiosity – he popped the device into his pocket and continued on his way. Once he made it to the library, he connected the USB to a computer to check out its contents. As he clicked around, he realized with a shock that this was a treasure trove of security information for the Heathrow International Airport: 174 folders packed with maps detailing CCTV camera locations, labyrinthine tunnels snaking below the building and even the exact route the Queen takes when she uses the airport.

Understandably worried, the man quickly ejected the device and brought it – for some reason – to local tabloid the Daily Mirror. Today, despite a full-scale security investigation by the airport and the scrutiny of dozens of police and security experts, it’s still unclear just where this extremely sensitive data came from. However, all signs point to the USB drive being dropped by either a hapless employee carrying around a national security concern in their pocket or a less-hapless employee looking to instigate a national security crisis.

Either way, the story hammers home a vital point: whether you’re an international airport hosting more than 70 million travelers each year or a small business with less than $10 million in annual revenue, your biggest security risk isn’t some crack team of hackers – it’s your employees.

Sure, you may chuckle at the idea that any of your employees would actively wish your organization harm. But we’re willing to guess that you probably underestimate the wrath of an employee scorned. Even if you treat your team better than any boss in the world, they are still human – which, of course, means they’re going to make mistakes from time to time. And when considering the cyber security of many SMBs, “time to time” actually means every day, leaving huge openings in your digital barriers. These errors don’t much matter, really – until the day that a hacker turns an eye toward your business and immediately realizes the laughable security gaps your team is leaving for them to exploit.

The thing about cyber security is that it’s a lot more complicated than most people are willing to admit. Today’s digital landscape is fraught with hazards, a thousand little mistakes to be made at every step, resulting in a million workarounds for cyber criminals to use. Even the most tech-savvy among us probably don’t know everything about cyber security, and very few have as much knowledge as the hackers on the other end of the equation. When you consider the uncertainty and potential miseducation of your employees, many of whom probably know next to nothing about cyber security, you might start to feel a little panicked.

The battle against digital threats can seem like an endless slog – a war that the good guys seem to be losing – but luckily, when it comes to the security of your business, there are ways to batten down the hatches without dropping a ton of cash. For instance, start with your biggest vulnerability: your team. When a new employee joins your organization, they should go through a thorough cyber security training. Their welcome forms should include comprehensive rules about security policies, from using strong passwords to how they should respond to potential phishing attempts. Deviating from these policies should come with serious consequences.

As for your existing employees, train them up! We can help you build a robust education program to get every single member of your organization up to speed on the most imminent cyber security threats. But even then, cyber security isn’t a one-and-done kind of thing; it requires constant vigilance, regular updates on the latest trends and a consistent overall commitment to protecting your livelihood. Without training and follow-up, even the most powerful of cyber security barriers are basically tissue paper, so put some thought into your team in addition to your protections, and you can drastically increase the safety of the business you’ve worked so hard to build.

Posted in eTechTip - PC | Tagged | Leave a comment

4 Ways To Keep Employees From Leaking Confidential Information

Hacking a business today is easier than it has ever been. With nearly every company in America now intimately intertwined with technology, you might think cyber security would be a priority. But the truth is, our protective measures have grown lax, as organizations fall behind the times in their trust of flimsy barriers, trusting in blind faith that they won’t be targeted.

Right alongside the rise of software that makes our life and work easier than ever, the tools cybercriminals use has advanced as well, enabling hackers to penetrate precious networks of data with minimal effort. What used to take thousands of lines of code now takes a couple of clicks. And actually, according to IBM’s 2016 Cyber Security Intelligence Index, 60% of the time it’s not some fancy tool that allows criminals to circumvent your defenses – it’s your employees letting them in.

No matter how impenetrable you may imagine your security measures are, they’ll be rendered useless if a hapless member of your team clicks the wrong file and opens the floodgates. When it comes to cyber security, your biggest vulnerability isn’t your antivirus – it’s your poorly trained employees. Here are four ways to prevent them from slipping up and opening your business up to attack.

1. STRONGER PASSWORDS

This may seem like a no-brainer, but it’s probably anything but to many members of your team. According to a 2015 survey conducted by TeleSign, close to 75% of consumers use duplicate passwords in their online activity. Twenty-one percent of them use passwords more than a decade old, 47% have been using the same password for five years and a whopping 54% use the same five passwords across an entire lifetime online.

As a business owner, these numbers shouldn’t just make you chuckle – they should make you mad. It may be that the entirety of your company’s data, everything you’ve worked so hard to build over years of blood, sweat and tears, could be guarded behind a password as simple as “123456.”

