6 Consequences of a Weak Business Computer Security System

Cyberattacks and hackers are some of the most prominent types of security risks to an organization. The impact of security breaches on businesses is enormous and increasing every year. These events also hurt consumers through the loss of privacy, money and identity. Attacks on a company can quickly spread, hurting business partners and the economy at large. Risks in cybersecurity can threaten national security and even infrastructure, causing electrical outages or failure of military equipment.

Particularly vulnerable to these attacks are small businesses. They often have weaker security measures in place and provide a backdoor to their network of corporate clients who have valuable data at stake. Those threats can have widespread consequences, including these six:

1. Your Business Loses Customers

Data breaches often release droves of personal data into unknown, malicious hands. If your customers entrust you with credit card numbers or other financial information, these incidents can be especially harmful. When you experience a data breach, your affected customers face quite the ordeal. Some may subsequently experience identity theft or credit card fraud. When customers experience issues because of a company’s cybersecurity negligence, they often feel like their trust has been broken. Many may stop doing business with you.

How do data breaches affect consumers? Just as businesses can face many consequences, the impact of data breaches on individuals is far-reaching. Those repercussions can include:

  • Stress related to worrying about the potential fallout of hackers accessing personal data.
  • Extra time spent resolving issues caused by the breach, such as canceling credit cards or bank accounts.
  • Fraudulent credit card activity or lost money.
  • A lower credit rating, resulting from fraudulent credit card activity.
  • Identity theft resulting from stolen passport numbers, social security numbers and bank account details.
  • Loss of privacy and exposure of sensitive data such as medical records and social media login credentials.
  • More money spent on identity theft protection or credit monitoring.

Any of these issues alone can cause your customers a major headache. Since 57% of consumers blame companies for stolen data rather than hackers, you’re bound to lose their trust and business following a cyberattack.

Even when unaffected by a data breach, many customers feel uneasy when a company experiences one. They might think it’s only a matter of time until the next one occurs and try to distance themselves and their data before then. After a data breach, 78% of consumers would stop interacting with a brand online, and 36% would stop interacting altogether. 

That’s a lot of lost customers, and they will probably stay away for quite some time. In the U.S., 83% of consumers will stop spending with a business for several months in the aftermath of a breach. Even customers who stay loyal to you during a cyberattack can also be lost. Website or system downtime may make it harder for customers to patronize your business. While the average cyberattack takes minutes, the effects can ruin a company’s entire quarter or year. 

2. It Can Damage Your Brand Reputation

All press is good press — except in the case of cybersecurity negligence. Large-scale data breaches for major brands are highly publicized. Every month of 2019 was plagued with at least one media-attention-grabbing data leak. You probably remember the names of the companies involved with some of the most egregious data breaches in history, even this many years later. 

Leaks that don’t make the national news can still affect your brand reputation. For example, small businesses might find their names gracing local newspaper headlines or circulating on social media. B2B companies might garner coverage in their industry trade journals. In any case, even a little negative chatter can have wide-reaching effects. 

When a data breach occurs, the whole world is watching — or your customers, at the very least. How you respond can have just as significant an impact on what people think of you. For example, many companies offer free credit and identity theft monitoring following a breach. Plenty others skip this step.

Even if your particular breach doesn’t warrant that response, people will look to you for solutions and straightforward communication. How you act and how quickly you respond can make or break your public image. You can avoid having to prove your competence in crisis management with a robust cybersecurity system.

There’s also another aspect of brand reputation damage resulting from cyberattacks — email hacks. Your business is chock-full of proprietary information that’s often passed around via email. If a leak reveals your secret sauce recipes to the world, some of your reputation goes with it. Meanwhile, emails can get taken out of context. Personal messages sent from work computers can get exposed, too. You risk executives and employees looking unprofessional in the public eye.

Further, online vandalism can leave off-brand messaging on your website where you least expect it. Some hackers might edit pages to include vulgar language couched in your approved content. You might not notice right away, and you’ll leave a bad taste in your website visitors’ mouths. They might also change contact information, so unsuspecting callers get redirected to other numbers. Vandalism causes inconsistent branding at best and loses potential customers at worst. 

3. You Lose Intellectual Property

Your cyber network and even your emails contain intellectual property and industry secrets. Some of what your company keeps closest to its chest — blueprints, designs and strategies — can be targeted in cyberattacks. Manufacturers can lose proprietary product designs before they can obtain their patents. Gaming and software companies can have valuable coding exposed. Entertainment companies can lose unreleased films, shows and music to leaks.
Your competitors can jump in and start offering similar products or services that once made your brand unique. Intellectual property leaks often go undetected at first. Other companies can covertly learn your next moves before you make them. With time, your competitive advantage can seriously erode.
When intellectual property theft occurs, your company has two options. In some cases, you can pursue the thieves directly and recover the stolen data. You may also be able to block them from using it in a way that may damage your company. The other option is to plug the leak and then modify the intellectual property or develop something new. The stolen information then becomes out of date, incapable of ruining your market advantage.
Both tactics require fast detection through cybersecurity monitoring. You need to act before thieves have time to sell your information to your competitors. Without this robust infrastructure, your business likely has to take the loss.

4. It Disrupts Your Online Management Software

Your online management software is one of the primary entry points for cyberattacks. Have you ever held off on updating your software because you knew it would interrupt your daily workflow? If you’re not careful, putting it off could disrupt more than your day. Software developers routinely develop and release patches to prevent hacks. Unfortunately, the average user probably doesn’t realize the gravity of these occasional updates. Some recent large-scale software hacks occurred after those software companies released patches that would have prevented these events if installed.

Without an Information Technology (IT) and cybersecurity management system that includes patch management, your business is vulnerable. And these platforms are not just the window in. They’re also frequent targets for attacks. Most business management software stores critical data. Any software you use that collects customer data, whether it’s a Customer Relationship Manager (CRM), an order management platform or something else, poses a considerable risk. Your accounting software probably holds your company’s banking and financial information.

Besides the threat of data breaches to your software, several types of cyberattacks can cause your software to misbehave. For example, they can paralyze your system and make data unavailable. Some types of security risks to an organization that may cause software disruptions include:

  • Malware: Some software is specifically designed to perform a malicious task on a device, computer network or mobile device. Sometimes disguised as a harmless piece of software, Trojans often enter a system through human error. Once in the host system, they can wreak havoc on your network and even take over entire software systems.
  • Ransomware: Attackers often encrypt data with the intent of eliciting a ransom to allow users to access it once again. Many business management software platforms house this data and often perform crucial automated tasks powered by it. If the data gets encrypted, it will interrupt your operations until you can recover it. In the meantime, any software automation that uses the encrypted data may run haywire or stop working.
  • Distributed Denial of Service (DDoS) attacks: If attackers take over a broad network of devices, they can use these computers to activate a system’s functions and overload it. Cyberattacks like these often cause website crashes, and they can also overwhelm desktop and cloud-based software applications.

5. It Reduces Your Resources for Business Growth

Have you started calculating a tab for all the expenses you might encounter from a cyberattack? Between losing customers and intellectual property, cybersecurity breaches cut into your revenue streams. As much as 40% of the total cost of a cyberattack can be attributed to lost business opportunities. With a damaged brand reputation, your company’s total estimated value could plummet. Small and medium-sized businesses (SMBs) can face an onslaught of other indirect costs after a cyberattack, including:

  • Civil lawsuits from affected customers or business partners.
  • Fines from regulators for cybersecurity noncompliance.
  • Refunds or incentives, like free credit monitoring, issued to customers.
  • New insurance premiums.

Then, there’s the matter of resolving the issue. Depending on the severity of the incident, your IT department will likely spend many hours playing defense. A small team might even become overwhelmed. You’ll probably need to acquire new software and make other investments to counter the cyberattack. Restoring lost data is a lengthy process, costing you both time and money. It takes an organization an average of 280 days to discover and contain a breach. 

The average cost of a data breach in 2020 is $3.86 million. As a small business, it’s easy to look at that number and think it doesn’t include you. However, 43% of online attacks are aimed at small businesses. Businesses of any size can expect to shell out $200,000 as a result of a cybersecurity breach. Those costs can seriously impact your ability to grow. The good news is that cybersecurity investments see a great return on investment (ROI), especially when you choose an affordable IT provider like PCS.

6. You Risk Closing Your Doors

Small businesses are a prime target for cyberattacks and are the least-equipped to handle them. If you’re unable to access vital customer data or software, it may not be possible to stay open until you eliminate the threat. That could take time if you haven’t backed up your data, which many small businesses neglect.
As a small business, you probably don’t have a large staff equipped to handle an issue while you maintain operationsYou’ll end up investing a significant amount of time and resources to recover from a cybersecurity breach. You may have to shutter temporarily while you contain the problem. Having a robust plan for dealing with crises and employing qualified IT personnel can prevent shutdowns.
A closure can be more than temporary, too. Research from the National Cyber Security Alliance found 60% of small and midsized enterprises go out of business within six months of a hack. When you consider all the resources that can go into dealing with such an attack, it’s easy to see why. Many small businesses are operating on tight margins as it is. Throw in a cyberattack, and it can take these companies over the edge. 
Having the resources to prevent attacks from being successful is crucial. These solutions can also significantly lower the costs of dealing with a crisis and limit the impact of cyberattacks in general.

