Posts

Work from Home Cybersecurity

WFH Work From Home Computer Protection

Work from Home Cybersecurity

The 4 Most Important Things You Can Do to Improve Security at Home

October is National Cyber Security Awareness Month.  The CIT Security team has put together a few articles that will be shared throughout the month designed to help keep you informed about current threats and a few recommendations to help secure you and your personal data.  Today’s article is about passwords securing your personal information, but these tips can and should be used in the workplace as well.

Most organizations work to keep their users and their data safe, but what should you be doing at home?

PASSWORDS AND PASSWORD MANAGERS.

  • Passwords continue to be a painful requirement for nearly everything online. Banking, Social Media, etc.  You name it, you need to create an account.
  • The biggest issue is also the biggest risk that users face, daily. They reuse passwords. If passwords are reused and ultimately exposed via phishing, they could be used to access many different accounts.
  • We highly recommend using a password manager to help create unique and strong passwords. There are several options, many have a free version for personal use. These will help you generate passwords, provide plugins for your web browsers to help streamline logging into sites, and so on.  Many also have an application for your mobile device allowing you to access your passwords wherever you may be.  A few options include Lastpass, Dashlane, 1Password, etc.

USE MULTI-FACTOR EVERYWHERE POSSIBLE.

  • Even if you are using a password manager the risk of the password being harvested and used is still very high. Phishing attacks are incredibly prevalent in your daily life. Phishing attacks are often focused on obtaining your passwords.
  • To help mitigate the risk of your password being used by someone other than you, we highly recommend implementing Multi-Factor Authentication. Multifactor has been made available for most applications, including Social Media, Gaming platforms, email, and Banking all provide methods to add a layer of authentication.
  • Passwords are something you know. A second factor would be something you have.  For example, a physical device such as Yubikey, an application like Google Authenticator or even SMS messages are considerably stronger than just a password.
  • A quick web search should help you with finding what Multi-factor is available for any given application.

USE CAUTION WHEN OPENING ATTACHMENTS AND LINKS.

  • Users can be exposed to risks of Phishing, Viruses, Malware, and Ransomware by following malicious links or opening attachments
  • Be diligent. Pay extra attention to what has been sent to you. If you are unsure, it’s better to be safe than sorry.  We would highly recommend going to sites directly versus following links in the email.
  • Another option would be to use Virus Total. This toolset will allow you to paste in a URL or upload attachments to validate if they are malicious or safe

PATCHING WINDOWS AND SYSTEM APPLICATIONS

  • Our last tip is about keeping your systems up to date, try to keep up with Patching. Enable automatic Windows patches or use a patch management tool such as Manage Engine, PDQ Deploy or Thor by Heimdal security are all excellent choices with free versions available.

Phishing and Spearphishing: Don’t Take the Bait

Phishing and Spearphishing: Don’t Take the Bait

If you could just prevent your staff from clicking on links or opening attachments in phishing emails, 95% of your cybersecurity problems would be prevented.

As perimeter defenses and anti-malware software products have become more effective, cyber-attackers have turned to the phishing email approach as their number one favorite method for acquiring user names and passwords or gaining unauthorized access to computers on your network. The spearphishing variation is when the attacker has done enough reconnaissance on your company to send an email to the one person they know would be the most helpful. Here are some recent examples, as reported on CSO.com:

Phishing emails play on people’s willingness to trust. Some common types include:Email from the boss.

Email from the Boss

 This is usually a request appearing to come from someone far up the food chain, and usually is a request for a large wire transfer. Take time to verify these requests with a phone call. This is usually a spearphishing email sent to the bookkeeper, accountant or CFO.

Your account is broken.

 Email will appear to come from a company you do business with, complete with a link to a look-alike login page. Usually designed to steal login credentials or credit card information, or both.

Let’s make a deal. 

The advanced fee fraud or “Nigerian” email promises untold riches if only you will send some good faith money or provide you bank routing and account number for the huge deposit. Either way your money will disappear.

So precious.

In this case you are sent something enticing, like a free GoPro or iPhone, a cute cat video, or a game, or a gift certificate.

Your shipment is damaged. 

