A single click can be the difference between maintaining data security and suffering massive financial losses.  From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

Quickly spot the red flags and put phishing emails where they belong:

1. Poor spelling and grammar

While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign.  Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined.  Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.

2. An offer too good to be true

Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch?  There’s definitely cause for concern.  Take care not to get carried away and click without investigating deeper.

3. Random sender who knows too much

Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business.  Culprits take details from your public channels, such as a recent function or award, and then use it against you.  The only clues?  The sender is unknown – they weren’t at the event or involved in any way.  Take a moment to see if their story checks out.

4. The URL or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right.  For example, [microsoft.info.com] or [pay-pal.com].

Hover over the link with your mouse and review where it will take you.  If it doesn’t look right, or is completely different from the link text, send that email to the deleted items folder immediately.

5. It asks for personal, financial or business details

Alarm bells should ring when a message contains a request for personal, business or financial information.  If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid antivirus system provide peace of mind that your business has the best protection available.

 

Give us a call or fill out our contact form today to discuss how we can secure your system against costly phishing attacks.

Hackers today have many ways to attack small businesses and business owners.  Many attempt to use technology to send malware, viruses, or phishing attacks; or use information to con owners and employees into handing over more information than they should.

One or more of these techniques can be combined with gaining physical access to steal from vulnerable firms.  Identifying precisely how criminals target businesses and what they deem most valuable can help to protect from the most devastating attacks out there.

Remaining vigilant and informed is one of the most vital things you can do as a business owner to protect your assets and reputation.

Extortion

Different types of attacks tend to rise and fall in popularity.  Fifteen years ago, computer worms were the most common attack that businesses faced.  Security software wasn’t as advanced or as widely used at it is today.  Computer worms were, at the time, an exceptionally low-cost and efficient way to inflict the maximum amount of damage for minimum cost.

Today ransomware has seen an unfortunate boom in popularity.  This technology aims to encrypt the target’s files on their personal computer.  This technique denies the victim access and charges a large fee in exchange for the key to retrieve the victim’s own data.

The attack has worked so often because it requires minimal effort and can be used again and again.  Many businesses have no option but to pay because the data is worth far more than the ransom demand the hackers have made.

The best defense against ransomware attacks, in addition to strong online security, is an up-to-date offsite backup — one that is tested to work reliably.

 

Targeting Customer Records

One of the most important things for your firm to take care of is your customer data records.  Records which include names, dates of birth, and other personally identifying details.  These details are extremely valuable to hackers or criminals who, either use them personally or sell them on to someone who will.

Many regions have strict laws and guidelines about how this information must be stored, accessed and protected.  Failing to follow these can result in severe penalties that could devastate any company.

 

Targeting Financial Information

Like personal information, a small business must take extreme care when storing customer financial information.  Sensitive details such as credit card or banking information are a key target for hackers looking to steal money fast.

The impact on your business reputation following a breach of financial data will be severe and devastating.  Even a simple mistake can require years of advertising and great PR to repair.  Many firms have failed to recover after losing the trust of their customers.

 

Social Engineering

Most firms today run good IT security packages to protect against online attacks and other forms of malware.  Attackers often know to take their methods offline to achieve the best results.

Whether posing as a supplier, customer, or interested party; attackers can seek to gain information that you may be less than willing to hand over to a stranger.  Small businesses can often be used to gather information on vendors and suppliers they do business with in order to attack them too.

Be particularly cautious of the information you provide when discussing business with individuals you haven’t spoken to before.

Keeping Small Business Safe

Each of these targets and attacks are just some of the most popular and hard-hitting attacks out there now.  The list is forever changing, and the methods we use to protect against them always needs to change too.

Some can be defended against with great security, backups, and software.  Others, such as social engineering, need you and your staff to stay up-to-date and remain vigilant about the major attacks affecting small business today.

 

If you need help tightening your businesses security, give us a call at 470-236-2584 or fill out our contact form to learn more today.

