Be Mindful of These Security Issues

Be Mindful of These Security Issues

With all the stories in the news about data breach after data breach, it’s easy to get the idea that the only threats to your organization are those that are trying to break in. This can be a dangerous oversight–one that could cost your business’ future. If you ignore the possibilities, you could very well be putting your organization in jeopardy. We’ll discuss some of the major internal dangers that your business could face.

Internal Fraud

Scammers take many different shapes and forms,and we know that the last thing you want to do as a business owner is anticipate some kind of internal fraud happening behind your back.Unfortunately, any organization that deals with data is going to have to anticipate this as a possibility, as data is extremely valuable in today’s business world. Therefore, you should have measures in place to limit access to important data. Employees should only have as many permissions as they need to effectively do their jobs, and nothing more.

Excessive Access

Endpoints must be secured from threats, and if they are not secured, they could become infected. Infections could spread to your network from any endpoint, whether it’s a workstation in-house or a mobile device carried in by an employee. It’s critical that all devices used by a business have protections in place to ensure they are not vulnerable to attack.

Unsecured Applications

Your organization depends on software working the way you hope it to. While these applications are needed to ensure productivity, they also provide a window of opportunity for hackers and other threats to attack. If you don’t take the time to keep them patched and updated,they could become a threat to the success of your business. Even your cloud-based services must be secured adequately, as the slightest overlooked vulnerability could place your business at risk.

Human Error and Mis-management

Any business that relies on people to get things done will always be at the mercy of the unknown. Users are prone to error, and there will always be situations where people make mistakes. This much is unavoidable. Any employee could find themselves making IT mistakes, but it’s important to remember that they can be prevented with proper foresight and best practices.

Make sure that your employees know how important it is to review their work and ensure mistakes don’t happen. WheelHouse IT can help you keep your business secure from issues related to network security and user error. To learn more, reach out to us at (877) 771-2384.

Managed Security Services Work to Stomp Out Security Problems

Managed Security Services Work to Stomp Out Security Problems

In the course of doing business, many of today’s businesses have encountered some type of major security threat. As these threats get more and more sophisticated, you are beginning to see more businesses and other organizations enlisting the services of companies that are in business to keep their clients safe.

We’ll take a look at some of the services that managed security service provides, and how it fits into a business’ IT strategy. Ransomware had really become a major problem as the calendar changed to 2017. No one could imagine what would have happened over the first few months of the year.

It seemed as if there was a new ransomware attack in the news every day; and, coupled with all the other hacking attacks such as distributed denial of service, phishing, viruses, trojan horses, spoofing, and more, it made it increasingly difficult for the modern business to avoid these threats.

IT service providers, who not only understand the workings of networking and infrastructure, but have proficiency in squelching targeted attacks began to roll out security services.

Sure there have been managed security services for quite awhile, but with businesses and other organizations inundated with such profit-killing IT problems coming from outside their own network, more IT businesses began to focus exclusively on higher-end security services.

Why Use a MSSP?

There are a myriad of reasons to utilize outsourced IT services. Whether you want to get comprehensive support for your information technology, you want to cut your support costs, you want help implementing a specific technology, or you simply want a professional technology consultant on retainer, outsourcing your IT management to WheelHouse IT has substantial value.

The managed security service provider does the same, except instead of focusing on your business’ well being, the service is focused solely on keeping threats from interrupting your business’ progress.

To do so, they meet the complexity of today’s threats with equally sophisticated tools designed to block and eliminate any threat thrown your way. Some of the services your average MSSP will provide include:

  • Managed Identity and Access Management
  • Managed Encryption (Virtual Private Networks)
  • Managed Firewall
  • Managed Data Loss Prevention
  • Managed Intrusion Detection
  • Managed Intrusion Prevention
  • Managed Security Information and Event Management
  • Managed Unified Threat Management

These services take your typical network security and turn up the volume. The MSSP makes certain that your information systems are completely controlled and not useful to anyone outside your organization.

Additionally, the MSSP’s security-focused effort makes compliance to regulatory laws and mandates a priority. By ensuring controls are secure,and reports that show a dedication to keep sensitive data secure, an MSSP is a good investment for any business that relies on regulatory compliance to operate effectively.

With network and cyber security becoming essential considerations for every IT department, companies of all sizes are looking to outsourced IT professionals to handle their network security.

Does your business need a security firm to overlook your business’ network?

Leave your thoughts in the comments section below.

Cyber Security Roundup for the First Half of 2018

Cyber Security Roundup for the First Half of 2018

Each day tens of thousands of people from all over the world are hacked. Not just sent run-of-the-mill phishing emails, but legitimately hacked. This has made the cyber security industry grow at a rate only surpassed by the Internet of Things (which ironically may be one of the largest threats to cyber security in the world).

We thought it would be good to go over some of the largest cyber crimes of the first half of 2018, and some telling statistics that will give you an idea of what exactly you are up against.

In trying to establish what were the most devastating hacks, we’ve combed through this year’s records and have decided to break it down by public and private hacks. Public hacks have to do with individuals and municipalities, while private hacks are the ones that infiltrate businesses and make available thousands and millions of records for sale. Without further ado, here are the biggest hacks so far in 2018:

Private

January

  • 280,000 Medicaid records were exposed when a hacker broke into Oklahoma State University Center for Health Sciences. Patient names and provider names of these individuals were exposed.