Proactive Steps to Strengthen Online Security

While there are plenty of risks to a weak security system, there’s also plenty you can do to prevent those dangers. Here are six steps to stronger online security for your business:

  1. Train employees: By far, the biggest threat to your computer security is people. People click on phishing scam emails, download malware, access secure data on unsecured networks and make many other mistakes online. To prevent these issues, train your team in cybersecurity. Show them the do’s and don’ts of internet safety, and they’ll be less likely to make these errors.
  2. Practice cyber hygiene: Security software and the latest versions of your web browsers and operating systems are the best way to prevent viruses and other online threats. You should always download software updates as soon as they’re available and set your antivirus software to scan your systems after any update or new download.
  3. Use firewalls: Firewall programs are designed to keep your private network locked to outsiders. Your office’s internet connection and any home networks for employees who work from home should have a firewall installed.
  4. Secure Wi-Fi networks: Your company’s Wi-Fi network should be protected, encrypted and hidden. Your Wi-Fi router can be password secured and programmed not to broadcast the network’s name.
  5. Accept secure payments: If your business accepts credit cards, work with your bank to ensure the best tools and anti-fraud services are installed on your device. Do not process payments on the same computers you use for less-secure activities or for browsing the web.
  6. Practice smart password protection: Weak passwords are another typical doorway for hackers. Ensure you set strong password requirements for your users, and institute policies to have them changed every three months. You can also use multifactor authentication to protect sensitive data and assets.

Consult With PCS to Boost Your Security Game

At PCS, we know many small and medium-sized businesses don’t have the time or resources to manage IT. Unfortunately, that leaves you open to cyberthreats online. That’s why we offer affordable, world-class IT and cybersecurity services, customized to your business needs. Among our many services, we provide data backup and securitymobile device management and network management services to keep you secure online no matter where and how you browse. We also provide rapid response and emergency services if hackers strike. 

If you’re ready to get started, request a consultation and we can help you identify what you need to bring your network security up to speed.

Cybersecurity: The Basics That Keep You Safe

Cybersecurity is one of those subjects that, when we talk about it, many people nod knowingly yet do nothing about it. Why? Why do we always put it off? I can only surmise that we believe it’ll happen to the next person but not us. Yet accidents and unfortunate events happen to everyone. 

The first commandment of cybersecurity is simple: It starts with you.

My rules for essential cybersecurity are simple, inexpensive, and only require one element: that you actually implement them and don’t put it off until digital chaos takes over your personal computer or network.

The Basics

 It’s inexpensive and mandatory. Invest in a reliable firewall and well-known anti-virus protection. Test both to make sure they are working. And test them at least monthly. If there is a Rule No. 1 in cybersecurity, this is it.

Back It Up and Remove It

OK, you’ve heard the need for backing up. But it’s actually a bit more demanding than what you hear. Back up every day to a reliable online service.  Make this procedure automatic so that you don’t have to think about it. This is probably the No. 2 rule in cybersecurity. But online backup is insufficient. You want a hard copy backup, too, and don’t leave it in the same location as your main computer or network. Why? Things happen, including fire, theft, flood and any act, divine or otherwise, that can ruin the backup.

But there’s an even more important reason for a hard backup. If you become a victim of ransomware where your valuable data, including that online backup, turns into gibberish, you’ve got severe problems. (The online backup doesn’t know that the backup is infected, too.)  An off-site, hard backup will provide “clean” data up until your last hard backup. You might lose days, even a week (yes, hard copy every day or at least every week), which will be a problem, and it is not a death sentence. 

Password Protection

Here’s my two-decade mantra: Don’t choose obvious, everyday words and don’t use the same one for all your logon passwords. A password that combines letters, numbers and symbols works best. Most important: Use two-factor authentication whenever possible. It’s simple, takes only an extra few seconds but significantly improves your security.

It’s My Sister’s Flash Drive

So? Be cautious about using anyone’s flash drive. Never use one until you’ve scanned it to ensure that it’s virus-free. 

Hot Spot Convenience

Be wary of public Wi-Fi. Most people now have a smartphone, and you can enable it to act as your personal and secure internet connection. Public Wi-Fi raises the possibility that someone can hack into your system while you’re sipping that cappuccino.

Hard Drive Safeguards

Encrypt your hard drive. Newer operating systems offer default encryption, so there’s no excuse. Fortunately, the latest hard drives won’t slow down your computer, and if someone steals your laptop — your office — it’ll make it more difficult to tamper with your data. 

Cyber Insurance

If you have a business, it’s probably the kind of coverage you want to buy. It will protect you against business liability if someone breaches your network and obtains access to your customer or client list. Talk to your insurance agent. Remember, general liability coverage generally does NOT cover cyber issues. 

 

© Anthony W. Mongeluzo 

 

Anthony Mongeluzo is the CEO of PCS, a 150-person IT managed services and support firm that provides technology solutions to a national client base. Moorestown, NJ-based PCS has offices in PA, DE, MD, DC and NY. Anthony is the founder or a partner in eight other companies, three of which are in the IT sector that provides cybersecurity, computer forensic and web services. He is also a technology correspondent for Fox 29 Philly. Contact Anthony at Anthony@helpmepcs.com, connect with him @PCS_AnthonyM or contact our team today.

 

10 Easy-to-Follow Rules for Working at Home

The coronavirus has changed the national work landscape because, for many, working from home has become the new normal. Here are 10 time-tested rules I’ve learned from years of avoiding my office or talking to clients’ employees who weren’t making that daily trek to work.

1. Don’t Vacuum the Living Room

Don’t laugh. It’s shockingly easy and tempting to putz around and do some housekeeping “just for 15 minutes.” You wouldn’t vacuum at the office, and those 15 minutes add up. The biggest damage that occurs is disrupting the work rhythm and flow.  Set work hours at home just like you would at the office.

2. Take Lunch

Don’t have lunch at your desk or computer. Taking a break from work, especially staring at a computer screen, will keep you sharp.   During lunchtime, finish reading the newspaper, chat with those at home, talk about a topic that is unrelated to work, or call a friend. You’ll return to work refreshed.

3. Get to Know Your Tech Person

If you’re unsure of who handles the tech issues in your company, now is the time to introduce yourself. Become familiar with tech support and how they handle IT problems. Remember that your tech person is probably facing an avalanche of demands. Learning what the protocols are for help now will save you from a panic attack if the system begins to misfire. If you haven’t had a “tuneup” for your computer, do it now before problems develop. Suggestions include making sure that you (or your tech person) have applied all Windows updates, ensuring that anti-virus and anti-malware software is operational, and being on the lookout for phishing emails. The hackers are ready to go.

4. I Got This Idea For a Book

Don’t we all? You might never have a better opportunity for self-learning to improve yourself for that future advancement or just for fun. You can do it formally through a MOOC (massive open online course) or self-education. If it’s job related, take this to the bank: You’re going to appear so much smarter than when you left.

5. Stay Fit

Maintain a fitness regimen.  At home, you’re not even walking across the parking lot to get into an elevator. Hate exercise? Try walking. My friend says, “Easy, free, and is the perfect no-excuse way to stay trim.” He always reminds me that “The worst workout you ever had is better than the best workout you never had.”

6. Conference Call Mania

Conference calls are skyrocketing. If your calls don’t have video, it’s impossible to “read” body language. Don’t incessantly talk over your coworkers. Wait for that definitive pause before speaking. It helps to jot down what issues you want to discuss in bullet fashion, starting with the most important. Be sure to use your “polite” tone when talking. Watch the sarcasm and humor. They can’t see your face.

7. Dress for Business

OK, you can be more casual, but looking like you just crawled out of bed is a no-no. A recent viral video shows an attractive young woman on a call, and her male friend bounds into the background wearing underwear. Take a minute and examine your background or consider how to prevent anyone from disrupting the call, whether it’s a spouse, child or pet.

8. Yes, Dear

Being confined at home, especially with family members, lends itself to becoming crabby. The best solution is to have a separate room or space as your at-home office. Sometimes it helps to take a brief pause outside to get a fresh start on those daily tasks. 

9. No Attention Span?

Most people struggle with this, but Toggl saved my friend. It’s a time tracking app operated by some smart techies in Estonia. They have a free version, but he opted for the paid version with extra features. It tracks your time in the increments you set. My friend works in sets of 25 minutes with five-minute breaks.

10. Don’t Spill the Wine

It’s easy to reach for the liquor cabinet. Don’t if it’s during working hours. A simple tip: Don’t drink when the sun is up. (And don’t cheat by pulling down the shades.)