Passwords are essential to your cyber-safety.  You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember.  It’s a lot.  So, you might take shortcuts.  Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials.  Some people don’t change the default passwords on their devices.  So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

 

Tip: Avoid the obvious passwords! When you have to create a password, make an effort.  When it’s time to update a password, do so.  Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password.  With a little bit of research about you online, they can make some informed guesses.  Common passwords include pet names, birthdays, and anniversaries.  These are all easy to find via your social media accounts.

 

Tip: Be careful what you share on social media!  Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force.  They might script an automation bot to run thousands of password permutations until they get a hit.  The software will try a long list of common passwords and run through dictionary words to gain access.

 

Tip: Use a complex password with numbers, letters, and symbols or a passphrase.  A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

The criminal may also be working with info from a data breach.  In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web.  Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

 

Tip: Use a unique password for each site.  Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer.  The bad guys may have installed a key logger on the computer.  The logger records every key you press on the keyboard.  Or they might have compromised a router or server to be able to see your information.

 

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack.  For instance, you get an email that looks like it was sent by your bank.  Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

 

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes.  If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords.  Still, setting up a password manager and amping up your internet security can help too.  Need support getting ahead of the cybercriminals?

Contact us today!  Call us at 470-236-2584 or fill out our contact form to learn more today!

 

Cybersecurity attacks on big-name brands or governments are familiar headlines these days.  Millions of access credentials are breached, and millions of dollars are lost to ransomware attack.  You may think you’re protected, but a single undetected misconfiguration could mean trouble.

If you’ve been paying attention, you know no one is immune from cyberattack.  Your business has been proactive by:

• putting firewalls and antivirus protection in place;
• establishing a bring-your-own-device policy;
• educating employees about password strength, social engineering, and cyber hygiene;
• updating software promptly;
• upgrading end-of-life hardware and software.

The threat landscape is evolving rapidly, the number of devices connected to a business network is exploding, more employees work on their own devices, and a greater number of people are working remotely.  Plus, connected devices are all different types.  If your wireless is unsecured, you could end up with devices you don’t know at all connected to your network.  Yet it’s difficult to manually monitor every single configuration for security.

Push notifications advising us to update software come in fast and furious, but we’re busy.  We have other things on our mind, we don’t get around to it right away, or, having clicked “never show again” on that popup, we forget the notification altogether.  No action is taken.

At least no action on the business side.  Out in cyberspace, bad actors actively seek out unattended or unpatched vulnerabilities.

 

What You Can Do About It

Think of the risk this way: you wouldn’t install a steel door and assign guards at both the front and back entrances, then leave a side window open.

Of course, an open window is something you can detect with the naked eye, but misconfigurations are more difficult to detect.  A vulnerability scan helps detect insecurities in your systems and software.  Sometimes a file share is configured incorrectly: you think the connection shares to one person, but instead it’s 100% open to the public.

An automated scan proactively identifies network, application, and security vulnerabilities.  This process aims to find any points of entry.  A scan also predicts the effectiveness of any countermeasures you may have in place.

The scan detects and classifies system weaknesses in networks, communications equipment, and computers.  It then compares details about those vulnerabilities with a database of known exploits.  This includes known flaws, coding bugs, packet construction anomalies, default configurations, and more.

A thorough managed service provider takes several scanning approaches.  To scan your external exposure, they’ll look at all applications, ports, websites, services, networks, and systems facing the internet.  An internal scan identifies system and application security holes that cybercriminals might exploit once they get in.  Environmental scanning considers any IoT devices, websites, cloud-based services, and mobile devices.

Securing your business assets is critical.  Identify the system security holes with vulnerability scanning before the bad guys find them.

Partner with us to review your security posture.  We can scan your network for misconfigurations, malware, known exploits, or open reports.  We’ll produce a report that outlines any vulnerabilities, and recommend what you can do about them.

 

Call us at 470-236-2584 now or fill out our contact form to learn more today!

 

Small- and medium-sized businesses (SMBs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cybercrime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.

You, like many SMBs, may not think you are a target

82 percent of SMBs say they’re not targets for attacks as they don’t have anything worth stealing (Towergate Insurance).