Make sure you train your employees on safe password practices. That means mandatory password changes to key business accounts every few months, each of them containing letters, numbers and symbols, preferably without any real words at all. It’s a small change, but it can drastically increase your odds against data breaches.

2. MAKE CYBER SECURITY PART OF YOUR COMPANY POLICY

If your business is going to survive a digital onslaught, safe online practices for your employees need to be more than a recommendation. They need to be mandatory company policies. Every new and existing employee needs to know what’s expected of them and what the consequences will be if they deviate from guidelines. For example, when an update comes through for a key piece of software, it needs to be installed immediately. Have a set procedure in place for them to follow if they encounter a suspicious e-mail or potentially malicious link. These and other practices, when set in stone, ensure that employees remain personally invested in protecting your company.

3. CONDUCT A SECURITY AUDIT

The best way to suss out any employee vulnerabilities, though, will always be to do a thorough security audit of all your systems. This means investigating the hardware and software you’re using on a daily basis, sure, but most importantly, you need to analyze the habits of your personnel and whether or not they’re complying with your high standards of cyber security. 4. TRAIN YOUR PEOPLE

As they say, forewarned is forearmed. This is never truer than when defending your business from data breaches. With comprehensive cyber security awareness training, outlining everything from the biggest digital threats to post-breach best practices, you can turn your biggest security liability into your greatest defense. If employees know the ins and outs of hackers’ tricks, it becomes exponentially more difficult for hackers to trick them and find a way into your network.

With all four of these steps, it can be difficult to determine just how to implement these policies within your organization – much less what should be included – but luckily, we can help. Contact us to find out how we can help you put a strong data security employee training program in place and patch any holes in your barriers before they become an issue.

Posted in eTechTip - AP | Tagged | Leave a comment

Do You Safeguard Your Company’s Data And Private Customer Information BETTER THAN Equifax, Yahoo and Target Did?

You can’t deny that today we are living in an era of unprecedented technological progress. Particularly in the business world, we find ourselves more empowered day by day with the onslaught of fresh applications and features promising to extend our reach and drive success. There’s a reason, after all, that business leaders like Virgin Group CEO Richard Branson argue that right now is a better time than ever to start a scrappy new company.

But this trend, in which companies become ever more inseparable from the technologies they depend on, is a double-edged sword.

Though tech continues to break down barriers to success in business, its forward motion is naturally accompanied by a newfound vulnerability. Each development is accompanied by a weakness to exploit – a back door through which hackers can wreak havoc on companies and customers alike.

This should be obvious to anyone who has even the barest awareness of the news. As the list of Fortune 500 companies that fall victim to cyber-attacks grows, we all need to learn from their mistakes and batten down our digital hatches in anticipation of a potential breach.

Last year, the country was shocked to discover that the personal data of more than 146 million people – including driver’s licenses, passport numbers, Social Security numbers and a wide swath of other information – had been exposed in an attack on the credit mega-giant Equifax. Hackers infiltrated their systems through a vulnerability in Apache Struts, a tool used to develop web applications, and proceeded to lift a staggering quantity of customer data. The consequences of this attack are still being unpacked even now, but it’s safe to say that even beyond Equifax’s plummeting stock prices and their trip to PR hell, they’ve put themselves and the people they serve in a horribly uncomfortable position.

And make no mistake, the Equifax attack was far from inevitable. You would think that a company sitting on an international treasure trove packed with data from more than 800 million customers and 88 million businesses worldwide would take pains to be responsible digital stewards. But last September, under intensive government and journalistic scrutiny, company officials confirmed that, basically, this enormous breach had all come down to Equifax’s failure to adequately patch their Apache Struts platform. You see, there was a known, publicly disclosed bug in the Apache Struts system the previous March. Despite the Apache Software Foundation’s subsequent release of a patch eliminating the vulnerability, Equifax didn’t install it in time to prevent issues, giving hackers months to easily exploit their systems and gain a foothold.

While the Equifax attack is certainly one of the most high-profile widespread data breaches in history, it’s definitely not the only one to affect millions of customers. Yahoo admitted in 2016 that a data breach way back in 2013 had exposed around 1 billion of their usernames, e-mail addresses and passcodes. When Verizon acquired the company last year, they admitted that, upon further review, it looked more like 3 billion accounts had been affected. Also in 2013, hackers infiltrated Target’s point-of-sale systems to steal 40 million debit and credit card accounts, thanks to a vulnerability in an HVAC company they’d hired called Fazio Mechanical Services.

Attacks like these – and the millions of similar ones aimed at small, midsize and massive companies every year – are almost always circuitous and confusing to the average business owner, but they’re also preventable. Problem is, especially when it comes to SMBs, most business professionals and their understaffed, underfunded, inexperienced or even nonexistent IT departments aren’t equipped to protect their precious data when the hackers come knocking.