Designed to look like they came from UPS, FedEx, USPS, or other shipping services, there is a sad story about your shipment, and an attachment to open or a link to click.

phishing emails play on people's willingness to trust

Clicking on the links or opening attachments usually will install a remote access Trojan horse malware program that will allow the attacker to log into your computer from across the Internet. That sort of access gives them the ability to bypass your firewall. The malware usually includes a module that disables your anti-malware software too.

Protect Your Business Against Hackers

Protect Your Business Against Hackers

Locking up at the end of the workday makes sense—you want to protect your business. But what if locking your doors is not enough? How can you protect your business against hackers who can gain wide-open access to your back door?

Your financial data, intellectual property and network information are all just as valuable as the goods on your shelves, or the clients in your books. For the same reasons you lock up at the end of the workday, having the best IT security is common sense. Here are five steps you can take to protect your valuables, even when the front doors are locked:

  1. Know how hackers hack your business, and why
  2. Covering your assets—budgeting for data security
  3. What business owners need-to-know about IT regulations
  4. Getting your employees on board with cyber security
  5. Making data security part of your business strategy

Know how hackers hack your business, and why

Breaking the front lock is not the way hackers get into your business. They phish, sending emails with tantalizing bits of bait that people nibble on. With persistence, hackers can usually trick someone into biting, creating a backdoor to install viruses or malware on your network.

Recognize hackers by their suspicious correspondence. Anyone who suggests you download mysterious antivirus software is up to something phishy. That is especially true for anyone who requests sensitive information or passwords. If your business is experiencing suspicious network activity, or receiving ransomware notices, knowing where to find more information is your best step forward.

But if you’re like anyone else trying to run a business, you probably don’t have a team of security professionals to monitor for threats, or the incredible resources needed to recover from data breaches. That’s why you need the best data security, working around the clock to protect your data, so your private information never falls into the wrong hands.

Covering your assets—budgeting for data security

Hackers have developed so many creative and innovative tricks that 2019 is shaping up to be a banner year for fighting back. A record eighty-six percent of business plan to cover their assets by increasing their spending on cybersecurity.

The most proactive thing you can do to prioritize a budget for data security is to understand how the safeguards that have traditionally been considered extra, or proactive are now recognized as an essential component of a savvy IT budget.

When you are focusing on growing your business, it is important to allocate adequate funds for your unique resilience strategy—that is, the necessary safeguards to protect you and your team from an attack and, if an attack were to occur, how to minimize disruptions and quickly recover data afterwards. As your competitors are beefing up on cyber security, developing a budget that includes robust spending on data security, means a bigger return on investment as the long-term benefits to data security can add to your bottom line.

What business owners need to know about IT regulations

No matter what kind of data you encounter, it is your responsibility to ensure it is properly protected. But keeping compliant with GDPRSOX law and PCI data security standards can be incredibly difficult.

Not all information is the same. Securing a patient’s sensitive medical information is regulated much differently than securing biometrics data for our mobile cash apps. But proper compliance is good for business. Customers are far more likely to take their business to companies who can demonstrate proper data compliance. Some insurance companies even offer discounts to businesses who can prove they meet certain data security criteria.

Having proper IT support ensures your business is not only compliant, and can give you a profitable advantage.

Getting employees on board with data security

A business is only as strong as its weakest link. You don’t have to wait until National Cybersecurity Month to get your team on board with your business’ data security. You can get started today. Make it a holiday—Change Your Password Day, or Update Your Software Day. Here are some more steps you can take now to get everybody up to speed.

Take a top-down approach to cybersecurity, from the CEO to the mailroom, to help employees understand why cybersecurity matters, why being alert to phishing emails, and suspicious events can be the difference in saving your business, and their jobs.

Your employees are the eyes and ears of your business. Why is it, employees who notice something amis often don’t take action? They presume anything suspicious was probably noticed and reported by someone else. When you empower and encourage your employees to report suspicious activity, you are safeguarding your business from the most clever hackers wishing to gain access to your network.

Make data security part of your business strategy

Making sure you are not only compliant, but competitive with data security can be both tricky and immensely profitable for your business. That is why it is essential to ensure you have the very best in data protection.

Remember: the best IT is more than just securing your client’s and your sensitive information. It is about helping you to assess the real risks and the value in establishing company-wide standards to prevent data breaches and a plan for responding to an incident with data security.