12 Security Tips You Can Implement Today for a Safer Business System

As you’ve built or supported your business, you’ve no doubt worked hard to foster an environment where your staff feels safe, supported, happy and productive. Even if you have taken precautions, a cyberattack can quickly erase the sense of security you’ve built. 

Unfortunately, the statistics regarding cybercrime are worrying. Studies show nearly every business is vulnerable to attack and that most are easy targets. In 2019, 43% of the victims of data breaches were small businesses. Studies further show that:

  • Worldwide, over 60% of businesses fell victim to phishing or social engineering attacks.
  • In 95% of cases, malware was delivered by email — an easy situation to prevent.
  • The average data breach took 206 days to detect.
  • Only 5% of company folders are correctly protected.
  • About 70% of business leaders felt their cybersecurity risks were increasing — and they’re right.

Fortunately, by instituting the following quick and easy cybersecurity tips, you can begin making security a priority at your business. When cybersecurity becomes second nature, your sensitive data is protected and your employees can return to doing what they do best — helping your business grow.

1. Assume There Is a Vulnerability

Cybercrime might not feel like something that can happen to you. You might think hackers have little reason to target your business. Even if you don’t deal with financial records or proprietary legal, medical or similar information, you could still be a victim of opportunity. Like the statistics above clarify, almost half of all data breaches involved small businesses.

Today’s cyberattacks aren’t always big and flashy like the ones you hear about in the news. But if your company’s critical information is held hostage by ransomware or a Trojan manages to steal your banking information, the effects can be just as devastating.

The first step you can take to thwart hackers is to assume a defensive attitude in the office. Educated and conscientious employees who use easy, common-sense methods to protect sensitive data are your best weapon against those who want to exploit your business.

2. Use Authentication Methods

Two-factor identification requires you or your employees to verify their identity in at least two different ways before gaining access to sensitive information. When a password is the only gate protecting your data, a hacker just needs to learn that password to have free rein over information. Requiring a second method of verification — facial recognition, a fingerprint, a code sent via text or email — is often enough to stop cybercriminals in their tracks.

Use Authentication Methods

Two-factor identification may take a bit of time, but it’s well worth the effort to avoid a data breach or other cyberattacks. Best of all, it’s faster and easier than ever to set up two-factor authentication.

3. Don’t Reuse Passwords

Even with two-factor identification in place, strong, unique passwords are essential. One of the easiest ways for hackers to exploit users is to acquire username and password combinations. 

Imagine someone in your workplace is involved in one of these incidents. If that person has used the same username and password combination for several different work-related accounts, they have just handed a hacker access to a treasure trove of information the hacker will gladly plunder. A hacker gaining access to a single account is bad enough, but something as simple as using different passwords for different accounts can at least mitigate the damage.

Of course, requiring employees to create and remember a large number of different passwords might be asking a lot. Follow the next tip to cut this task down to size and save employees time.

4. Turn off the “Save Password” Feature and Use a Password Manager

There is a big difference between the “Save Password” feature included with almost every browser and professional, third-party password managers. Most cybersecurity experts advise turning off the browser feature in favor of installing a trustworthy password manager, which has the added advantage of being accessible across all devices. 

There are plenty of password managers available that cater to your security needs, the tech-savviness of your staff and other factors. While some security measures require additional time and steps, a good password manager can actually increase productivity. Consider a service like KeePass or speak with IT professionals to learn more about trustworthy password managers.

5. Keep Antivirus Software (and Other Software) up to Date

Antivirus software is a must-have tool for anyone going online, and it’s an effective one. But it’s only going to keep you and your staff safe if you know how to use it and keep it up to date. Cybercriminals are always working to come up with new ways to steal your information, and updates are essential to combat them. Antivirus software also prevents ransomware, Trojan horse programs and bots that can instigate a denial of service attack, disseminate spam from your account or create other threats.

Your antivirus software can also protect you from potentially unwanted applications (PUA), which are apps that might not be malicious but aren’t beneficial either. Your antivirus suite might not have this feature equipped by default. Whether you’ve just acquired a new antivirus package or you aren’t sure you’re making the most of the one you have, familiarize yourself with the features available to you. You could even seek the assistance of your internal or external company IT team.

All software used in the workplace should be kept up to date. It can be a time-consuming process, but many of these updates include enhanced security measures that you won’t want to be without.