However, 55 percent of SMB respondents have experienced a cyber-attack in the past year, and another 50 percent have experienced a data breach involving customer and employee information (2016 State of SMB Cybersecurity).

You may underestimate the value of your information

It doesn’t always seem like it, but every business has data worth stealing. Did you know that the average cost per lost or stolen record is $158? It may not seem like a lot, but this number grows quickly once these records are stolen by the hundreds (Cost of Data Breach Study).

This means you might not be prepared to defend yourself

Did you know that 79 percent of small businesses do not have an incident response plan? Without one, you may never be able to fully recover when a security incident becomes a reality (Nationwide Cyber Security Survey).

However, the consequences are significant and often business-crippling.

An IBM and Poneman Institute study found that the average cost of a data breach has increased to a staggering $3.79 million (Cost of Data Breach Study).

Similarly, 60 percent of companies that lose their data due to an attack or disaster will shut down within six months (Boston Computing Network).

Work with an MSP to receive the data protection you need.

Invest in an outsourced cybersecurity solution to protect against the expanding cyber threat landscape, and mitigate damages inflicted upon your business. Gain the expertise, technology and support you may be lacking, and grow your IT budget without growing your payroll.

Work with us today!

Contact Us

 

 

Introduction: The Need to Educate Employees on Cybersecurity

When developing cybersecurity programs, many businesses focus on protecting their infrastructure perimeter and device endpoints. After all, that’s where cybercriminals usually first gain access and wreak havoc on a company’s digital access.

But it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee—in the form of a malicious email or text, or even a voicemail that might prompt an employee to respond with confidential company information. There’s also the possibility of an offline attack from inside the office, where an employee or an office visitor might gain access to valuable data by quickly taking something carelessly left on a desk.

According to a PricewaterhouseCoopers survey, in 2014, 69% of business executives expressed concern about cyber threats, including a lack of data security. In 2015, an updated survey increased that number to 86%.1 These numbers indicate that it’s clear there’s a pressing need for better cybersecurity. The issue is not going away anytime soon. If anything, it’s only getting worse.

Stronger cybersecurity has become a global priority over the last few years as hackers penetrate the IT infrastructure of government and enterprises with increasing frequency and sophistication. According to a study conducted by the Identify Theft Resources Center, the total number of data breaches reported in the US grew from approximately 400 in 2011 to approximately 750 in 2015. This represents an increase of more than 60% and does not include breaches that went unreported—a figure that is likely much higher.1 Coupled with the Internet of Things (IoT) and the explosive growth of mobile devices, the threat landscape and potential for data leaks is even more significant.

In this post, we explore the need for employees to practice strict and secure cybersecurity habits— not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information. We also present the key steps SMB business owners can take to educate their employees to help secure their company’s data and intellectual property.

We can’t stress enough the importance of security awareness training for internal employees. Educating them on what it takes to protect proprietary documents and data is critical. Any leaks— unintentional and intentional—could hurt the business in the form of information that assists a competitor, violates regulations, or harms the corporate image. Leaks can also hurt employees from the standpoint of personal information that might be exposed. Lastly, customers and business partners could be at risk, compromising the industry reputation of any business that does not properly protect confidential information. It only takes one incident to completely destroy any goodwill you established and built with your customer base.

 

Physical Security Precautions

Keep a Clean Desk

It makes complete sense and sounds so simple, but keeping a clean desk is often overlooked when talking about data security. It’s also the perfect place to start the discussion with employees.

Employees that keep a cluttered desk tend to leave USB drives and smartphones out in the open. They also often forget to physically secure their desktops and laptops so someone can’t simply walk off with them.

A messy desk also makes it more difficult to realize something is missing such as a folder with hard copy print-outs of customer lists. In addition to increasing the likelihood of something being removed, a cluttered desk means that the discovery of any theft will likely be delayed—perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might now be located.