***

Anthony Mongeluzo is the CEO of PCS, a 150-person IT managed services and support firm with a national client base that provides technology solutions for companies. Moorestown, NJ-based PCS has offices in PA, DE, MD, DC, and NY. Anthony is the founder or a partner in eight other companies, three of which are in the IT sector that provides cybersecurity, computer forensic and web services. He is also a technology correspondent for Fox 29 Philly. Contact Anthony at Anthony@helpmepcs.com, connect with him @PCS_AnthonyM or contact our team today.

 

 

 

5 Steps to Hiring Your IT Dream Team

It’s the change we hate to make, and we only do it out of necessity. No one out of the blue decides to switch their primary doctor, change their life insurance policy or hire a new IT team to handle your business’s valuable information data.

In the IT world (unless you’re a startup, seeking help for the first time), looking for an IT expert is an inescapable sign that something went awry. And now it’s time to find a new IT team.
I remain mystified that even astute business people fail to follow a stringent criterion for bringing in a new IT partner. Your IT team holds the combination to your digital vault and often becomes embedded in your business. You might not notice it until a crisis occurs, but they’re there in the background until, of course, you have an emergency and begin screaming for support.
The checklist for hiring a new firm isn’t complicated. However, it demands that you pay thorough attention to detail. Here are five suggestions that provide you with a reliable plan in finding that IT dream team that will respond expertly and swiftly to your IT needs.

References, Please.

It’s amazing how often we enter an agreement with a vendor and never ask the seemingly perfunctory and vital question: Can you give me several references? Call the references, don’t just send them an email. It’s interesting what you might learn in a chat, plus if a question pops up that you hadn’t considered, you can ask and receive an immediate answer. Ask for three references and ensure they are diverse.  You don’t want the standard three references they’ve been using for years. Ask for a long-term client and a former client. If a former client speaks well of the firm, that’s a valuable sign.

Define Pricing and Future Increases

Your contract should act as a financial document. This is where you agree to price and growth. This implies an increase (or decrease) in price because of potential expansion. It also helps to avoid negotiating about this issue later. 

Contract flexibility

We all know the feeling of satisfaction when you start with a new vendor or client. Honeymoon time. But sometimes the relationship heads south later, and this is where the contract becomes essential. Make sure you know where you filed the agreement, either digitally or in a drawer. (Surprising how many times companies scramble to find it.) How flexible is the contract? Did you lock yourself in for three years or is there an exit clause? Sometimes in a business relationship, it just isn’t a fit. This often happens because of expectations versus the amount of services provided for the fee. It could also be nothing more than personal chemistry. Be sure that you review all the options that have leeway for a change if needed. (I always suggest doing everything possible to please the client, but occasionally a separation is the only answer.)

About That Support, You Promised

This is where the specifics come in, not in the contract, but in practice. You must ask these questions to clarify your expectations and ensure that your IT consultant fulfills what they promised. These include: 

  • How will you handle support?
  • Who handles the support, one individual or a team?
  • How do you ensure that my tech knows (or will learn) about my business and will provide a reliable and affordable IT strategy?
  • What’s the “real” response time compared with the stated one?
  •  Will someone really be there 24/7? We hear this frequently. Ask them what happens if you call at 10 p.m. (You might consider running a test on the response time at an off-hour or weekend.)

The Final Test

Ask the potential IT firm what makes them unique and why you should hire them. You’ll probably recognize the “pat” answer or the elevator speech. So how do you discern what’s real and what is a rehearsed reply? Ask for specifics, and don’t be afraid to request those examples from companies in your industry.

After two decades of confronting IT problems for companies of every size and across a broad swath of industries, one element still surprises me. The lack of thoroughly investigating the new IT firm remains commonplace despite the importance of digital information, which is the backbone of every company. Following these tips, focusing on the effort of an interview with a diverse set of potential vendors and concentrating on what you believe are a long-term solution is paramount to keeping your IT operation running smoothly.

 

©2020 Anthony W. Mongeluzo

***

Anthony Mongeluzo is the CEO of PCS, a 150-person IT managed services and support firm with a national client base that provides technology solutions for companies. Moorestown, NJ-based PCS has offices in PA, DE, MD, DC and NY. Anthony is the founder or a partner in eight other companies, three of which are in the IT sector that provides cybersecurity, computer forensic and web services. He is also a technology correspondent for Fox 29 Philly. Contact Anthony at Anthony@helpmepcs.com, connect with him @PCS_AnthonyM or contact us today!

 

 

25 Security Terms All Businesses Should Know

Cybersecurity is an increasingly important issue for businesses, and as such business owners need to be aware of cybersecurity terms and issues. While most business owners are aware of basic cybersecurity terms, the technology industry is constantly changing, and new hacking methods are continually being developed. To prepare and be aware of modern cybersecurity issues, business owners need to know key security words. Below are some of the basic cybersecurity words all businesses should know.

1. Account Takeover

Account takeover is exactly what it sounds like — this occurs when a hacker takes over an account. This account may be an email account, bank account or online login. Hackers generally gain access by collecting saved login information from a website or tricking you into disclosing your login information through a phishing scam. From there, the hacker can either use the login themselves or sell it to a third-party fraudster to take advantage of your account.

2. Amazon Web Server

Amazon Web Services (AWS) is one of the most broadly adapted cloud platforms. So what are Amazon web servers? These servers are cloud servers that businesses can pay to use. The physical servers are kept by Amazon in locations around the world, but users can rent the use of servers to host business operations without the cost of maintaining servers on-site. Amazon also handles their own security, protecting their servers from intrusion.

3. Bring Your Own Device (BYOD)

BYOD is an increasingly popular company policy where companies have employees provide their own computers and devices. This policy helps businesses save costs on supplying devices for their workforce and takes advantage of the prevalence of private device ownership. However, this policy comes with risks — employees handle sensitive company information on their own devices, which may not have the appropriate security precautions needed to keep company data safe.

4. Clickjacking

Clickjacking tricks users into clicking something that they didn’t intend to click. Often, clickjacking occurs on websites — the link may say that it is taking the user to a certain address, but really takes them to an alternative destination. If the user isn’t aware that their click has taken them somewhere they didn’t intend to go, they can fall prey to scams.

5. Cloud Computing

Cloud computing is all over the news in the business world today, but what is cloud computing? Cloud computing is when IT resources are delivered on-demand over the internet. Instead of owning and maintaining their own servers, businesses pay to use public servers like those provided by Amazon Web Services. This way, businesses benefit from the computing power, storage and databases without paying exorbitant costs. These cloud computing centers also often handle baseline security measures, though your business should always use best practices when it comes to security.

6. Data Breach

A data breach is when a business’ private information is compromised by a malicious third-party. This information may be consumer data, business analytics or company secrets. In any case, this information may be collected and sold or may be lost entirely, negatively impacting your business.

7. Distributed Denial of Service (DDoS)

DDoS attacks are some of the most common cyberattacks. In these attacks, a computer or network is overloaded with access requests, slowing down the server to a standstill. As a result, the affected company is unable to function until the attack stops.

8. DNS Attack

Domain Name System servers, or DNS servers, are used to connect the world’s computers and allow them to communicate efficiently with one another. In a DNS attack, a hacker will target DNS servers and redirect addresses. This means that when a user tries to access one address, they’re redirected to another address. This may be used for phishing scams or as a way of conducting a DDoS attack.

9. Encryption

Encryption is basically the process of translating information into a special code that only authorized computers can read. This practice makes it so that unauthorized users cannot read the encrypted data, protecting sensitive information. Encryption is often used to protect information as it travels from one system to the next, making it so that interceptors cannot read the data.

10. Firewall

A firewall is one of the most basic and essential security systems for networks. These firewalls control network traffic based on rules set by your network administrator, preventing users from making contact with untrusted networks or devices. For example, if a user in your network accidentally clicks on a link to a phishing site, the firewall may catch this and prevent access.

11. Fraud

Fraud is essentially the use of deception to obtain goods or services. For many businesses today, they encounter fraud when customers use stolen or fake payment information. These cases of fraud can be particularly damaging to businesses, as they may lose money on illegally-made purchases.

12. Hacking

Hacking is one of the more commonly known cybersecurity terms, but few know what it really means. Hacking, at its most basic, is when a criminal uses a computer to obtain data without authorization. There are many hacking methods available, including phishing, clickjacking and other strategies, but all fall under the “hacking” umbrella.

13. Honeypot

A honeypot is a security measure where a business sets up a fake “bait” server. Hackers see this legitimate-looking server and try to hack into it, but in doing so they trigger security measures. Security professionals often use honeypots to gain insight into how hackers are attacking their systems, allowing them to set up preventative measures and identify vulnerabilities before they affect real servers.

14. HTTP vs HTTPS

HTTP and HTTPS are often confused due to their similar names, but they stand for two different versions of the same computer language. HTTP means Hypertext Transfer Protocol and is the language networks use to exchange information between computers over the internet. HTTPS, or Hypertext Transfer Protocol Secure, is the newer, more secure iteration of this system. While many sites still run on HTTP, HTTPS is becoming the more standard iteration.

15. IP Address

An IP address is a unique identifier for each machine on a network. An IP address is similar to a mailing address for a home — it tells the network where to send any requested information.