February

  • FedEx had customer records leaked after an unsecured server owned by a company acquired by FedEx, Bongo International, was hacked. Over a hundred thousand files, including names,drivers’ licenses, national ID cards, voting cards, and utility bills were exposed.

March

  • Travel booking site, Orbitz, had a security vulnerability that resulted in upward of 880,000 customers’ payment card information, or about two whole years of customer data, taken off their server.
  • French news site L’Express exposed reader data by leaving a database up for weeks without a password needed for access. After being warned, the Paris-based periodical left the database exposed for weeks.
  • Hackers gained access to 134,512 patient and financial records after a malware attack at St. Peter’s Surgery and Endoscopy Center in Albany, NY.
  • Under Armor, one of the largest sports apparel brands in the world, had their mobile application, MyFitnessPal, hacked, exposing around 150 million people’s personal information.
  • Aerospace giant Boeing was hit by the WannaCry ransomware that affected “a few machines” that weren’t protected with Microsoft’s 2017 patch.

May

  • Twitter forced its hundreds of millions of users to change their passwords after admitting that, at one time,user passwords were stored in plain text, and may have been exposed to internal company staff.
  • An unauthenticated API found on T-Mobile’s website exposed the personal information of all of their customers,by simply using their cell phone number. Information that was available included full name, address, account numbers, and in some cases, tax IDs.
  • A bug found in Atlassian development software titles Jira and Confluence allowed hackers to infiltrate the IT infrastructures of several companies and one U.S. government agency.
  • The predominant way for American travelers to secure European rail tickets, Rail Europe, had a three-month breach of credit cards. It’s thought that thousands of users’ credit card information was taken in the breach.

June

  • Around 340 million records were stolen from marketing company Exactis. It may be amazing to you that a company that you have never heard of leaked what amounts to the personal information of nearly every American. The company, which aggregates and compiles business and consumer data, has been hit with a class action lawsuit in response to the breach.
  • Apparel giant Adidas had their website hacked, resulting in the loss of a few million people’s personal and credit card information.
  • At least 800 e-commerce sites,including Ticketmaster, had consumer card information skimmed in a huge campaign by a hacker collective named Magecart. Targeting third-party developers, they are able to alter code and syphon off the information they wanted.

Public

January

  • Department of Homeland Security was affected by a data breach that exposed 247,167 current and former employees and other individuals.

March

  • The City of Atlanta, Georgia was hit with a ransomware attack, dubbed SamSam, that caused a massive problem for their municipal infrastructure. Hackers asked for $51,000 to release the encrypted files, a number Atlanta’s leaders were unwilling to meet. It has subsequently cost the city more than 10x that. In fact, as of early June, there were still some parts of the city that were using analog or manual systems.Some experts believe that the total cost to taxpayers will be nearly $20 million.
  • India’s national ID database, Aadhaar, leaked data on over a billion people. In one of the largest-known breaches in history, a user could pay 500 rupees ($7) and get the login credentials that allowed anyone to enter a person’s 12-digit code and get their personal information. An additional 300 rupees ($4.20) gave users access to software through which anyone could print an ID card for any Aadhaar number.
  • It came to the forefront that Cambridge Analytica, the data analytics company that U.S. President Donald Trump used to help his campaign had harvested personal information from over 50 million Facebook users without their permission. While Facebook denied this was a “data breach”, Cambridge Analytica was banned from the service over the ordeal.

June

  • A major hack at a U.S.Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials, while also exposing that many police departments are ill equipped or unable to respond to an active shooter situation.

These are just the most major of the hacks of 2018. There is still major fallout from 2017’s major breaches, including the Friend finder hack that exposed 412 million user accounts and the Equifax data breach that affected 148 million people. In fact, even though the hacks referenced above cover a lot of ground, hundreds of organizations have their cyber security compromised each day.

According to billionaire investor Warren Buffet, there is reasonable evidence that there could be a major cyber attack that could cost insurers tens of billions of dollars. The statistics back this up:

  • In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
  • Nearly 1-in-3 organizations have experienced some sort of cyberattack in the past.
  • Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
  • 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
  • 5.4 billion WannaCry attacks were blocked in 2017.
  • The average monetary cost of a malware attack for a business is $2.4 million.
  • The average time cost of a malware attack for a business is 50 days.
  • Ransomware cost organizations over $5 billion in 2017.
  • 20 percent of cyber attacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
  • Phone numbers are the most leaked information.
  • 21 percent of files are completely unprotected.
  • 41 percent of companies have over 1,000 sensitive files left unprotected.
  • Ransomware is growing at 350 percent annually.
  • IoT-based attacks are growing at about 500 percent per year.
  • Ransomware attacks are expected to quadruple by 2020.
  • 7.7 percent of web requests lead to malware.
  • There were 54 percent more types of malware in 2017 than there were in 2016.
  • The cyber security market will be worth over $1 trillion by 2025.

Cyber security risk is high, and it’s just getting more and more risky. By assessing your company’s cyber security health the IT professionals at WheelHouse IT can put you with the solutions and services needed to keep threats at bay.

If you are looking to improve your cyber security, or if you would like to know how to, contact us today at (877) 771-2384.