Encouraging employees to maintain a neat desk pays off in two ways. In addition to making digital and paper assets more secure, employees with clean desks are more apt to be productive because they can quickly—and safely—access the tools and resources they need to do their jobs.

The Common Messy Desk Mistakes to Avoid

The following list presents 11 “messy desk” mistakes employees are prone to commit and which could cause irreparable harm to the business, the employee, fellow employees, customers and business partners. These are all bad habits for which to educate employees to stop:

1. Leaving computer screens on without password protection: Anyone passing by has easy access to all the information on the device; be sure to lock down screen settings.
2. Placing documents on the desk that could contain sensitive information: It’s best to keep them locked up in drawers and file cabinets.
3. Forgetting to shred documents before they go into the trash or recycling bin: Any document may contain sensitive information; it’s best to shred everything rather than taking a risk.
4. Failing to close file cabinets: This makes it easy for someone to steal sensitive information and more difficult to realize a theft has occurred.
5. Setting mobile phones and USB drives out in the open: They likely contain sensitive business or personal information and are easy to pick up quickly without being caught in the act.
6. Neglecting to erase notes on whiteboards: They often display confidential information on products, new ideas and proprietary business processes.
7. Dropping backpacks out in the open: There’s often at least one device or folder with sensitive information inside.
8. Writing usernames and passwords on slips of paper or post-it notes: This is especially important given that user names and passwords are typically used to log in to more than one site.
9. Leaving behind a key to a locked drawer: This makes it easy to come back later—perhaps after hours when no one is around—and access confidential files.
10. Displaying calendars in the open or on the screen for all to see: Calendars often contain sensitive dates and/or information about customers, prospects and/or new products.
11. Leaving wallets and credit cards out on the desk: This is more likely to impact the employee, but wallets may also possess corporate credit cards and security badges.

In today’s fast-paced world where employees are always on the go, it takes too much time to determine whether documents, USB drives, devices and other items contain sensitive information. The safe bet is to make sure everything is filed away and kept locked up or else properly destroyed.

 

Email Threats

Social Engineering Inboxes and Voicemail

Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks.

An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network.

Phishing Email Compromises

One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on.

Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totaling over $2 billion dollars in corporate losses.2

Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to.

 

 

 

 

 

 

Four Common Phishing Techniques

The scope of phishing attacks is constantly expanding, but frequent attackers tend to utilize one of these four tactics:

• Embedding links into emails that redirect users to an unsecured website requesting sensitive information.
• Installing Trojans via a malicious email attachment or posing ads on a website that allow intruders to exploit loopholes and obtain sensitive information.
• Spoofing the sender address in an email to appear as a reputable source and requesting sensitive information.
• Attempting to obtain company information over the phone by impersonating a known company vendor or IT department.

Email Security Best Practices–Five Ways to Block Phishing Attacks

Employees should always be suspicious of potential phishing attacks, especially if they don’t know the sender. Here are five best practices to follow to help make sure employees don’t become helpless victims:

1. Don’t reveal personal or financial information in an email—Make sure employees also know not to respond to email solicitations for this information. This includes clicking on links sent in such emails.
2. Check the security of websites—This is a key precaution to take before sending sensitive information over the Internet. <http> indicates the site has not applied any security measures while <https> means it has. Also consider if employees are practicing safe browsing habits. Sites that do not serve a legitimate business purpose are also more likely to contain harmful links.
3. Pay attention to website URLs—Not all emails or email links seem like phishing attacks, so employees may be lured into a false sense of security. Teach them that many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it’s not hidden behind non-descript text) to see if it looks legit. Employees may also be able to detect and evade the scheme by finding variations in spellings or a different domain (e.g.,.com versus .net).
4. Verify suspicious email requests—Contact the company they’re believed to be from directly. If an employee receives an email that looks odd from a well-known company, such as a bank, instruct them to reach out to the bank using means other than responding to the suspicious email address. It’s best to contact the company using information provided on an account statement—NOT the information provided in the email.
5. Keep a clean machine—Utilizing the latest operating system, software and web browser as well as antivirus and malware protection are the best defenses against viruses, malware and other online threats. It may be difficult for employees to do this, so the business may want to invest in a managed IT services provider who can also be a trusted advisor for all IT needs.