16. Keylogger

A keylogger system is a program installed on a computer or network that tracks the keystrokes of users and reports them to an attacker. This malware can be used to store sensitive information, including usernames, passwords and sensitive client data.

17. Malware

Malware is an umbrella term for any malicious program. Malware includes viruses, worms, spyware, ransomware or keylogger systems — essentially, it is any program designed to steal information or damage networks.

18. Mobile Device Management (MDM)

An MDM is a system that allows companies to monitor employee devices. These systems watch device activities and alert administrators when breaches or security problems arise. These systems also often come with certain security measures, such as theft prevention software, message encryption and remote wiping.

19. Multi-Factor Authentication

Multi-factor authentication is a common security practice where two or more forms of authentication are required to access a network. The most common form of this is two-step authentication where a user inputs their username and password and is then prompted to input a code sent to their email or phone. Other authentication measures may involve multiple passwords or even biometric keys like fingerprint readers.

20. Pen-Testing

Penetration testing, called pen-testing for short, is a practice where a business uses a third party to hack into their system. This testing is used to help businesses find security vulnerabilities that attackers can exploit in the real world so that they can address them. Pen-testing may be accomplished by actual people or automated with software applications, but either way, it serves as a valuable tool in developing enterprise security systems.

21. Phishing

Phishing is one of the most common forms of cyberattack. In these attacks, the attacker sends a message or email to a target that prompts them to complete an action. Often, this action is to click on a link that takes the user to a malicious site. The more sophisticated version of phishing is spear phishing, where the attacker researches targets to create a more convincing scenario and maximize their chances for success.

22. Ransomware

Ransomware is a version of malware that holds data hostage until the owners pay a ransom. Usually, this system encrypts system data and sends the key to the user when they pay the ransom. If the ransom isn’t paid, the ransomer either refuses to unencrypt the data or threatens to release the sensitive data.\

23. Virtual Private Networks (VPNs)

VPNs are becoming increasingly common, but many don’t know what virtual private networks are. VPNs are essentially network masks that allow users to access a network safely using a nonsecure internet connection. If the connection is intercepted, attackers cannot do anything because the user is masked with the VPN. VPNs are very commonly used by businesses with remote workers.

24. Virtualization Technology

Virtualization is another rising star in the business world, but what is virtualization technology? Virtualization is the generation of a virtual version of a system. This virtual version does everything that a physical version can do but operates in a virtual environment. Virtualization technology allows businesses to maximize their processing power without expensive hardware upgrades.

25. Worm

A computer worm is a type of malware. This program is designed to infect as many computers as possible, hiding in less visible parts of operating systems and spreading through network vulnerabilities or USB drives. Worms slowly affect networks in a negative manner, consuming system resources until they slow or halt.

 

Contact PCS to Protect Your Company’s Data Today

Criminals use a wide range of techniques to access business’ confidential data, and its essential for businesses to stay on top of the latest news in cybersecurity. However, while you should stay aware, your primary focus should always be on your business. That’s why we recommend working with a cybersecurity expert like PCS.

At PCS, we provide cybersecurity services for small to medium-sized businesses of all types. Whether your organization is a business, school, hospital, insurance agency, or accounting firm, PCS can help with comprehensive data backup and protection services.

Contact PCS today to learn more about how our services can protect your company from cyberattacks.

 

 

Human-Centered Vulnerabilities in Cybersecurity

Technology has traditionally been the focus in cybersecurity, but now experts are saying we need to make a shift in our focus to human-centered cybersecurity.

Of course, with any system, there are flaws. In the case of human-centered cybersecurity, it’s important to know what vulnerabilities you could be facing in your security.

What Are Human-Centered Vulnerabilities?

First, what exactly is human-centered security? When a human is at the center of cybersecurity, this is human-centered security. Your data is most valuable when it’s being used by a person or being displayed. This is also the point at which your data is the most vulnerable.

The point of contact between data and humans is when your data is most valued, available and at risk, so you’ll want to ensure it’s also at its most protected.

Risks of Human Mistakes in Your Information Technology

Humans make mistakes, and when it comes to your sensitive corporate information, these mistakes can have dire consequences. Data breaches can be caused by employees when they:

  • Unintentionally email documents that include sensitive data.
  • Send sensitive data via email to the wrong recipients.
  • Cause unwanted access by misconfiguring assets.
  • Mistakenly publish confidential data on a public website.

While the cost of a human error may not be as expensive as a breach caused by a hacker, the consequences can still be significant. Fortunately, your company can implement new or updated policies and changes to prevent human errors in your information technology.

Top Five Types of Human Error in Cybersecurity

Employees can make mistakes that lead to breaches in data. Human factors in information security should not be taken lightly, as errors in cybersecurity cost millions of dollars to remediate. Human errors in cybersecurity fall into two categories:

  • Skill-based human errors: These are errors that occur while a person is performing a familiar activity or task. They know the correct course of action, but they fail to perform the action correctly because of negligence or a temporary lapse. Often these errors occur when an employee is distracted, tired, not paying attention or experiencing a lapse in memory.
  • Decision-based human errors: These are errors that are caused by a user making a flawed decision. Maybe the user doesn’t have enough information about the circumstances or maybe they make a decision by default through inaction.

The following are the top five types of human error in cybersecurity:

1. Misdelivery

The term “misdelivery” refers to the act of sending something to the wrong person. Carelessness and email features like auto-suggest can lead to employees accidentally sending sensitive information to the wrong person.

Another common mistake that causes misdelivery is putting an email address in the “to” field” instead of the “bcc” field. This skill-based error can cause an employee to accidentally expose the private details of multiple people to one another.

Why is this a skill-based error? Because while the employee knew the correct procedure, they made the error out of carelessness. By not double-checking and comparing what they intended to do with what they actually did before sending out the email, they caused a data breach.

Encourage employees to take their time with emails and double-check email addresses and fields before hitting send.

2. Easy Passwords

Another type of human error in cybersecurity is using easy passwords. Your employees need to use strong passwords to protect data — this means establishing clear procedures for storing, sharing and handling passwords.

Hackers can access accounts if they’re able to guess easy passwords or if they’re able to use a brute-force attack. Examples include:

  • Passwords using simple sequences: Passwords that are patterns found on your keyboard, such as “123456” or “9ijn8uhb,” can be easily guessed.
  • Passwords using corporate or personal data: Passwords that contain this type of data can be susceptible to attacks, as they can be guessed by browing the social network accounts of employees.
  • Passwords using default credentials: These may be already known to attackers or easily cracked through a brute-force attack.

Employees may also store their passwords unreliably. Examples of unreliable password storage include:

  • Failing to encrypt passwords: If you’re utilizing a password manager, make sure it uses a strong encryption. Weak or no encryption at all can put passwords at risk.
  • Exposing passwords: Leaving a sticky note with your password on your desk could leave your password exposed to the public.
  • Leaving Passwords open: Storing passwords in Google Sheets or plain text can leave them vulnerable.

When passwords are handled incorrectly, this can also lead to vulnerabilities and create problems. Examples of incorrectly handling passwords include:

  • Changing Your Password too Frequently:Traditionally it was thought passwords should be changed every 60-90 days. Today you should be using stronger passwords (four random words) and not changing them unless you are made aware of a compromise. There are some banking sites, and some types of insurance that require passwords be changed at least every 180 days, which is acceptable as well
  • Managing passwords incorrectly across multiple platforms: If you use the same password for more than one account or vary just one character in each for several accounts, this could make your passwords and accounts susceptible to an attack.
  • Sharing passwords in an insecure way: Employees may send their credentials to their colleagues through unencrypted messengers, making their passwords vulnerable.

Ensuring your company has a dependable password policy can help your employees avoid accidentally sharing their passwords or improperly storing or handling them.

3. The Use of Outdated Software

Hackers love outdated software, as it’s vulnerable and can be exploited easily. When it comes to outdated software, employees can make a hacker’s job easier by:

  • Disabling software security features: Employees may disable security features of software so they can utilize their work devices for personal use or simplify their work. Employees may download a file from a distrustful website or pause browser security or antivirus features, so they can watch something on a suspicious website. Disabling these features can leave an employee open to a data breach.
  • Ignoring updates for software: Ignoring updates can also lead to data breaches. For example, the security of unpatched software can be breached, and older versions of Windows can be susceptible to ransomware outbreaks.
  • Downloading software that’s unauthorized: Even the software you use to protect your security could pose a risk to the cybersecurity of your company. When the software itself is malicious, it can immediately compromise your corporate data. Even if the software doesn’t have viruses, it could have vulnerabilities that are known by attackers.

