Cyber Security Tip of the Day: Beware of Complacency

Cyber Security Tip of the Day: Beware of Complacency

Complacency tends to be a foundation by which computers hackers can take advantage of computer users. When one is able to stay healthy for long periods of time, she can begin to take that health for granted and minor health issues are ignored. Before much longer, an ignored problem becomes a major health issue.

It’s the same way with computer security. Many people never get “hacked” or have criminals take advantage of them via a computer. Years go by and everything seems fine and dandy until one day a hacker covertly succeeds in stealing personal information or money from a computer user. Sitting there scratching her head, the computer user will go in circles retracing steps attempting to figure out what went wrong, and when. Being rid of complacency is not just about securing a computer, it’s also about educating oneself.

How are hackers able to steal money or personal information from computer users? Computer viruses, phishing attacks, and social engineering are some common methods that hackers utilize. The most common way a computer is infected with a virus is by the computer’s user downloading and installing a free program from the internet.

Free computer programs are commonly laced with computer viruses that are installed simultaneously with the programs, unknown to the computer user. It’s great that some computer programs are free. However, it should be kept in mind that websites, where free programs are downloaded from, are commonly hosted by criminals. Therefore, great care should be taken when determining which websites are safe.

Social engineering is a method by which criminals manipulate computer users into giving up personal or private information as a way of gaining access to computers. An understanding of social engineering is important but cannot be gained by reading a summary of it. Research on “social engineering” should be done to gain a deeper understanding of it; the internet can provide a lot of information about it.

Phishing attacks occur when a criminal creates an impostor website that would normally be trusted, including but not limited to banking websites. Furthermore, computer users are solicited to update personal information at their financial institution’s website and are directed to an impostor version of that website.

Once the impostor website is accessed, the computer user unknowingly gives their personal information over to a criminal. The result can be identity theft or theft of financial resources. Again, understanding the intricacies of phishing attacks cannot be gained by reading a summary of it. Research on “phishing attacks” should be done in order to gain a deeper understanding.

Don’t be complacent. Please contact us so that we may serve to help mitigate the risk of becoming a victim of computer criminals.

 

3 Predictions We’re Making About Network Security

3 Predictions We’re Making About Network Security

Innovation has always been a major part of building better solutions, but some of the most recent trends have been in regard to enhancing security.

Adapting to the threat environment is one of the most important parts of running a business, so innovation has been geared toward giving users and organizations alike the security they need.

That being said, a lot can change in a short period of time. Let’s take a look at some predictions for how security will change in the near future.

Prediction 1

Penetration testing will happen more often than ever, thanks to A.I. and automation.

Penetration testing is one of the best ways that your organization can enhance network security–particularly because it’s much easier to identify weaknesses that your staff may have overlooked.

Hiring an external third party to handle this is a great way to make sure that any internal mistakes aren’t repeated. Basically, penetration testing is a time-consuming process that is better left to someone other than your internal staff, who are likely to have their own responsibilities to attend to.

However, artificial intelligence and automation have made it so that even less time has to be wasted on security testing.

Now that these processes can be done more frequently due to the process being automated, you can save more time than ever before. Plus, consider the fact that so much technology is added to an infrastructure in just a single calendar year, and you have a disaster waiting to happen–that is, unless you are running frequent penetration testing.

Prediction 2

Unified policies will appear that bridge between public and private clouds.

Cloud technology is more accessible than it has ever been before, prompting businesses to use both private and public cloud solutions to varying degrees. As a result, since they both have their benefits, hybrid cloud solutions are more popular today.

One of the biggest shortcomings of such a convenient solution is that you can’t consolidate security policies to simplify the management of a large infrastructure, but this could change in the near future–especially when you consider how quickly technology develops.

Industry professionals suspect that a multi-cloud management platform will soon be able to synchronize with your private and public clouds to create a single control panel for all of your needs.

Prediction 3

Endpoint security will be more on point.

The biggest threats to your organization’s security are the people using your technology. In recent years, social engineering has increased in scope and scale, taking advantage of the rather unpredictable nature of mobile device security.

Hackers are often able to take advantage of the weaker security on mobile devices to infiltrate networks and cause trouble. There still isn’t a single unified solution for this issue, but this is likely to change in the near future.

Businesses want an easier time managing and maintaining mobile device security, so it’s only a matter of time before a unified solution presents itself in some capacity.

You can count on WheelHouse IT to stay connected to the most recent developments in technology development.

To learn more about the latest solutions, reach out to us at (877) 771-2384.