 

Username and Password Management

Low Security Account Credentials

Although it should be common sense, employees need to avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords according to www.splashdata.com are those that use a series of numbers in numerical order, such as 123456. The names of popular sports such as football and baseball are also on the list as are quirky passwords such as qwerty and even the word password itself.

Emphasis should also be placed on the importance of avoiding common usernames. In analysis conducted by the information security firm Rapid7, hackers most often prey upon these 10 usernames in particular3:

Username	administrator	Administrator	user1	Admin
Alex	Pos	Demo	db2admin	Sql

 

How Attackers Exploit Weak Passwords to Obtain Access

While most websites don’t store actual username passwords, they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. When passwords are weak, it’s easier to break the password hash.

Here is a list of common word mutations hackers use to identify passwords if they feel they already have a general idea of what the password might be4:

• Capitalizing the first letter of a word
• Checking all combinations of upper/lowercase for words
• Inserting a number randomly in the word
• Placing numbers at the beginning and the end of words
• Putting the same pattern at both ends, such as foobar
• Replacing letters like o and l with numbers like 0 and 1
• Punctuating the ends of words, such as adding an exclamation mark !
• Duplicating the first letter or all the letters in a word
• Combining two words together
• Adding punctuation or spaces between the words
• Inserting @ in place of a

Educating end users on these tactics underscores the importance of creating long passwords (at least 12 characters) and applying multiple deviations, rather than something simple like just capitalizing the first letter.

 

Nine Tips to Strengthen Password Security

1. Change passwords at least every three months for non-administrative users and 45-60 days for admin accounts.
2. Use different passwords for each login credential.
3. Avoid generic accounts and shared passwords.
4. Conduct audits periodically to identify weak/duplicate passwords and change as necessary.
5. Pick challenging passwords that include a combination of letters (upper and lower case), numbers and special characters (e.g. $, % and &).
6. Avoid personal information such as birth dates, pet names and sports.
7. Use passwords or passphrases of 12+ characters.
8. Use a Password Manager such as LastPass where users need just one master password.
9. Don’t use a browser’s auto-fill function for passwords.

An advanced and under-used password security tip to consider is two-factor authentication, which is a way for websites to double confirm an end user’s identity. After the end user successfully logs in, they receive a text message with a passcode to then input in order to authenticate their ID.

This approach makes sure that end users not only know their passwords but also have access to their own phone. Two-factor authentication works well because cybercriminals rarely steal an end user’s password and phone at the same time. Leading banks and financial institutions enable two-factor authentication by default, but if not, the service can often be turned on by asking the website to do so. More and more non-financial websites are now offering two-factor authentication as well.

 

Mobile Security

Mobile Threats Jeopardizing Company Data

Mobile security is increasingly becoming a big concern as more and more companies adopt Bring Your Own Device (BYOD) environments, which allow end users to connect to corporate networks through their own (often multiple) devices. Even in cases where a business does not offer BYOD, end users often find a way to log onto business networks on their own.

With personal devices accessing corporate networks, businesses must now protect endpoint devices that are not completely under their control, which opens up the business to greater risk. Trying to gain control over personal devices also presents the challenge of making sure the company does not infringe on personal apps and information employees store on their own devices.

 

Mobile Device Security Challenges

• Lost, misplaced or stolen devices—remote wiping them quickly is key to protecting sensitive business and personal information.
• Mobile malware—hackers are now turning their attention to mobile devices and executing successful breaches through text messages. Android markets can be set up by anyone looking to sell malicious software to unsuspecting customers. Note: While mobile malware affects Androids more than iOS, a few exploits exist for Apple products as well.
• Unsecure third-party apps—if breached, they can serve as a gateway to other apps on a device and the device operating system, where security controls can be manipulated.
• Files with sensitive information accidentally emailed to an unauthorized party or posted online— once something is sent, it’s out there forever.