Employees may offer excuses for not updating their software, so try using the following tactics to get them on board:

  • Encourage updates: Make it part of your everyday culture to encourage updates. Let your employees know that making the time to take care of the updates is acceptable and encouraged.
  • Include software updates in work schedules: Employees may feel overwhelmed by work tasks and worry about breaking their concentration to perform a software update. Let employees know that updated software is crucial to their work performance and that they can include software updates in their schedule or list of work tasks.
  • Suggest employees perform other duties while they wait: Updates can take some time, so encourage employees to take their breaks when the software is updating or tackle other work tasks that don’t require computer use.
  • Make time to review the new software: Learning new software may seem overwhelming to some employees, so you may want to schedule a presentation time to go over the new software or allow employees time in their schedules to learn the software on their own.
  • Educate employees about the risks of outdated software: Your employees simply might not be aware of all the risks that come with using outdated or unauthorized software or turning off security features, so discuss these dangers with them.
  • Inform employees about the benefits of the new software: Sometimes, workers may prefer using outdated software because they’ve grown used to it. If you let them know about the benefits of this new software, they’ll be excited about the change.

By providing your employees with education on cybersecurity, you can help combat this negligence in your workplace.

4. Unrestricted Access to Information

Those you entrust with unrestricted access to all information can make mistakes too. These mistakes can be quite costly to your organization. Accounts that have high privileges, such as an admin account, often don’t have adequate security controls to prevent misuse.

Admin passwords are infrequently updated — if updated at all — which can leave these accounts more susceptible to attackers. The attacker can then use the credentials from the compromised admin account to access IT systems or the controls of various resources, compromising your sensitive data.

By giving all accounts the least amount of privilege possible, you can help prevent human errors that occur with unrestricted access to information. You can give high privilege to accounts as needed or for a temporary period of time. You can also implement two-factor authentication to provide an added layer of protection. IT employees should also have both administrative accounts and employee accounts.

5. Lack of Cybersecurity Education

Another common human-centered security issue is a lack of education. Employees may want to concentrate their efforts on what they perceive to be their only work responsibilities, but employees who don’t have the education they need about cybersecurity can make your company more vulnerable.

An insider can make an attacker’s job much easier, allowing them to access critical data, steal credentials and introduce malware into an organization’s system. Your employees can end up the victims of malicious applications or phishing attacks, inadvertently giving hackers access to your company’s valuable data.

What mistakes are caused by a lack of cybersecurity education?

  • An employee uses personal devices for work: Do your employees tend to use their personal devices for work-related tasks? What if an employee forgets their personal laptop or smartphone in a public area? If their device gets stolen, the corporate data on that device can be compromised.
  • An employee click on suspicious attachments and email links: Malicious emails are becoming more believable as cybercriminals are becoming more creative and intuitive. These emails end up in a user’s email inbox instead of their spam folder, and these emails can threaten your cybersecurity, as clicking on the links can download a malicious script or lead a user to a fake website.
  • An employee plugs in insecure devices: USB drives and other devices may contain malicious codes that appear after being exposed to an outside network. When employees plug in these devices to your system, they can compromise your organization’s cybersecurity.
  • An employee performs system changes that are unauthorized: An employee may make unauthorized changes to your system to speed up processes or improve the convenience of their work tasks. Not only can these modifications disrupt normal company procedures, but they can also bring down the system.
  • An employee uses a public Wi-Fi network that doesn’t have a VPN: Public Wi-Fi in places like restaurants and hotels can be utilized by hackers. Through the use of public Wi-Fi, hackers can install malware, initiate man-in-the-middle attacks and more. Using public Wi-Fi without a VPN means you won’t be encrypting your connection, leaving you vulnerable.

Cybercriminals know how to appeal to consumers — they present themselves as a tax refund or email service, so they can get access to a user’s email account. They also hide the illegal content with cloud-based storage services and imitate trustworthy domains to evade spam filters.

How to Reduce Human-Centered Vulnerabilities in Your Workplace

To keep your data secure, the best strategy is to avoid employee errors. But with so many possibilities for human errors in the workplace, how do you reduce human-centered vulnerabilities in your organization when using human-centric cybersecurity?

1. Update Your Security Policy

How does your company handle passwords and critical data? Who can access sensitive data and passwords? Which software will your company use for monitoring and security? Your security policy should outline all of your security rules and practices. Revise your policy to ensure the document includes the current best practices.

2. Monitor Employee Activity

You can protect your system against malicious attacks and data leaks by implementing tools that monitor user activity. Through monitoring tools, you can detect and prevent security mistakes caused by employees.

3. Give Accounts the Least Amount of Privilege

Denying all access is one of the easiest ways to secure your corporate data. Allow privilege only on a case-by-case basis for a temporary period of time. Employees should only have access to data that is necessary for them to perform their work tasks, so don’t allow employees to access sensitive data unless absolutely necessary.

4. Instruct Employees on Cybersecurity

Combat skills-based and decision-based human errors through education. By educating your employees on the dangers and costs of their mistakes and the potential threats they should be aware of, your employees can exercise more caution in their work.

Ensure all of your employees are motivated to adhere to the security policy and familiar with the policy. You can accomplish this by giving your employees the knowledge they need about the grave results their errors can cause your organization and emphasizing how these results can affect them.

Reduce Human-Centered Vulnerabilities in Your Workplace With PCS

At PCS, we know that not every company wants to deal with handling IT. That’s why we offer our services to hire, find and direct IT services. We’ll take over the IT challenges your organization is facing, so you can return your focus to running your business.

When we work with our clients, we seamlessly become part of the team. With more than 100 IT professionals, we can provide our clients with the service and support they need. Our solutions are 100 percent customizable to your needs.

Are you ready to get started improving your human-centered security? Contact us at PCS today.

Technology Trends in 2020

Staying in-the-know about tech innovations is essential if you want to stay on top of your industry’s trends. A convergence of factors has IT and infosec professionals abuzz, indicating 2020 is the year several advancements will reach an inflection point and change the ways businesses operate.

In this guide, we’ll discuss the top tech and information security trends of 2020 and which are most relevant to your industry.

Pay Attention to These 11 Technology Trends in 2020

Experts agree: These 2020 tech trends hold the potential to alter the way businesses and consumers interact — internally and with each other:

  1. 5G and Faster WiFi
  2. Computer Vision
  3. Voice Applications
  4. Safer API-Based Systems
  5. More Functional Internet-of-Things
  6. “Flatter” Organizations
  7. Mobile Payments
  8. Artificial Intelligence (AI) and Machine Learning (ML) Security
  9. Mobile Apps
  10. Blockchain Developments
  11. The Always Connected PC (ACPC)

1. 5G and Faster WiFi

5G internet has hovered in the public lexicon for a few years. Yet 2020 marks a turning point for the “fifth generation” of wireless technology, with U.S. cellular carriers promising infrastructure with lightning-quick download speeds, more device connections and command latencies in the milliseconds (basically imperceptible to the eye).

The implementation of 5G across the next few years will not be without its hiccups, though. The overwhelming majority of today’s devices cannot connect with 5G’s unique high-frequency radio towers, requiring significant IT hardware and software updates. Plus, only a handful of cities nationwide currently host such 5G towers, serving as beta sites for all major carriers to test their deployments.

In 2020 and beyond, more mainstream 5G will unquestionably trigger additional IT ecosystem developments all organizations must address, including:

  • Internet-of-things suited bandwidth: The proliferating amount of interconnected devices — from computers and smartphones to wearables, robots, smart vehicles and more — requires larger and larger bandwidth figures to keep devices communicating properly.
  • Updated firewalls: Businesses looking to embrace a 5G network will also need to rework current firewall throughput. Many current firewalls will be unable to support the data speeds and flows unleashed by 5G.
  • Stronger edge computing: 5G also improves the business realities of edge computing, namely with its emphasis on local cell towers and local data processing and trafficking to reduce latency.

2. Computer Vision

As its name suggests, computer vision enables machines and equipment to “see” using autonomous cameras. Computer vision cameras are a central piece of technology to many security and operational enterprise advancements, such as the following:

  • Business offices and buildings, for enhanced security and around-the-clock “smart building” entry and exit monitoring.
  • Manufacturing/production centers, where computer-vision cameras have increased in popularity to spot defective products or components before moving onto next-phase production.
  • Warehouses, for enhanced sorting, picking and packing functions, among others.
  • Autonomous cars, including freight trucking and last-mile delivery vehicles poised to change supply chain logistics.

The expanding adoption of computer vision cameras comes with an important question, though. Enterprises using these sight-enabled machines and equipment must reconcile the mounting IT ethics behind gathering 24/7 visual data, particularly regarding facial recognition. Organizations must set up transparent computer vision policies, including gathering employees’ and even consumers’ consent about the technology’s usage and highlighting its ethical business case.

3. Voice Applications

Over a third of Americans use voice assistants. Industry projections say that by 2022 over 50 percent of households will have and use a voice assistant, both within their smartphones and through household and car-integrated devices.