Look out for Phishing Scams

6. Look out for Phishing Scams

“Phishing” is a term you probably hear tossed around frequently when cybersecurity tips for businesses are discussed. The scammers behind phishing operations are experts at making emails and links look as though they’re coming from a trusted institution like your bank, a business partner or even the government.

Scammers generally ask you to click a link that will take you to a page that may or may not be an accurate approximation of a reputable institution’s site. There, you will be asked to fill in your personal information.

The best way to protect your business and employees from these scams is through education. Some fake pages are obvious, but others are extremely sophisticated. Some giveawaysof a phishing scam might include:

  • The site uses colors, images or fonts that are almost, but not quite, a match to a legitimate institution.
  • The site is hosted by a free web hosting service.
  • The domain portion of the URL indicates something is off — the part right before the final .com, .net or .org. For example, yourbank.scam.com can indicate, well, you guessed it.
  • The site lacks the HTTPS lock icon on your web browser, where a lock indicates a site is secure. Granted, some legitimate sites might not have gotten around to using HTTPS, but better safe than sorry!

Online storage accounts like Dropbox are often targeted by these cybercriminals. Scammers never know what they’ll find, but people tend to be less vigilant about storage accounts than financial ones. Don’t let your guard down.

The bottom line is, if you or your staff have any doubt, don’t click. Even if an email from your company’s bank looks legitimate, if you don’t normally get emails from the bank, give them a call instead.

7. Secure Mobile Devices

Mobile device usage, including internet searches done from phones and tablets, has been steadily increasing. Pair that with today’s increasingly remote workforce, and mobile devices present a possible security risk. Providing simple cybersecurity tips for employees who use mobile devices in their work can go a long way toward protecting sensitive data. Some things to consider when mobile devices contain work-related information include these tips:

  • Don’t leave mobile devices unattended or unlocked.
  • Use two-factor authentication and password management for work accounts and applications.
  • Perform updates as required — they often include new security features.
  • Be as aware of potential phishing scams on mobile devices as on PCs or laptops and know that phishing through text is common.
  • Don’t store sensitive work-related information on a mobile device. Instead, use a secure storage system or cloud service.
  • Beware of installing apps that don’t look trustworthy.
  • Take full advantage of the device’s security features, including data encryption.
  • Use Apple’s Find My iPhone or Android’s Device Manager to keep tabs on your device.

8. Get a VPN

A virtual private network (VPN) sends your web activity through an encrypted tunnel to a server owned by the VPN company. Without a VPN, your information and activity can be easily followed as you navigate the internet throughout the workday. A VPN essentially takes you along a series of hidden routes that make you almost impossible to track.

In addition to snoopers who are up to no good, it’s also very easy for your internet service provider (ISP) to track your online activities. This might not harm your business, but if you’d rather protect your privacy and prevent the sale of your data, your VPN will be your new best friend. 

Like most cybersecurity business tools, not all VPNs are created equal, so it’s essential to do your due diligence before committing to a plan, or better yet, to speak with the company IT team or your IT consultant.

Hire a Security Team

9. Hire a Security Team

Sometimes, it’s simply best to leave cybersecurity to the experts. Since the hackers and those working to combat them are moving too fast for the average person to keep up, you might let someone whose job is keeping up with digital developments handle your security. This is especially true if your business could be targeted by cybercriminals a step above those casting a wide net for loose passwords — like if you’re working in finance, law, security or another industry that deals with valuable information.

The question is, should you build an in-house team or engage a consulting firm? Each choice comes with advantages and considerations.

Internal Security 

An internal team will come to know your hardware, network and procedures well. They will be on-hand when there’s a crisis or a question, and they’ll never have a conflict of interest or another client ahead of you. On the other hand, the cost of maintaining even a single full-time employee to handle network security is beyond the reach of some small and midsized businesses.

External Security

Many external teams or consultants are experts and can provide a personalized touch. They’ll take a bit of time to learn your office, equipment and processes like an in-house team. For companies that recognize the importance of cybersecurity in business but don’t want to take the time to perform the necessary tests and updates themselves, a consulting firm can be a great match.

10. Keep a Backup of All Your Data

No matter how many precautions you take, an attack could slip by your defenses. For many businesses, it’s difficult and sometimes impossible to recover from a complete loss of data. In contrast, recovery can be fast and easy when data is properly backed up

Your best bet to ensure no loss of data is to back it up physically and to follow the next tip.