Employees that utilize unsecured public WiFi are another area of concern. Hackers in the vicinity of or on the same network can overtake a device without the end user even being aware, capturing sensitive data in transit. The end user can then become the victim of a man-in-the-middle attack, also referred to as hijacking. The hacker leverages the device so that it turns into an invasive device against other unsuspecting end users.

How Employees Can Secure Their Mobile Devices

Set a PIN or passcode: This is the first line of defense—if someone wants to access the device, they first need to break the code. This is not an easy task and can operate as a deterrent against theft. Some device manufacturers also provide the option to automatically wipe the device after a few unsuccessful attempts at the passcode or PIN. So even if a phone is stolen, information cannot be accessed.

Use remote locate tools: Several software solutions help locate lost or stolen devices through GPS and geofencing capabilities. Apple offers a service like this for mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services, and Windows mobile users have this same option from the Windows Phone website. Similarly, many third-party applications are available in each of the app stores.

Keep devices clean: Phones are mini-computers, and just like “big” computers, they need to be cleaned up from time-to-time. Utilizing an antivirus and malware scanner is always a good idea. Malware can compromise information stored on mobile devices and has a snowball effect that continuously piles up until it slows downs or stops the device.

Mobile Device Management (MDM) solutions help businesses and their employees apply these best practices by providing the ability to remotely wipe any devices that are lost or stolen. Such solutions also isolate personal apps from corporate apps in separate digital containers so that personal information remains private, and when an employee leaves the company, only their corporate apps and data are deleted while their personal apps and data are left intact.

By deploying an MDM platform, businesses can also enforce the use of passcodes to access devices, and they can apply geofencing capabilities that allow a lost device to be more easily located. End users can also be restricted to using only the corporate apps for which they have proper authorization. MDM also protects devices from jailbreaking and rooting—where hackers try to gain access to the operating system to open security holes or undermine the device’s built-in security measures.

Secure Website Browsing

The Top Browser Threats

When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats lurking on many website pages. Some of them are readily apparent, but others are well hidden.

Malvertising—a form of malicious code that distributes malware through online advertising—can be hidden within an ad, embedded on a website page, or bundled with software downloads. This type of threat can be displayed on any website, even those considered the most trustworthy. According to security firm RiskIQ, malvertising increased by 260% in the first half of 2015 compared to the same timeframe in 2014.5

End users also need to beware of social media scams. Hackers have created a playground of virtual obstacles across all the major social media sites. According to an article in The Huffington Post, some of the most common Facebook hacks and attacks include click-jacking, phishing schemes, fake pages, rogue applications and the infamous and persistent Koobface worm, which gives attackers control of the victim’s machine while replicating the attack to everyone on their Facebook contact list.

Twitter isn’t immune to security issues either. Since the microblogging site is both a social network and a search engine, it poses extra problems. According to CNET News, just 43 percent of Twitter users could be classified as “true” users compared to the other 57 percent, which fell into a bucket of “questionable” users. Among the things to watch for on Twitter are direct messages that lead to phishing scams and shortened URLs that hide malicious intentions.

As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees.

Website Browsing Best Practices for Employees

• Be conservative with online downloads.
• Beware antivirus scams.
• Interact only with well-known, reputable websites.
• Confirm each site is the genuine site and not a fraudulent site.
• Determine if the site utilizes SSL (Secure Sockets Layer), a security technology for establishing encrypted links between Web servers and browsers.
• Don’t click links in emails—go to sites directly.
• Use social media best practices.

 

The Value of an MSP in Ensuring Employee Cybersecurity

Partnering with a Managed Services Provider (MSP) that focuses on IT security can bolster your cybersecurity defenses. This is especially true when it comes to end user error. All the tools and solutions in the world won’t protect your business from every attack. Human error is still highly dangerous, and many employees grow complacent at some point as they fail to follow best practices.

An MSP that offers mobile device management (MDM) can be very helpful in deploying automatic and remote device-locate and device-wipe services in cases where mobile devices are lost or stolen. MSPs also offer antimalware and antivirus solutions to keep data on mobile devices as well as desktops protected.

Partnering with an MSP makes sense because they serve as a backup for proactively preventing security leaks that employees might cause and mitigating damage when a leak occurs. Here’s a sampling of the benefits a mobile device management MSP can provide:

• Keeps employee devices updated with the latest antivirus and antimalware software.
• Applies updates to programs and applications when new versions and fixes become available.
• Applies operating system patches when first available on a regular schedule that you can configure.
• Provides security assessments to identify weaknesses in your existing mobile security program.
• Offers guidance on how to mitigate any mobile security program risks

As for specific preventative tools that are helpful, look for an MSP that offers Malwarebytes or Bitdefender for both mobile devices and computers. The antimalware solution keeps endpoints clean and secure from outsiders.

Viruses can also do serious harm to information, so consider MSPs that offer Bitdefender as an antivirus application. The technology scans downloaded apps and devices for any threats. Equipped with Internet security, this defense provides a heads-up if it detects any malicious activity from the device browser.

 

 

Education and Technology: A Winning Cybersecurity Combination

As your business begins the journey to enhance its cybersecurity posture, it all starts with educating your employees. The tips provided within this post along with some basic common sense can go a long way in making sure sensitive information does not fall into the wrong hands, proactively identify and thwart potential attacks as well as react expediently if a successful attack occurs. This is where a managed IT services provider can assist. They eliminate the need for your business to keep up on the latest antivirus, antimalware and alert technologies. You also don’t need to expend the necessary resource time to deploy and manage such solutions, which often fall beyond the bandwidth and expertise of internal teams.

Succeeding in applying the necessary cybersecurity measures is paramount to your long-term business success. In today’s world of advanced hackers, who revel in breaching corporate networks, confidential information will always be at risk. Businesses must take the necessary steps to protect their intellectual property, their confidential information and their reputations while also safeguarding their employees, customers and business partners.

If you or your business is in need of cybersecurity solutions, please don’t hesitate to contact us today and let us work on your behalf in implementing the proper security measures.

 

 

 

Sources

Business Insider, “This one chart explains why cybersecurity is so important,” 4/5/2016: www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-3

RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf

lifehacker, “The Top 10 Usernames and Passwords Hackers Try to Get into Remote Computers,” 3/3/2016: http://lifehacker.com/the-top-10-usernames-and-passwords-hackers-try-to-get-i-1762638243

Webroot, “Top 11 Security resolutions for the New Year,” 12/29/2015: http://www.webroot.com/blog/2015/12/29/top-11-security-resolutions-for-the-new-year/

InformationWeek DarkReading, “How Hackers Will Crack Your Password,” 1/21/2009: http://www.darkreading.com/risk/how-hackers-will-crack-your-password/d/d-id/1130217

Sophos Labs, “When Malware Goes Mobile: Causes, Outcomes and Cures,” 2015: https://www.sophos.com/ en-us/medialibrary/Gated%20Assets/white%20papers/Sophos_Malware_Goes_Mobile.pdf

Symantec Blog, “7 Security Tips To Protect Your Mobile Workforce,” 6/30/2014: http://www.symantec.com/connect/blogs/7-security-tips-protect-your-mobile-workforce

Entrepreneur, “11 Tips to Secure Mobile Devices and Client Data,” 6/11/2015: http://www.entrepreneur.com/article/246814

Webroot, “How Businesses Stay Safe and Secure Using Social Media,” Date unknown: http://www.webroot. com/us/en/business/resources/articles/social-media/how-businesses-stay-safe-and-secure-using-social-media

ComputerWeekly, “BlackHat 2015: RiskIQ Reports Huge Spike in Malvertising,” 8/24/2015: http://www.computerweekly.com/news/4500251077/BlackHat-2015-RiskIQ-reports-huge-spike-in- malvertising

Heimdal Security, “How You Can Get Infected via World Wide Web Exploits,” 3/3/2015: https://heimdalsecurity.com/blog/internet-browser-vulnerabilities/