Statistics show that, eventually, hackers are going to come for your business – it’s all but guaranteed. And if they break through and bring your company to its knees, you probably won’t be the next Equifax or Target all over the news with egg on your face. No, your business will probably just fold in on itself with nary a whimper, with everything you’ve worked so hard to build quietly buckling before your eyes.

Don’t let it happen. Address cyber-attacks before they become an issue, and get a talented, experienced, around-the-clock team to defend your livelihood. It takes vigilance, research and constant upkeep to keep the wolves at bay. Protect your business or, before you know it, there won’t be anything left to protect at all.

Posted in eTechTip - AP | Tagged | Leave a comment

Top 4 Ways Hackers Will Attack Your Network And They Are Targeting You RIGHT NOW

Most small and midsize business (SMB) owners exist in a bubble of blissful ignorance. They focus on the day-to-day operations of their organization, driving growth, facilitating hiring and guiding marketing, without a single thought given to the security of the computer networks these processes depend on. After all, they’re just the little guy – why would hackers go to the trouble of penetrating their systems for the minuscule amount of data they store?

And eventually, often after years of smooth sailing through calm seas, they get hacked, fork out thousands of dollars to malicious hackers and collapse beneath the weight of their own shortsightedness.

The facts don’t lie. According to Verizon’s annual Data Breach Investigations Report, a full 71% of cyber-attacks are aimed squarely at SMBs. And while it’s unclear exactly how many of these attacks are actually successful, with the sad state of most small businesses’ security protocols, it’s a safe bet that a good chunk of the attacks make it through.

But why? As Tina Manzer writes for Educational Dealer, “Size becomes less of an issue than the security network … While larger enterprises typically have more data to steal, small businesses have less secure networks.” As a result, hackers can hook up automated strikes to lift data from thousands of small businesses at a time – the hit rate is that high.

Today, trusting the security of your company to your son-in-law, who assures you he “knows about computers,” isn’t enough. It takes constant vigilance, professional attention and, most of all, knowledge. Start here with the four most common ways hackers infiltrate hapless small businesses.

1. PHISHING E-MAILS

An employee receives an e-mail directly from your company’s billing company, urging them to fill out some “required” information before their paycheck can be finalized. Included in the very professional-looking e-mail is a link your employee needs to click to complete the process. But when they click the link, they aren’t redirected anywhere. Instead, a host of vicious malware floods their system, spreading to the entirety of your business network within seconds, and locks everyone out of their most precious data. In return, the hackers want thousands of dollars or they’ll delete everything.

It’s one of the oldest tricks in the hacker toolbox, but today it’s easier than ever for an attacker to gather key information and make a phishing e-mail look exactly like every other run-of-the-mill e-mail you receive each day. Train your employees to recognize these sneaky tactics, and put in safeguards in case someone messes up and clicks the malicious link.

2. BAD PASSWORDS

According to Inc.com contributing editor John Brandon, “With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight-character password combinations a minute.” What’s more, he says, “80% of cyber-attacks involve weak passwords,” yet despite this fact, “55% of people use one password for all logins.”

As a manager, you should be bothered by these statistics. There’s simply no excuse for using an easy-to-crack password, for you or your team. Instead, it’s a good idea to make a password out of four random common words, splicing in a few special characters for good measure. To check the strength of your password, type it into HowSecureIsMyPassword.net before you make it official.

3. MALWARE

As described above, malware is often delivered through a shady phishing e-mail, but it’s not the only way it can wreak havoc on your system. An infected website (such as those you visit when you misspell sites like Facebook.com, a technique called “typosquatting”), a USB drive loaded with viruses or even an application can bring vicious software into your world without you even realizing it. In the past, an antivirus software was all that you needed. These days, it’s likely that you need a combination of software systems to combat these threats. These tools are not typically very expensive to put in place, especially considering the security holes they plug in your network.

4. SOCIAL ENGINEERING

As fallible as computers may be, they’ve got nothing on people. Sometimes hackers don’t need to touch a keyboard at all to break through your defenses: they can simply masquerade as you to a support team in order to get the team to activate a password reset. It’s easier than you think, and requires carefully watching what information you put on the Internet – don’t put the answers to your security questions out there for all to see.

We’ve outlined some of the simplest ways to defend yourself against these shady techniques, but honestly, the best way is to bring on a company that constantly keeps your system updated with the most cutting-edge security and is ready at a moment’s notice to protect you in a crisis. Hackers are going to come for you, but if you’ve done everything you can to prepare, your business will be safe.

Posted in eTechTip - PC | Tagged | Leave a comment
  • Categories

  • Categories

  • Archives