11. Leverage the Cloud

Cloud services make it easy to back up and retrieve data, with many backing up periodically as you or your employees work. Hackers aren’t always interested in stealing your data — sometimes, their goal is to encrypt it and try to charge you to restore it or to wipe it out entirely. Cloud services allow you access to vast amounts of secure storage space at affordable prices. Using cloud storage along with a physical backup gives you an added layer of protection if the worst should happen.

12. Beware of Social Engineering

When cybercriminals cannot find a technological weakness to exploit, they focus their efforts on human emotions. Today’s cybercriminals are masters at manipulating people into giving out information they shouldn’t. 

These attacks have much in common with phishing and operate on the assumption that the person on the other side of the screen is taking the hacker at face value. Victims believe the hacker is who they say they are, whether it’s in the form of an email from a friend or a charity or other cause. And hackers hope people will act without doing any research first. Provide security tips for employees through staff training and education to help prevent these sorts of cyberattacks.

Partner With PCS for Your Company IT Team Needs

Partner With PCS for Your Company IT Team Needs

It’s true that cybercrime can be scary. It’s also true that cybercriminals can be deterred by the right measures. Using these cybersecurity tips for businesses will go a long way toward keeping you and your sensitive data protected. For further protection, partner with PCS for our IT services and solutions.

PCS is a one-stop shop offering helpful and affordable IT services and support. Rely on our expertise to keep your company’s data safe from cybersecurity threats. Contact us today with any questions or to get started.

Posted in IT

Cyber Security – What Is It and Examples of Cyber Threats

Technology and data is the core of most organizations.
But what is cyber security and have you put the effort into effective cyber security?
We’re here to explain what it is and cyber security practices for effectively defending against hazards in the digital world with the help of Mike at Cybir!

Cybir is a continued core focus on a full suite of in-house cyber security, digital forensic and data recovery expertise, honed for litigation support, eDiscovery and expert witness services.

What Is Cyber Security?

Cyber security (as stated by Merriam-Webster ), is the measures taken to protect a computer or computer system against unauthorized access or attack.
Any organization that uses modern technology must face with the risk of cyber threats. Taking steps to address this risk is crucial for the operational security of businesses. Data breaches and cyber-attacks against businesses have the potential to cause huge financial and reputational damage. It could not only affect the business, but also the employees.

Examples of Cyber Threats

Malware
Malware, shorthand for “malicious software,” is an application that’s intended to cause damage to systems, steal data, gain unauthorized access to networks, or otherwise wreak havoc. This is the most common type of cyber threat. 

There are a number of malicious software variants, including:

  • Viruses – Attaches themselves to clean files, replicate, and spread to other files. They may delete files, force reboots, join machines to a botnet, or enable remote backdoor access to infected systems.
  • Worms – Similar to viruses, but without the need for a host file. Worms infect systems directly and reside in memory, where they self-replicate and spread to other systems on the network.
  • Backdoor – Used by attackers to secure remote access to infected systems, or to obtain unauthorized access to privileged information.
  • Trojans – Disguises themselves as a legitimate application, or simply hide within one. They discretely open backdoors to give attackers easy access to infected systems, often enabling the loading of other malware.

Ransomware
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware attacks often rely on social engineering techniques such as phishing, tricking users into downloading a dropper that retrieves and installs the payload. Once on the system, ransomware finds all files of a specific type locally and across the network, encrypting and often stealing them. The original files, recovery points, and backups are then deleted to prevent users from restoring the system on their own. Ransomware usually changes the file extension and adds a “help” file, explaining how victims can pay to recover their data.

Mike at Cybir also mentions data exfiltration. He states, “Ransomware is evolving where threat actors are also stealing data and saying, ‘ok great your backups worked and you restored, but you are still going to want to pay us if you do not want us to leak your data to the internet or dark web.'”

He states for protection, “For ransomware and malware traditional AV is no longer effective. Traditional AV basically has a definitions file where when it is running a scan it looks at the current file and compares it to its list of known good / bad files and then makes a decision about what happens to it from there. If it does not know anything about the file it likely skips right over it and allows it to pass. EDR/MDR/XDR SentinelOne provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.”

Cybir offers endpoint protection, detection, and response in conjunction to SentinelOne that provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.

Phishing
Phishing is a common attack technique that manipulates people into taking unsafe actions or divulging sensitive information. In typical phishing campaigns, attacks will use different types of communication – email, instant messages, SMS, and websites – to impersonate a trustworthy person or organization that they are familiar with and using that identity to trick users into clicking on malicious links, downloading malware-laden attachments, or disclosing sensitive personal information.