This tremendous user uptick will push businesses to prioritize voice applications in several ways:

  • Office usage uptick: In 2020 and beyond, employees will start to expect voice assistants at work just as much as they do at home. From adjusting office lighting to booting up technology, scheduling meetings, reading emails and searching the internet to enhanced office surveillance and controlling other connected network devices, worker tasks and activities will become more reliant on voice technology.
  • Increased “ask” apps: The rise of voice content means organizations will begin shaping digital content for voice search. Brands like Purina’s “Ask Purina” are ahead of the curve here, creating a voice-exclusive application where dog owners can ask breed-related questions, from ideal diets and exercise routines to in-the-moment health questions, all using a familiar voice assistant.
  • Fewer wake words: Currently, popular voice devices require a “wake” word to activate (e.g., “Alexa” in the question, “Alexa, what’s the weather today?”). Wake words let the assistant know you’re talking to it and not, say, yourself. Advancements in voice technology will allow you to speak to assistants more naturally, without the triggering wake word to conduct a search.
  • Enhanced voice assistant personalization: Further voice assistant developments in 2020 will allow devices to understand who’s speaking and therefore deliver responses based on individualized voice profiles. Separate voice profiles can, for example, allow assistants to read your correct schedule for the day and not your coworker’s, or save your correct payment or account information.

4. Safer API-Based Systems

APIs, or application programming interfaces, allow different pieces of software to communicate with each other in a safe, standardized way. APIs are central when building proprietary software, evolving into microservice architecture, as well as transferring your enterprise data to vital business or service partners.

Already, we’re seeing an explosion in API integrations across industries, particularly in banking and fintech. Other technologies also require APIs to function. Yet, for the average business, utilizing APIs safely has another important onus: As more employees and customers use more devices with more apps, they’ll simply expect those devices and apps to communicate with one another.

This expectation puts pressure on businesses to ensure their own software programs, products and services integrate seamlessly with others, and that those underlying data connections are safe. Such API security priorities we’ll see in 2020 include:

  • API gateway controls, improving traffic authentification, so you know who’s requesting your data, where and for what purpose.
  • Tighter API data delegation, helping prevent ominous third-parties from requesting your data, as well as exposing hacks and breach attempts.
  • Expansion of open authorization protocols, which allows users (i.e., your employees or your customers) to give permission for their data to be used by other apps and services without handing over their accounts’ passwords.

5. More Functional Internet-of-Things

The internet-of-things buzzword gets tossed around frequently in the business world. In 2020 and beyond, we’ll see its power come into fuller effect — often working without human oversight — to 24/7 connect the burgeoning amount of autonomous and smart devices businesses will use to execute core functions.

internet-of-things

Take, for example, delivery logistics. Within the next decade, we may see computer-vision-enabled warehouse bots connect with your ERP to receive a new customer order, then pick the corresponding order’s SKU from warehouse racks. That bot then moves the item to the packaging station, which is wrapped by an autonomous machine. Soon, the order is loaded onto an autonomous vehicle driving it to a local distribution center where drones pick it up and conduct last-mile logistics, dropping it at the customer’s door.

This end-to-end order management is enabled only by the internet-of-things, which harmonizes data and edge devices and lets your business use new equipment to its fullest.

6. “Flatter” Organizations

The past decade’s software advancements allow organizations to practice greater data visibility and oversight than ever. Tools like ERPs, CRMS and other resource planners assist departments, letting employees quickly and conveniently find the information they need to execute their work without bothering employees in other departments for data access.

As technology allows ever greater data and process transparency, we’ll see organizations subsequently turn “flatter.” Defined by reduced informational and managerial hierarchies, flat organizations trim bureaucratic red tape to improve the speed and proactivity of decision-making. Managers will no longer be relegated to constantly approving workloads, task routes and resolutions, since employees are empowered to make these decisions — and those decisions are easily identified and tracked in a horizontal, enterprise-accessible logs.

7. Mobile Payments

In the next decade, businesses must pivot to keep up with the times, embracing prominent payment trends like:

  • The accelerated use of mobile wallets (e.g., Apple Pay) over cash and card transactions.
  • Voice-recognition transactions, including voice command-led online purchases, as well as voice-based two-factor authentication.
  • Mobile fintech portals providing a “one-stop-shop” look into a user’s complete financial portfolio (bank accounts, investments, mobile payment history, etc.).
  • Mobile alerts for purchases, account notifications and order updates.

8. Artificial Intelligence (AI) and Machine Learning (ML) Security

Today, most AI and ML cybersecurity programs still reside in the “supervised learning” world. Tomorrow, though, AI and ML will continue its progression into the unsupervised learning space:

  • Supervised Learning requires a computer program or piece of software to come with programmed directions, or parameters, guiding how it works and what it can — or can’t — do. In short, supervised programs need to be told how to track and compare new data.
  • Unsupervised learning programs, though, do not need pre-programmed data examples or parameters. These applications can identify data patterns on their own, then alert relevant people when manual data reviews or actions need to be performed.

This transition to autonomous data supervision allows business cybersecurity teams to automate an unprecedented amount of network and device security activities. In particular, AI and ML security programs will be better able to:

  • Identify new or unauthorized network access and similar security risks.
  • Track endpoints and devices better, particularly with the growing number of devices enabled by the internet-of-things, which increases threat vectors.
  • Trigger alerts for security updates or maintenance needs.
  • Create smarter usage habits, authentications systems and data encryptions bolstering security defenses.

9. Mobile Apps

2020 will also bring major changes and consumer trends affecting mobile applications.

The current app ecosystem still predominantly relies on mobile-app devices, typically a computer or smartphone. However, mobile app developments in the next decade will be influenced by many of the IT advancements on this list — plus a few extra goodies, including:

  • Growth of the instant app: Many smartphone owners know the frustration of managing low storage space on their mobile devices or using apps that take up too much room even on unencumbered phones, tablets and wearables. Instant apps offer an alternative, letting users access a smaller version of an app without actually installing it on their devices. Instant apps have grown in popularity in the past few years, with many thought leaders predicting a new, widening rollout of app brands and developers producing instant versions of their most popular applications in 2020 and beyond.
  • Voice-enabled personalization: Many business apps will adapt to match the growing popularity of voice search. In some cases, organizations may even deploy voice-specific applications to answer user queries or provide specific services. Organizations may also begin implementing voice-controlled security and authentication for in-office devices and programs alongside these voice deliverables for consumers.
  • 5G connection capabilities: 5G’s quicker data delivery and almost non-existent latency means apps won’t have to work as hard to perform core functions. This preserves your mobile device’s battery life and extends the usability of your apps, plus also introduces a mobile platform finally functional for in-depth augmented reality (AR) and virtual reality (VR) apps that congested all previous networks.

10. Blockchain Developments

Blockchain had its biggest year yet in 2019. Major companies — from IBM to Walmart, FedEx to Facebook and more — committed to blockchain developments for various pilot — and often proprietary — programs, adding legitimacy to the decentralized ledger technology. Many hope to use blockchain beyond its transaction recording and management origins, though, expanding it for dual security and service-related offerings:

  • Internal blockchain business advantages: Internally, blockchain offers improved tracking for physical and non-physical enterprise assets. Blockchain ledgers can be used across the supply chain to identify production problems or proper recall points for goods, to bolster vendor compliance, trigger proof-of-delivery transactions or track system or network log-ins.
  • External blockchain business advantages: Outside your business’ walls, blockchain technology can help manage more secure vendor payments, contracts and business partnerships by triggering payment or settlement transactions after the ledger notes a complaint or sees goods have been delivered. Blockchain data ledgers are also more secure and transparent, given their decentralized setup and encrypted framework that cannot be altered.

IT trends in 2020 will likely embrace blockchain as a transaction-tracking and management system for goods and services across its clients, suppliers and vendors. Many will need to create ledgers addressing the tool’s top pain point, though: interoperability. Currently, blockchain-designed programs are unable to share its information with anything outside itself (a.k.a. other transaction-management systems or even other blockchain ledgers), preventing the tool from reaching its full potential.

11. The Always Connected PC (ACPC)

Always Connected PCs are the next generation of computers as we know them. Boasting the same processing technology as today’s top smartphones, but placed inside a laptop or computer’s hardware, the ACPC presents a range of capabilities no other device does, including:

  • 24/7/365 web access: As their name suggests, an ACPC should always have access to the web via both LTE and WiFi connections, even when you close up the computer. Most recently, a Lenovo-Qualcomm partnership announced its plan to produce 5G-connected ACPCs for 2020.
  • Qualcomm processor chips: A smartphone-mirroring microprocessor allowing integration with a Windows 10 operating system.
  • Extensive battery life: In some units, developers claim 20+ hours without the need to charge.
  • Ultra-lightweight: Allowing laptops to be portable and user-friendly without sacrificing functionality.

Early models of the Always Connected PC were not without their flaws, though. Many users experienced issues loading and running a handful of 64-bit apps on their laptops, including some popular Microsoft Office programs. Next-phase ACPC models produced in 2020 and beyond will prioritize these bit-version incompatibility snafus, with producers like Lenovo stating their commitment to providing a fully synchronized, true-to-its name breed of computer.

Stay on Top of Technology Trends With PCS

It’s exhausting keeping tabs on tech business trends for the next 10 years — and beyond. That’s where PCS comes in.

We work with clients to untangle IT. From IT project support to a dedicated, fully managed IT team taking care of the bulk of your IT operations, let us handle your business’ tech side — so you have one less thing to worry about.

See what IT work we can take off your shoulders, then request a personalized quote.

How to Educate Employees About Cybersecurity

Cybersecurity awareness among your employees could save your business. Security breaches could lead to leaks of sensitive data, loss of business and financial ruin. You cannot bear the burden of protecting your company alone or with only one or two techs. Every one of your employees must know their roles in protecting the company from cyber threats. Through training and awareness, you can help protect your company from cybersecurity threats.

Why Is Cybersecurity Training Important?

You don’t need to personally be a cybersecurity expert to know that keeping your company’s data safe is vital to your operations. In fact, the team member at your company who will bear much of the responsibility for data security is your human resources (HR) director.

The HR department focuses on hiring and training, and you need to make cybersecurity an integral part of job training. By taking advantage of HR’s ability to engage workers in the training material and keep them updated with new policies, you can more effectively educate your workers about cyber threats. Unlike the IT department, HR can implement training methods that will help employees to retain more information and see why education is useful.

1. Having More Employees Creates More Openings

Security threats to your company increase the more employees you have. Those extra workers add to the number of emails sent and received in addition to the number of computers and vulnerable devices you have. Onboarding training and continual updates help to create a human firewall between your company’s information and security threats.

2. Your Employees Are Targets

The criminal people who send out fake emails to attempt to steal information target your employees specifically. Often, those targeted have control over finances or tax information, such as payroll personnel, although anyone can receive phishing emails. You need to train your workers to recognize fake emails and websites to avoid sending information to those who will misuse it.

3. It Decreases Successful Phishing Attacks

Training your workers helps prevent attackers from having success with their phishing emails. In fact, training reduces the chances of phishing attack success by 20% with each session. Making your workers aware reduces the chances your company will become a victim of a scam.

What Is Cybersecurity Awareness Training?

Cybersecurity awareness training helps workers understand the threat the company’s data faces and their roles in protecting it. At the end of each course, each worker must know what they need to do to keep your business’s information safe and why protection is essential. When workers have this information, they can feel empowered in protecting the company instead of powerless to prevent a data breach.

1. Add a Mandatory Cybersecurity Training in Onboarding

As soon as you hire a worker, they need to recognize their role in the company’s cybersecurity. As part of the onboard training, include measures of what you expect the employee to do to protect the company’s data. By working with HR, you can ensure that every worker at your company has security in mind from their date of hire.

2. Avoid FUD Training and Enforcement

Older training policies that created fear, uncertainty and doubt (FUD) are not as powerful as training that uses positive reinforcements. Punishments for failing to adhere to the security policy can cut into workers’ productivity levels, especially when those penalties involve taking away internet or email access.

Instead, encourage workers to embrace security measures. Positive reinforcements are more effective than FUD measures. Use rewards for finding phishing emails or spotting potential security openings in access to information. Having everyone working together will make finding problems easier while giving the employees a role in the company that feels good to fulfill.

3. Create a Culture Focused on Cybersecurity

Every aspect of employee education on information security needs to build a culture that takes cyber threats seriously. The more deeply involved your employees are in the culture, the more likely they will be to remember the rules they learned in training.

To ensure everyone stays on top of your company’s cultural expectations, assign someone in each department to act as a cybersecurity cultural liaison. This person will guide employees in their department in upholding strong security to protect your company’s information.

Routinely Educate About Top Cybersecurity Threats

Threats to your company’s data can take many forms. Hackers use a variety of methods to try to steal login information, passwords and sensitive company data. To get this information, they specifically target your employees. Social engineering, such as phishing schemes, caused 93% of the data breaches in 2018. To avoid having your company become another statistic, you must keep your workers updated on the latest threats your company’s information faces.

1. Phishing Scams

Phishing is a common ploy in which a disreputable person sends an email out that looks like it comes from a well-known company or a person the recipient knows. For instance, workers may get phishing emails that look like delivery companies asking for the person to click a link to verify login information.

Toward the end of the year, when companies’ payroll departments finalize W2s to send out to workers at the end of January, IRS scams reign. In these phishing emails, the payroll employee may get an email that looks like it comes from the company’s CEO or CFO or the IRS asking the employee to send W2 information back. The sender then has social security numbers, names and home addresses for anyone the recipient replied about.

If a worker doubts whether someone in the company sent an email, they should phone that person directly to verify the legitimacy of the message.

2. Spoofing Websites or Email Accounts

Spoofing uses a slight variation on a website or an email address. These fake addresses may look close to their correct counterparts. For example, the sender may be a spoof if it reads from john@copmanyxyz.net instead of the correct john@companyxyz.com.

3. Malware

As its name suggests, malware is harmful software that a cybercriminal installs on a victim’s computer. Often, it happens when an unsuspecting person clicks on an email link or downloads an attachment. This software can then access the victim’s computer, including their email program, passwords and company information. From the victim’s email, the criminal can send out emails that appear to come from the victim. Some cybercriminals use this email to receive verification notices when sending illegal wire transfers. Because no one in the company saw the emails about the transfers, no one notices until the money disappears.

4. Ransomware

Ransomware is a variation on malware. Like malware, it can access a victim’s information on their computer. The twist to ransomware, though, is the program can lock away that information through encryption. The cybercriminal then holds the data for ransom, refusing to release it or threatening to destroy it if the victim does not pay. Also, like malware, ransomware can happen as quickly as clicking an email link or opening an attachment. With proper training, though, your workers will be able to recognize ransomware emails and not allow the criminals to fool them.

Make Cybersecurity Everyone’s Issue

From their initial onboarding, all your workers need to know that cybersecurity is their concern as much as it is the concern of your technology experts. Everyone’s device has the potential to open the door to cyberattacks, and only through a collective effort can you prevent them.

With a consulting company taking care of your IT, you have the entire company working toward maintaining your computers instead of just two or three IT professionals. With such concentrated effort and the expertise of a larger group, you can keep your company’s data safer than if you tried to do the work yourself.

Enforce Specific Technology Guidelines

When training workers and outlining the rules, they must follow, be specific. Don’t just tell workers to use better passwords but show them how to make them better. The more details you give to your workers, the better they will understand the technology guidelines you present to them.

You also need to enforce the guidelines. Whether you choose positive reinforcement to reward proactive workers or reminders to increase their caution levels if they forget, make sure your workers know the expectations. You should also schedule security reminders for employees to change passwords and logins and to check their computers.

1. Never Provide Login Credentials

Stress the importance of your workers never sharing login credentials even if the email appears to come from someone in the company. The same holds for credit card information and social security numbers. If an employee thinks a coworker sent the email, they should contact the sender by phone or talk to them in person to verify. You could also establish a policy of only sharing such information when talking face to face. This rule will also prevent them from accidentally giving away information to phone scammers who may use it to steal company data.

2. Use Strong Passwords

Always have your workers use strong passwords and store them written on paper in a locked location. Do not allow workers to save their password in a word document or email on their computer. These places are vulnerable to hackers.

The passwords your employees use should be sentences that replace some letters with numbers of symbols and use both lower- and upper-case letters. Single words are too short and easy for hackers to guess. The longer the password, the safer it will be from those who may try to crack it.

Additionally, for every program your employees access, they must have separate, secure passwords. A password manager can make keeping track of this information easier.

3. Regularly Scan Your Computer for Viruses

Just having antivirus software on your company computers will not help if the workers turn off scanning or do not have automatic updates. The same holds true for operating systems. Operating systems frequently have security protocols in their regular updates that improve protection from attacks. Still, you won’t take advantage of these changes if the machines have not updated.

Require your employees to set their virus blocking software and operating system to update automatically. Doing so will ensure the software has information on the latest threats and the means of protecting the computer from them.

Additionally, require that any peripherals pass through a virus scan before the workers use them. Viruses can enter a computer or network from a download someone brought on a thumb drive from home or another office. Scanning such devices can prevent an attack on your company.

4. Use Multifactor Authentication

Multifactor authentication sends a code to a person’s phone, email address or app whenever they try to log in to a site or server. The user then enters the code they got to verify that someone else did not steal their information. This two-factor authentication makes it harder for a third party to take login information and use it because every login must get verification from the user.

If the user receives a code but did not attempt to log in, they know to change their login information immediately because someone has tried to use it fraudulently. This type of verification offers higher security for the system against hackers because it dramatically reduces their chances of successfully logging in with a stolen username and password.

Perform Cybersecurity Exercises

Everyone has experienced a fire drill. This activity lets building occupants practice what they would do in the event of a real fire but without the threat. You should take the same approach to test the training of your workers when it comes to cybersecurity.

Cybersecurity drills enact the events that would typically happen if your company had a data breach. These events let you see how well your employees respond. By learning what works and what doesn’t in a safe exercise, you can make improvements to your company’s cybersecurity practices and training to be ready for an actual event.

1. Make a Plan

Before conducting the drill, have a plan available. You need to outline who employees should contact, what they should do and how long the process should take. During training, communicate everyone’s role in the plan.

2. Make the Drills Mandatory

Make the scheduled cybersecurity drills mandatory to ensure full compliance from everyone in your company, from the CEO down to the interns.

