Equifax Breach Puts Focus on IT Security

IT Security

IT Security

Recently, the data of 143 million consumers — including Social Security numbers, birthdates, driver’s license numbers and much more — was compromised during a massive Equifax security breach. And with this breach, there is one subject on everyone’s mind: security.

The effects of this breach are certainly long-lasting, both for the affected consumers and Equifax. However, the breach forces every company to ask a critical question: If huge companies such as Equifax, Target, Home Depot and others can be breached, are we at risk too?

Rethink IT Security with these 5 Easy Steps

SMBs are not safe from a data breach. In fact, 50 percent of small businesses have been breached within the past 12 months. The time to rethink IT security is now, but what action should you take?

Use two-factor authentication. Sixty-three percent of data breaches result from weak or stolen passwords. Many SMBs have only one layer of password protection. Two-factor authentication confirms user identity by using two different identifying factors, which might include combining a thumbprint with a password or a one-time SMS text.

Create companywide security policies. Do you have a formal security policy in place? If not, create one, and if one is already in place, review it with staff regularly. Employees are your first line of defense, so train them to recognize and protect your company from threats.

Keep software up to date. Cyber criminals thrive when discovering outdated software because they open up weaknesses in your system. Ensure that updates are completed regularly because an out-of-date computer is instantly more at risk than a fully patched computer.

Invest in cybersecurity solutions that fit your business needs. What solutions do you have in place to protect you from a security breach? Could these solutions be better? If you aren’t sure, speak with an MSP to ensure that you have identified any potential weakness and have implemented solutions to mitigate that risk.

Create and practice a business continuity plan. Ideally, preventive measures will ensure that a security breach won’t occur, but it’s still important to be prepared. Run drills of the plan so that your staff understands their role during a security breach and everyone is prepared to mitigate loss.

Do you have questions about how to rethink your existing security approach? If so, we can help. Contact us online or call 212-931-0705 today.

Ransomware Attacks Increase 10x – Are You Prepared?

Ransomware New York IT Support

Ransomware New York IT Support

Ransomware Attacks Increase Tenfold: Are You Prepared?

Data is the heartbeat of SMBs, and when that data is locked up, nothing paralyzes a company faster — and hackers know it. Last year, hackers broke into a hospital’s main system, locking down data and demanding $17,000 to get systems up and running again. They hit their payday, with the hospital handing over the ransom in the form of bitcoins.

Ransomware attacks have increased tenfold in the past year, with costs that add up to over $200 million. And hackers aren’t just targeting large corporations — they are strategically striking SMBs with security vulnerabilities. So what can your business do to be prepared?

How ransomware strikes a business

Ransomware uses a couple of different approaches to strike SMBs. Hackers may send an email appearing to be from a known person, and they include an email attachment when they do so. When the attachment is opened, the organization is severely impacted.

Hackers may also infect a legitimate website that affects your machine through the browser. Once infected, the machine brings malicious code to every file within its range. For example, a personal computer that is connected to a network may be affected; this ultimately spreads to the entire data center and locks down access to every stored file.

Proactively protecting your company from ransomware

There is no silver bullet to protect against ransomware, but taking a proactive approach can greatly minimize your risk for attack. Here are a couple of tips to consider.

Educate your staff. Train employees to recognize the techniques that ransomware uses to wreak havoc on your business. Teach them to avoid “click bait” and to not open attachments from people they don’t know. In fact, they should even be careful about opening attachments from people who they do know.

Create a robust backup process. When ransomware takes hold, an SMB has three options. It can restore the backup, pay the ransom or lose the data. Since that third option is clearly off the table, the best option is to have a reliable backup solution in place. Ensure the backup process is working in real time, so you can simply roll your system back a few days prior to the infection and restore local and server-based apps. However, make sure the ransomware is completely removed prior to restoring backup, otherwise it can encrypt your backup files.

Do you have questions about the benefits of working with an MSP? If so, we can help. For more information, visit InfoManage online or call 212-931-0705.

Security in the Age of the Internet of Things

internet-of-things

internet-of-things

The Internet of Things, which includes any object or computing device that connects to the internet, is growing fast and providing unique security challenges for businesses. In fact, it’s reported that 43 percent of businesses use IoT, with the number of connected devices expected to reach 13.5 billion by 2020.

These devices provide businesses with new capabilities, as they perform tasks and gather data they couldn’t in the past. Yet there are some security concerns, especially in the business environment.

A large number of IoT-enabled devices are left completely unsecured, which creates optimal conditions for cyber-criminals. But what are these risks, and how do they affect your business?

Check out a few of the common vulnerabilities:

Out-of-date security. When your desktop, smartphone or tablet requires a security update or a patch, the device alerts you. The appropriate update or patch is quickly installed without much effort on your part. But this isn’t always the case with the IoT, which can leave you vulnerable to attack.

Lack of encrypted communication. Many IoT devices aren’t encrypting communication, which creates a significant concern in the business environment and could put data at risk.

Difficulty detecting intrusions. Currently, most IoT devices don’t have the technology in place to know that an intrusion has occurred. As a result, device owners don’t realize their IoT device has become an entry point for a cyber attack.

Weak or ineffective passwords. Most people don’t think of their device as posing a security threat, so they are relaxed about changing the default password and continuing to change the password in the future for additional security. But not being diligent about IoT passwords provides an easy way for cyber-criminals to get access to these devices.

The best way for businesses to minimize this vulnerability is to make sure that any IoT devices used in the workplace are purchased from manufacturers that have the strongest security safeguards. Employees should change default passwords and continue to change those passwords with the same regularity as they do for their other work devices.

Cyber-criminals are always looking for that next big vulnerability, and with the proper safeguards in place, you can prevent them from making IoT-enabled devices on your network the target.

Do you have questions about security solutions? If so, we can help. For more information, contact InfoManage online or call 212-931-0705.