Cyber Security Tip of the Day: Avoid These Common Cyber Security Mistakes

Precautions While Using the Internet

Cyber security should be one of your top priorities when it comes to your business. Data breaches can come unexpectedly at any time, and the results can be disastrous. Here are four common mistakes to avoid.

It Can’t Happen to Me!

Most people think, either consciously or in the back of their minds, that an attack can’t or will not happen to them. The reality is that even if you own a small business, you can still be hit with a very sophisticated virus. If it does happen, you will be in hot water, so take the necessary precautions before it is too late.

Not Having a Plan

It’s all great and dandy to have an antivirus system installed, and it’s even better when you have various other precautions, firewalls, and monitoring systems in place. However, you also need to have a backup plan! This doesn’t just refer to backing up your data, though that is a big part of it. You have to know what exactly you will do if a breach is detected, who you will be relying on to get you out of the mess, and so on.

A BYOD Policy

Having a Bring Your Own Device policy may be cheaper in the short run, but it can cost you big in the long run. There is no way for you to control what your employees do on their own phones. They will be browsing the net and downloading all sorts of programs that can expose your network to attacks. They may be connecting their devices to other networks that are not safe when they are not at work.

Not Destroying Hard Drives

You should also destroy your hard drives completely when disposing of them. Simply erasing them is not enough.

Contact us today for more cybersecurity and IT tips.

Managed IT Support Can Reduce the Risk of Cyber Theft from Miami Businesses

Managed IT Support Can Reduce the Risk of Cyber Theft from Miami Businesses

Network security breaches have been in the news lately.

Hackers have targeted such large organizations as the federal government’s Office of Personnel Management and the Bank of Bangladesh. While security breaches at large institutions make the news, cyber theft from small businesses quietly takes place in the background.

Many of Miami’s small businesses handle more money through their computers and networks than through their cash registers. Credit card credentials, ACH transactions and emailed wire transfer instructions can all be targets for thieves.

Over the past two years, cyber thieves have stolen nearly $800 million dollars from over 8000 small businesses. Regulation E, the federal rule that requires banks to reimburse consumers for unauthorized transactions, does not apply to small business accounts; individual businesses have lost over a million dollars to cyber theft and not been reimbursed.

Managed IT support for Miami businesses can help to reduce your risk of cyber theft. Instead of reacting to an incident after it occurs, your managed IT support vendor can examine and secure your network to reduce the risk of a breach. They can conduct a survey of your network to identify systems that need to be patched, and can look for systems with default passwords that a hacker might be able to guess.

Developing a patch management plan and eliminating systems with default passwords can reduce the risk of a network breach.

Cyber theft is a serious issue for Miami businesses. Companies that import or export goods are especially vulnerable as they often send wire transfers. A fraudulent wire transfer is very difficult to cancel or recall.

For more information about computer and network security, please contact us.

Don’t Leave Your Cyber Security on Autopilot

Don't Leave Your Cyber Security on Autopilot

In 1453, Constantinople fell in one of the first documented uses of massed heavy artillery. When the time came to rethink a thousand year defense strategy, Constantine did not recognize the significant changes to the threat. When it comes to modern cyber security, companies need to rethink their defenses far more often.

But according to the Cyber Ark Global Advanced Threat Landscape Report 2018, companies by and large have stagnant approaches–among the survey findings:

  • A whopping 36 percent of respondents knew of employees storing usernames and passwords for privileged accounts in Word or Excel documents
  • The number of firms granting workers administrative permissions to endpoint devices increased
    • The percent of users in those companies who had admin rights increased 25 percent from 2016
  • Half of the respondents recognized customers’ sensitive private data is at risk due to security controls not going beyond basic legal requirements

I know of one company whose auditors instruct clients doing annual IT compliance certifications that if a security measure is unchanged from the prior audit, just enter “SALY” (same as last year). You won’t find too many experts who believe the threat environment will be the same as last year though. So how does a company break out of the cyber security inertia trap?

Forbes magazine contributor Christie Terrill recommends reviewing and changing your IT security strategy whenever the context of your IT operation changes, including changes in user behavior, paying most attention to devices and nodes that are least in control of the organization. She says Internet of Things nodes are most problematic. While it’s true cyber security core tools such as firewalls, two-person authentication and intrusion prevention systems, are relatively unchanging, how you apply them and how you approach risk management should be reviewed. And that, with the speed of technology evolution, needs very much to be an ongoing endeavor.

Good detective work, when any system fails, usually includes asking the question “what changed”. Reviewing strategy as your IT environment changes can keep you out of the post mortem detective work and better employed focusing on refreshed prevention and risk mitigation efforts instead.

Please contact us at Wheelhouse to talk about a cyber security checkup, or to explore any of our varied managed IT service offerings.