3. Learn From the Experience

Use each exercise as an educational moment. All employees need to learn what to do and not just turn to the company owner or IT professional and ask them what they will do. After each drill, host a mandatory training session to review what went right, what went wrong and how to fix problems.

PCS Makes Cybersecurity an Easy Process

Don’t let your business fall prey to cyber threats. Using cybersecurity training best practices for all your employees will provide your company with greater protection than just alerting certain workers. Focusing on your cybersecurity does not require you to get an IT degree or to have a full department of experts. Instead, you need to educate everyone in your business on safer practices and find a partner to help you keep your data safe. That’s where the experts at PCS come in.

We offer customized IT solutions so that you can have more time to focus on your core business. If you want to learn more about how PCS can help improve your business’s cybersecurity, contact us for a quote.

Ransomware Protection

With most of the world now connected to the Internet, malware has spread to more computers across the globe. One of the most troubling and costly trends in recent years has been the rise and spread of ransomware, which is a type of malware that renders a user’s files unreadable until they pay a ransom.

Ransomware attacks have increased in the last year, affecting 621 entities between January and September of 2019. Ransomware attacks can occur when a company doesn’t have adequate security measures in place. In some cases, an attack will start from one compromised computer and spread to other computers on the company’s network. During an attack, a company’s files and data can suddenly become locked down. The individuals or organizations behind the attack often demand a ransom before it will free the company’s data.

As attacks of this nature increase, companies across the business, government and medical sectors are wondering how to prevent ransomware from taking root on computers and spreading across networks.

Protecting Your Business from Ransomware

During the second quarter of 2018, the typical ransomware payout was $36,295. Due to the high-cost nature of recent ransomware attacks, businesses have grown concerned about their online security. Each time you update a set of security programs and install the latest patches, a new round of viruses are being written to bypass security. Many of the recent cases of ransomware attacks have started with one machine and moved to connected computers on the same network. Ransomware often goes undetected, at least initially, even by some of the savviest computer users.

Knowing how to detect ransomware is crucial for all companies that hope to stay competitive in the increasing online economy. In most industries, system problems that last just a few hours can cost a company thousands of dollars. When ransomware spreads across a company’s computer system, it becomes difficult for IT techs to contain and remedy.

What is Ransomware?

Ransomware is a type of malware that encrypts a user’s hard drive and makes all files unreadable until a ransom amount is paid to the entity behind the attack. A ransomware virus will generally infect a computer in one of two ways: through a drive-by download or from a phishing email.

In a drive-by download scenario, a person might visit a website that appears legitimate, only to have the browser overtaken by a prompt that offers a false dilemma, such as asking the user to confirm the download. If the user presses “no” or “deny,” the threat actor uploads the ransomware to the user’s computer anyway.

With phishing email, a user receives a message that appears to be from someone they know or a company they work with. The email might ask the user to visit a website to provide more information. If the recipient clicks on the link, a similar situation to the drive-by download can occur, where a popup appears and takes over the computer, locking out the user.

How Does Ransomware Work?

Once a ransomware virus downloads itself onto a computer, the virus makes files on the machine un-viewable. The virus can also spread to peripheral drives and other computers on the same network. When a ransomware virus infects one computer on a company network, the whole entire company could effectively have its system breached, pending the isolation and removal of the virus in question.

Ransomware is accompanied by messages that inform the victim that computer files and data will not be readable until a ransom amount has been paid. The virus keeps the files in an unreadable state by encrypting different file types with strange extensions, such as .xyz, .locky, .vault, .zzz, .petya, .ttt, and .aaa. Even if the ransom amount is paid, the files might remain unreadable. Often times, the ransom goes up to a higher amount.

U.S. law enforcement agencies advise against paying ransom to the threat actors behind these attacks because doing so can encourage further ransomware hits. Instead, victims can try decryption software, which can sometimes unlock affected files, making them viewable again. Scan the affected computer for malignant attachments and return the system to an earlier state, if possible. Backing up an operating system when it’s virus-free makes it easier to restore the machine in the future, if necessary.

Ransomware Targeting Businesses

In its August 2019 report on ransomware attacks, antivirus firm Malwarebytes tracked a 363 percent increase in incidents over the prior year. The rise in recent ransomware attacks on businesses has spurred a 34% increase in cyber insurance since 2017. The fact that threat actors have cost businesses thousands of dollars in the span of months is an indicator of the growing sophistication of the viruses in question. As such, IT techs must be knowledgeable about how ransomware targets businesses in today’s online environment.

Individuals were once seen as soft targets by the entities behind ransomware-type viruses. In recent times, however, threat actors have stepped up their efforts to target companies and large corporations. The idea here is to infect the machines of one or several staff members at a target company and spread the virus onto other machines in the company’s network.

How Does Ransomware Spread Across a Network?

When ransomware is initially encountered on a network computer, the virus targets the company’s domain controller to spread itself across the network. This is done with a self-enacting PowerShell script, which decodes and opens a reverse shell that allows the threat actor to penetrate the first in a sequence of network computers. The domain controller then duplicates the virus onto other machines in the network. Such viruses will typically enact a number of tasks, such as the suspension of system files and the execution of pre-installed infections.

Some of the worst cases of network attacks have started on the machine of an unsuspecting company employee who opens an email or clicks on a link that immediately overtakes the machine. Often times, the individual will initially try to end the program and only report the matter after it becomes obvious that files cannot be opened or that an unknown extension file cannot be ended in Task Manager. By the time the matter is reported to IT staff, the ransomware will have spread to numerous other computers on the company’s network.

Company networks tend to be more vulnerable when certain computers within the network are older and lack the capacity for today’s more advanced security patches. A ransomware virus might download on to one of these machines and then spread to other computers on the same network. Ransomware can also spread across a network when infected files are shared between colleagues on a company cloud server.

Recent Ransomware Attacks

During the first quarter of 2019, ransomware attacks saw a 195-percent spike over the prior quarter. During that same period, ransomware attacks on individuals dropped by 33 percent. The shift has marked a change in tactics among threat actors, who have recently grown more emboldened to target larger businesses.

In 2018, the FBI received 1,394 complaints about ransomware attacks, which were estimated to be responsible for $3.6 million in losses for the parties affected. However, such figures have not taken into account the number of computer users that have not reported such attacks to the authorities. The true number of ransomware victims, both knowing and unsuspecting, is expected to be far higher.

The healthcare industry has been a frequent target of ransomware attacks. In its 2018 report on Internet crime, the FBI noted 337 cases involving hospitals, companies and people in the public and private healthcare sectors. The attacks resulted in $4.7 million in losses.

Between June 2018 and June 2019, companies within the U.S. were the target of 53 percent of the world’s ransomware attacks. Canada came in second at 10 percent, followed by the U.K. at nine percent with Brazil and Italy each with seven percent of global ransomware incidents.

How to Prevent & Detect Ransomware

There are things companies can do to help prevent a ransomware attack. Remind employees to be cautious with any emails they receive. If they can’t verify that an email is from a particular organization or individual, encourage them to report it. It’s also a good idea to be careful when visiting websites and to ask employees to double-check the URL before they click “enter.”

One way for employees to verify that a website is the real deal before they visit it is to have them search for the site on Google, rather than click through an email or type in a link.

It’s also important for a business to back up files and data regularly. Duplicate all of your company’s data on external drives. Once copied, disconnect the external drive from your computer. Perform this step every day, if necessary, to avoid the loss of any critical data.

If you think that ransomware has downloaded onto a network computer, turn off the machine and report the incident to your company’s IT department. Check other company computers to see if the virus has spread.

To stop the virus, IT techs will quarantine the first computer and run diagnostic tests. The computer should not be reconnected to the network until it’s either virus-free or restored to an earlier back-up version. In some instances, IT might need to wipe the computer and reinstall everything.

To keep your company safe from ransomware attacks in the future, hold training sessions frequently. During these sessions, have IT techs cover all the basics of ransomware prevention with your team members. The topics covered in these sessions should go into detail about the warning signs, such as seemingly innocuous or friendly emails and the links contained within such messages.

Have your workforce undergo testing to ensure that they know how to identify potential threats. Your IT team might design a fake phishing email and send it across the network to see whether all of your company’s rank and file and informed enough about ransomware to pass the test.

Contact PCS to Protect Your Company’s Data Today

The rise of ransomware has followed the general pattern of malware viruses. As security systems grow tighter, threat actors work harder to bypass security patches and system firewalls. Every time that a new patch is devised to protect computers from existing threats, cyber thieves and hackers are working on their next round of attacks. Consequently, ransomware could make its way onto your company’s computer system. if the people on your workforce do not how to prevent ransomware from taking root on the company network.

Of course, not all companies know how to deal with the spread of ransomware. Regardless of the markets you serve, your team should ultimately be able to focus on its own areas of expertise while working and interacting online and via cloud servers without fear of viruses, hijacked files and ransom messages.

At PCS, we provide data backup and protection services for small businesses, schools, hospitals, insurance agencies, accounting firms, and various other companies. Contact us today to learn more about how our services can protect your company from ransomware attacks.

Posted in IT