Mike at Cybir states, “This often leads to ransomware or a business email compromise type of attack.”

One way to stay protected from phishing attacks is training and education. Mike at Cybir states, “The keys are constant user training and education as well as a solution like ironscales that is going to profile an email and add banners/details to give the user a heads up.”

There are two types of phishing attacks – phishing which is wide-ranged and spear phishing which is targeting a specific individual/company.

Spear phishing requires a lot of research for the attacker, but these cyber threats are generally tailored to their target based on insider knowledge or information available on the web and/or through social media. They use reputable names within the company to attack someone who they think will fall for it. It requires extra effort to spear phish, but they are more likely to succeed.

PCS offers a variety of phishing training products to help you and your company stay protected and aware of what to look for when it comes to phishing attacks. 

Knowing the different malicious attacks out there, there are ways to monitor and keep protected again malicious attacks.

Cybir offers Security Operations Center As A Service (SOCAAS) with these key features –

For more information about cyber security and ways to stay protected, contact PCS today!

Cyber Insurance – How Important Is It?

Cyber attacks have increased throughout the years, but within the past year, more people are becoming aware of how important it is. Many are turning to cyber insurance as a means of protection against some of the effects of an incident,
but what is cyber insurance and how does it work?
We’re here to go over what you need to know with the help of Hardenbergh Insurance Group.

Hardenbergh Insurance states, “For many years now, there has been awareness that companies should be accountable for the safeguarding of the personally identifiable information of their customers.  One particular law that helped to raise awareness was the Health Insurance Portability and Accountability Act (HIPPA) of 1996.  The vast majority of states have amended their state laws to address how companies and state agencies must respond to a security breach that results the compromise or potential compromise of personally identifiable information.  Most state laws dictate that in the event of a breach, not only must the organization notify the affected individuals, but also the specific state agency.”

Businesses such as health care providers, banks, law firms, accountants, hotels, retail stores, schools, public entities, charitable organizations, mortgage brokers, insurance agents, and other professional service providers, restaurants and any other business that maintains records of personally identifiable information all have a cyber liability exposure.

Today, the vast majority of businesses rely on their computer systems to run their business and to service their customers.  The inability to operate their computer system due to a cyber attack can cause severe financial damage to the organization.

What Is Cyber Insurance?

Cyber insurance, also known as cyber-liability insurance, is an insurance policy that helps protect organizations from the fallout from cyberattacks and hacking threats. Having cyber insurance protect against losses that are related to computer- or network-based incident.

Any business with an online component or one that sends or stores electronic data might benefit from cyber insurance.

What Does Cyber Insurance Cover

Key first party insuring agreements include the following:

  • Cyber Extortion – Costs to investigate, negotiate and settle threats made against the insured related to intentional computer attacks
  • Privacy Breach Response – Expenses for breach response services such as notification, credit monitoring and identity/credit repair
  • Business Interruption – Loss of income due to interruptions in business caused by breaches of an organizations network
  • Crisis Management – Expense of retaining a public relations firm to help mitigate damage to the organizations reputation and brand image caused by a cyber attack

Key third party insuring agreements include the following:

  • Technology Errors & Omissions – Error or omission in the performance of technology services resulting in third-party loss.
  • Privacy Liability – Failure to protect private or confidential information.
  • Security Liability – Failure of network and information security to prevent the transmission of computer viruses.
  • Media/Content Liability – Libel, slander, and other forms of disparagement, etc. with respect to the display of materials as well as infringement of a copyright by your website content.
  • Regulatory Actions – Regulatory actions brought by state or federal agencies to enforce privacy regulations.

Not all cyber liability insurance policies are the same.  Coverages can and will vary depending on the carrier and the insuring agreements purchased.  When evaluating which cyber liability policy is appropriate for your organization, it is important to evaluate both the first party insuring agreements and third party insuring agreements being offered.

When evaluating cyber liability alternatives for your business, it is crucial to be sure that the policy you select to protect your business contains the appropriate insuring agreements.  The Risk Management professionals at Hardenbergh Insurance Group can work with you to evaluate your exposure and to ensure that the appropriate coverage is in place to protect your business.

Most businesses are requiring clients to get cyber insurance. 

Cyber Risk Management Techniques That Can Be Implemented To Protect Your Organization From Cyber Attacks Said By Hardenbergh Insurance Group: