3 Reasons You Are an Easy Cybercrime Target

/in ,

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. You might believe that hackers won’t bother targeting your business due to its small size. However, it is crucial to recognize that cybercrime aimed at smaller companies is undeniably escalating, and you could be the next cybercrime target if you do not take the necessary precautions.

According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

So, why exactly are cybercriminals interested in your business, and more importantly, what actions can you take to combat this threat?

Why Small Businesses are Prone to Cybercrime

It’s essential for you to acknowledge the following three reasons why you may be seen as an easy target for cybercrime and take proactive and defensive measures to protect your business.

1. SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier cybercrime target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

2. SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming, above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

3. SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

15 Actions You can take to Improve Your Cybersecurity

  1. Implement a robust cybersecurity strategy tailored to your business needs, including firewalls, intrusion detection systems, and antivirus software.
  2. Regularly update and patch all software and operating systems to protect against known vulnerabilities.
  3. Conduct regular security audits and risk assessments to identify and address potential weaknesses in your systems.
  4. Train your employees on cybersecurity best practices, such as recognizing phishing attempts, creating strong passwords, and handling sensitive data securely.
  5. Implement strict access controls and user privileges to limit unauthorized access to sensitive information.
  6. Encrypt sensitive data both in transit and at rest to protect it from interception or theft.
  7. Backup your data regularly and store backups in separate, secure locations to ensure data recovery in case of a breach or system failure.
  8. Develop and enforce a strong password policy, including the use of complex passwords and regular password changes.
  9. Enable multi-factor authentication (MFA) for all user accounts to add an extra layer of security.
  10. Monitor your network and systems for any unusual or suspicious activity using intrusion detection and prevention systems.
  11. Stay informed about the latest cybersecurity threats and trends through industry publications, forums, and reputable security organizations.
  12. Establish an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident, including notification procedures and communication channels.
  13. Regularly educate your employees on emerging threats and provide ongoing training to ensure their knowledge remains up to date.
  14. Limit the use of personal devices for work-related activities and enforce strong security measures for those devices that are permitted.
  15. Partner with reputable cybersecurity vendors or consultants to get expert advice and assistance in securing your systems.

By implementing these actions and cybersecurity best practices, you can significantly reduce the risk of cybersecurity breaches and protect your business from potential threats. Remember, cybersecurity is an ongoing effort that requires continuous vigilance and adaptation to evolving threats.

It’s always a good time to perform a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.

Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.

 

4 Lessons from the Q4 Data Breach Review

/in

Last week, our strategic partner Privacy Ref held their quarterly review of recent data breaches.  In his presentation, Ben Siegel, CIPM, identified 4 lessons learned from recent data breaches, including: Google Android; Hillary Tentler, CPA; Folsom State Prison; and the Internal Revenue Service.

#1: Unauthorized Mobile Apps Create Risk

Issue: Users can download apps from sites other than the Google Play store. These apps are not “vetted” and gain access to tokens used to control users’ accounts.

Lesson: As the threat is outside of Google’s control, you need to put systems in place to prevent unauthorized apps from access your company’s data via mobile devices.

#2: Local Data is At Risk, Too

Issue: In the burglary of an accountant’s home, three hard drives were stolen and only one was recovered during the arrest.

Lesson: Physical devices, when stolen, can result in a serious data breach; While moving 100% cloud is more secure, it may not be a practical option for your business yet. You should ensure any local data is encrypted and subject to regular backup.

#3: Internal Breaches are Still a Breach

Issue: A file including names, social security numbers, and other sensitive data was saved to a shared location accessible to anybody in the organization.

Lesson: You can protect yourself from internal breaches with solutions that use defined business rules to automatically enforce permission restrictions based on the content of your files.

#4: It is Too Easy to Email Protected Information

Issue: Employees were sending emails with personally identifiable information (PII) clearly visible, in violation of regulatory requirements.

Lesson: You should not rely on people to do the right thing all of the time — mistakes happen and can be damaging and costly. System exist that scan and encrypt emails automatically if they contain sensitive or protected information.

Do you need a privacy assessment or a privacy plan review? Are you ready to better protect your data — on premise and/or in the cloud?

Contact us to discuss your needs.

 

Yet Another Yahoo! Breach

/in

Yahoo Mistreats CustomersFor the second time this year, Yahoo! acknowledges a major security breach.  This time, the breach occurred in 2013, resulting in the data loss of roughly 1 billion, (Yes, BILLION) accounts.  More than usernames and passwords this breach included security questions and answers.

But, here are the scary facts:

  1. Yahoo! was unaware of the breach until a third party notified them that their user information was for sale on the “dark web”
  2. Yahoo! admits it was unaware of the breach and does not know how it happened

Because Yahoo! accounts are used behind the scenes in multiple services, and you may be using your Yahoo! identity for other sites and apps, the potential impact of the breach is just plain scary.

Maybe it is time to Move From Yahoo!.  Contact us to learn how.

 

3 Reasons to Consider Replacing Active Directory

/in ,

Identity ManagementActive Directory was designed for on-premise local and enterprise networks.  As the use of cloud continues to move forward, Active Directory has not adapted as quickly as needed to provided robust, unified, identity management.  Here are three (3) reasons to consider replacing (or augmenting) Active Directory.

1) Active Directory is not “Cloud Ready”

According to a survey by security firm BetterCloud, almost 50% of SMBs will be all cloud by 2020, up from 15% today. Even SMBs are using more than one cloud service.

Keeping Active Directory means setting up sync services and other tools across multiple cloud platforms — a complex and expensive solution.

2) Users are Mobile and Working Remotely

Global Workplace Statistics reports that between 20% and 25% of employees already work remotely on a semi-regular or regular basis. And, 50% of employees hold jobs that are compatible with remote work. Since 2005, remote work has grown 103% and continues to grow.

Keeping Active Directory means requiring employees to log into the corporate domain when working remotely, typically by VPN. This is slow and cumbersome for users, and expensive to setup and maintain.

3) The Windows-Only World is Gone

Macs are normal part of the ecosystem; Computerworld reports that 90% of Fortune 500 companies officially support Apple desktops, laptops, and tablets. Chrome devices are starting to move from education to the business market. And, most employees work at least some of their day on smartphones or tablets; iOS and Android are now business operation systems.

Keeping Active Directory means bridging identity management and policies between network operating systems or adding third party products to properly manage users and devices.

The good news is that you do not need to live with the cloud-related limitations of Active Directory. You can run directory services, manage identities, and control access to devices (even when off-network) with cloud-based directory services. These services simply administration and provide a single system of record for user identities.

Want to learn more or give it a try? Contact us and we will show you how.

 

Fast Fact Friday: Cloud Adoption Trends Up

/in ,

Fast FactAs reported by CloudTech, a recent survey of more than 500 IT professionals in companies with 50 to 2000 employees …

  • 20% report extensive use of cloud
  • 52% report significant use of cloud
  • 24% report modest use of cloud

And, 56% of respondents indicated that cloud use will increase over time.