As technology advances, so do cybercriminals. Cyber attacks seem to be occurring more frequently than ever and hurting businesses throughout the world. Furthermore, for many small to enterprise-level businesses, a cybersecurity breach can quickly impact the business’s compliance with significant IT compliance regulations. Even companies with enterprise-level IT support can benefit from easy and necessary IT Security safeguards. Here are 3 easy ways to help safeguard yourself against a cybersecurity breach that takes only 5 minutes each week.

Change Your Password: IT Services TIp

1. Change Your Passwords

Every IT network support progressional will tell you – change your passwords often! This fast and easy fix could save you from a cybersecurity threat. Set time aside to update your passwords on all of your accounts. Experts recommend having different passwords across all your personal network. This ensures that if one is compromised the hacker has access to only one system, not all of them.

Forget the tough passwords; new guidelines recommend keeping it simple. According to the United States National Institution for Standards and Technology (NIST), new password guidelines help you stay protected. NIST suggests, keeping your passwords simple, long, and memorable. Phrases, lowercase letters, and typical English words and objects are suggested when creating passwords. This recommendation had changed from when the organization suggested using unique characters and a mix of lower and uppercase letters.

These new guidelines may seem surprisingly easy, Paul Grassi, senior standards and technology adviser at NIST, who led the new revision of guidelines, says that these new guidelines will help users create longer passwords, which are harder for hackers to break.

Once a cybercriminal has access to your personal credentials they can impersonate you to send personal emails directly to your friends, family, and co-workers. Soon, and IT security breach can lead to imposter postings on your social networks where cybercriminals seek to collect even more sensitive information. This a small business managed network services nightmare. It is also often a socially and professionally embarrassing experience.

Managed IT Services Expert Tip:

A bank will never ask for personal information via email or suspend your account if you do not immediately update your personal information. Most banks and financial institutions usually provide an account number or other personal details within the email. This information is how you can ensure that the email or phone call is coming from a reliable source.

 

Think Before You Click IT Services

2. Think Before You Click

Many IT network security threats happen by accident. You see an email from an old friend or a significant update from your bank, and you just go ahead and click on the email without thinking. Unfortunately, these emails are socially engineered to look like they came from a trustworthy source, not a cybercriminal. Here are some things to think about before clicking an email.

One of the fastest ways to verify an email is to check all the hyperlinks. Take your mouse and hover over the directed hyperlink in an email. Make sure that the hyperlinks match the URL you land after clicking. Check for spelling errors in the web address. Popular websites are often manipulated but contain spelling errors. For example, if the hyperlink says www.mybank.com, but when you hover over it says wwwmybank.com, do not click it. If you suspect the link may be suspicious, better to not click it.

Is this offer too good to be true?

Most of these cybercriminals will present you with an eye-catching deal to make you think you have won a contest; you have not entered or asking you to claim a prize that is too good to be true. In an instance like this, it is best to remember that if the offer seems too good to be true, it probably is. If you ever have questions, contact the organization directly from a contact page on a trusted website, or your business’s managed IT services team, not the email in question.

Who is sending this email?

Whether you know the sender or not, does the email make sense for you to receive? If not, do not even open it. Simply, delete and move on. Accidentally opening the email can cause IT security issues and potentially make you vulnerable to a cybersecurity threat. If someone you know is asking for money, call or text to verify. When in doubt, always think critically before acting.

Install Updates IT Services

3. Install Updates

We all know how annoying it can be when your computer continually reminds you to update your software. That said, an enterprise-level managed network services expert will tell you these updates are essential in protecting you against a cybersecurity threat. Updates give you more than just the latest and greatest features; they make sure you also have the most updated security to protect your IT network. Thousands of new malware variants run every day. Having out of date security software is almost as bad as having none at all.

Is your software up-to-date?

Your un-updated software is vulnerable. According to Sophos, cybercriminals can exploit this vulnerability by writing code explicitly targeting your network’s system. This can infect your computer without you ever taking action. When your computer is compromised, cybercriminals steal data and gain control over your computer and personal information.

Managed IT Services

The 5 minutes each week you devote to strengthening your network will help protect you from any future threats. Small to enterprise-level business owners who are not comfortable with handling their network’s security are good candidates for Managed IT Services. Managed IT services allow business owners to rather than their system. RJ Young offers free network assessment for businesses. We ensure your organization is protected from IT security vulnerabilities.

What is phishing?

Phishing is a common type of email scam designed to trick you into disclosing your personal or financial information for the purpose of financial fraud or identity theft.

Most recently numerous organizations have been victimized by a form of business email compromise. The individual in your organization who typically handles tax information (W2s) for your employees will receive an email from a cyber criminal impersonating the CEO or other executive level employee. The email appears to be from the CEO, and states the following1:

 


Subject: SALARY REVIEW

Hello

Kindly send me the 2015 W-2 (PDF) of our company staff for a quick review

Thanks


 

Numerous employees have followed instruction and replied by sending PDF containing sensitive employee information, including names, dates of birth and Social Security numbers. Thinking information was being sent to the company CEO, it was instead sent to the cyber criminal for identity theft. Even if employee information is not listed on your corporate website, cyber criminals are finding information from social media platforms—such as LinkedIn—to spoof email addresses.

Educate your employees against the dangers of phishing emails and cyber crimes because once your information has been compromised, it’s virtually impossible to retrieve.

 

 

1 Source: Scott Augenbaum, Special Agent, Federal Bureau of Investigation, Email Notification 3/10/16

 

James Walker, Regional Director of Managed IT Services

James oversees the Chattanooga, Nashville and Huntsville markets of our managed IT Services department. In his role he manages service delivery and support of engineers in all regions, does security and compliance auditing, and works with businesses in network design, implementation and troubleshooting. He has been in the technology industry for over 24 years. James is originally from Boston, MA and works out of our Chattanooga office. He joined RJ Young in January 2013 through the acquisition of his previous company, Preferred Computers, Inc.

 

 

 

The latest business cyber threat according to the FBI, is a scam called “Business E-mail Compromise” (BEC).  BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting an unauthorized wire transfer. The majority of the incidents that have been reported have involved the compromise of an e-mail account belonging to the CEO or CFO of a company.  The intention of this hacking is to modify the bank account associated with vendors/suppliers.

The tactics used are very inconspicuous. In some instances the thieves have auto-forwarded e-mails received by the victim to an email account under their control.  A common theme in the CEO/CFO scheme is that the thieves wait until the CEO/CFO is on official travel before sending wire transfer instructions making it harder to verify the transaction as fraudulent.

The FBI along with the United States Secret Service recommend business take the following steps to mitigate this risk:

  • Verifying a chance in payment instructions to a vendor or supplier by calling to verbally confirm the request;
  • Limit the number of employees within a business who have the authority to approve and/or conduct wire transfers;
  • Use out of the band authentication to verify wire transfer requests that are seemingly coming from executives. An example would be to call the executive to obtain verbal verification, establishing a phone PIN (Personal Identification Number) to verify the executive’s identity.

For more information please see the official press release here: http://www.ic3.gov/media/2015/150122.aspx

 

Who among us has not been heightened to the awareness of the dangers of cyber security in recent months?  Cyberspace by the nature of its infrastructure creates a vulnerability to a wide range of risks.  A broad range of traditional crimes are being perpetrated through cyberspace.  Many of these affect business transactions and include banking and financial fraud, intellectual property violations, and other crimes that put businesses and consumers at risk.

Cyber security also starts at the document level and begins from within a company and its mission critical documents.  Although most companies have implemented systems to prevent intrusion into their networks, little has been done to prevent internal security threats especially with regards to document security.

According to a recent IT research study, 90% of U.S. organizations experienced leakage or loss of sensitive or confidential documents during the past year. While most companies are aware of threats related to email and hard drives, many are not aware of the potential dangers related to printers and multifunctional devices (MFP).

Companies need to address the key areas of threats with their employees through strict policies and procedures.  It is recommended that companies implement secure access solutions via proper authentication for their MFPs.  This assures that there is an audit trail as to who printed what and also adds another layer of security.

Almost all MFPs have the ability to encrypt the hard drives which log and store documents.  Some of the information is stored temporarily while other times it might be indefinitely.  It is recommended that the use of a disk image overwrite application be used on a regular or scheduled basis. In fact, many companies require the return of the hard drive from the MFP when the term of the contract is up.

It is extremely important that companies consider the entire document infrastructure when addressing document security issues.  The areas of most concern are hardcopy document storage, printers, MFPs, and digital document storage which includes local area networks, cloud storage, databases, and of course mobile devices.  Protection and prevention is the best approach when dealing with the policy towards document security.

 

Hunter McCarty – COO

Click here to view Hunter’s bio.

Hardly a week goes by that we are not made aware of a cyber security breach. It is a continual problem and affects everyone.  These breaches can occur in two ways: 1) a company’s risk from exterior and interior sources and 2) the risk a company takes if it accesses data at a customer’s site.

On the internal side a company needs to be protected by computer security. The goal of IT security is to protect both the data that is transmitted within or outside of the network, as well as the data at rest. Some of the many considerations are access controls, awareness controls, training, risk assessment, and constant monitoring.  Internally, your company needs to be protected by computer security.

The protective management of the vulnerabilities include the following: user access controls firewalls that are properly configured, intrusion detection systems, up-to-date software and patch management, current antivirus and endpoint security for software & hardware, backup systems and off-site storage, data encryption, intrusion detection processes, and a proven disaster recovery / business continuity plan.

With the advent of BYOD (bring your own device) there is a greater increased risk, especially since many of the users are utilizing cloud-based systems.  Many of these cloud-based systems may or may not be authorized or install software that can protect against cyber attacks. The mobility of BYOB is very critical but it also opens additional threats to networks.

In a recent study by Spector Soft, 47% of companies reported that a former employee took information with them when they left the company, 49% have discovered that employees routinely copy corporate data to USB storage devices, 33% of their end-users reported they transfer work information via personal accounts such as Gmail, and another 23% of those end-users send information to cloud services such as Dropbox.  This same report indicated that 44% of inside breaches include intellectual property such as business plans and technology designs.

The flip side is when you access your customer’s data. Most people did not realize that Target’s disaster and security breach was actually transferred to the Target network by a vendor. So if you have access to your clients’ networks then make sure your people are trained to understand the risks and liabilities of an accidental or malicious breach of a clients’ data.

Nearly all US states have data protection laws in place that include legal protection for such things such as Social Security numbers, credit card information and banking records.  It is estimated that the average cost of a data breach is $7.2 million and that correlates to about $210 per compromised record.  According to McDonald Hopkins, about 90% of cyber-attacks are avoidable through simple or intermediate controls. Now would be a good time to have a cyber check-up on the internal and external controls and protections.

 

Hunter McCarty

Chief Operating Officer

See bio here https://www.rjyoung.com/leadership