The Holiday Season is in full swing and shoppers everywhere are more and more frequently opting to use their credit cards from the comfort of their homes, taking advantage of online deals. We thought we’d take a moment to provide some tips to help you remain cyber-safe while shopping for those last minute gifts and End-of-Season sales:
Although National Cyber Security Awareness Month has come to an end, it’s important to keep cyber security top-of-mind not only during the month of October but throughout the entire year. Cyber criminals are finding new ways every day to sneak into your network and wreak havoc.
To recap, here are the biggest risks to your organization’s IT security:
Our next topic for Nation Cyber Security Awareness Month (NCSAM) focuses on another area of concern for business security. With around 235 million people using a smartphone in the United States, it is important to have a Bring Your Own Device (BYOD) Policy in place to help protect your IT infrastructure. Allowing employees to use their personal devices – such as cell phones, tablets and laptops – to access work-related data in the office or out in the field boosts productivity and cuts costs for businesses by not having to purchase the devices themselves. But it also opens your network up to all forms of cyber attacks.
The Equifax Data Breach exposed 145.5 million people’s sensitive data – social security numbers, birth dates, street addresses and some drivers licenses – and was one of the worst breaches in history. The breach could have been avoided had Equifax applied a known web-application patch that was released two months prior. The attack is believed to have begun in mid-May of 2017 and was not discovered until July 29th, allowing the hackers a month and a half to steal consumer information.
Also in May of 2017, the WannaCry ransomware cryptoworm made headlines across the world as it infected more than 200,000 computers throughout 150 countries, causing damages from the hundreds of millions to billions of dollars. It targeted PCs that were running older versions of Windows and exploited vulnerabilities in systems that didn’t have the latest software updates. WannaCry affected many organizations – large and small – as well as individual home users.
Patching and updating your IT software and hardware is critical. Failure to do so will leave your organization vulnerable to viruses and ransomware. Many SMBs (small and medium businesses) think that hackers only go after large corporations since those stories typically make the news headlines. But actually, small business are targeted more than half the time (58%) and a single breach can cost an average of $690,000. Cyber criminals realize that smaller companies oftentimes do not have the resources needed to protect them from breaches.
Keep Software and Applications Updated
It’s easy to ignore those pesky popups that say “a software update is available” and think ‘I’ll just finish what I’m working on and install the update later’, but the truth is most people won’t. Software updates, however, often include critical patches to security holes that hackers use to infect your systems and steal valuable data. By ignoring those messages, you are leaving your computer and network open, allowing cybercriminals to cause major damage.
Software updates need to be checked and performed at least once a month for:
• Operating Systems (i.e. Windows, Mac OS)
• Productivity Software (i.e. Microsoft Office)
• Accounting and Customer Management Software (i.e. Quickbooks, Sage, Salesforce)
• Custom Applications (such as legacy software that was custom written for your organization)
• Industry-Specific Software
• Web Browsers (i.e. Explorer, Chrome, Firefox, Safari)
• Plugins (i.e. Adobe Flash, Java, Microsoft Silverlight)
• Website Content Management Systems and Plugins (i.e. WordPress, Joomla, Magneto and Drupal)
Don’t Forget Your Other Hardware!
Not only is it imperative to apply software updates to your PCs, laptops and servers, but also other IT hardware devices, such as switches, firewalls, routers and access points. Once equipment is deemed end-of-life (EOL), the manufacturers no longer support or maintain them, which can lead to security risks. That is why we recommend for companies to budget replacing IT equipment before they reach their end-of-life.
What To Do If You Are Not Sure You’re All Patched Up
There are several patch management softwares that help organizations discover vulnerabilities and stay on top of updates. If you need further assistance, give us a call! All of our Texas Systems Group BrightStar Managed Service packages include automated patching. Monthly and quarterly audits help find vulnerabilities within your network so they can be addressed before a data breach occurs. Our CyberSecure Team is constantly looking out for the latest threats and solutions to protect our customers. Our vCIO will work with you on budgeting to replace aging equipment which decreases the chance of hackers exploiting unpatched and out-of-date hardware. All of these components together drastically decrease your risk of becoming the next victim of a cyber attack.
Last week, we discussed the importance of employee education and awareness to help minimize your organization’s cyber security risks. This week’s article in our National Cyber Security Awareness Month Series will focus on another major security risk for businesses – PASSWORDS. Password security is oftentimes forgotten, leaving organizations open to attacks.
Hackers hijack or crack passwords to steal identities, access sensitive data and infect your systems with ransomware or viruses. In fact, cracked or stolen passwords are to blame in 81% of hacking-related breaches.
Having a hard to crack password is the first line of defense against data breaches. But even with all the widely-known risks involved in weak passwords, people still use the most common offenders. According to SplashData, the top 5 worst passwords of 2017 were:
Businesses need to implement good password policies so employees don’t leave the organization susceptible to cyber attacks. Below is a list of DOs and DON’Ts to consider.
|Use passphrases||Use dictionary words|
|Use a mix of upper and lowercase letters, numbers and characters||Use personal info like names, birthdays, addresses or phone numbers|
|Have at least 8 characters||Use the same password for more than 90 days|
|Use a different password for every account||Share your passwords with coworkers|
|Use a password management application||Store passwords in unprotected digital documents or written down in plain sight|
Two-Factor Authentication (2FA) adds another layer of password protection by making users go through an additional step before being able to log in. This provides another form of evidence that you are who you say you are, typically by entering a security code or pin that is sent to you via email, mobile text message or phone call. 2FA makes it harder for attackers to login to your account because they would also have to have access to your email account or another device to provide the code. And the security codes are usually only valid for a short amount of time and can only be used once.
Aside from having strong passwords and using multiple forms of verification, organizations can still be at risk. When employees resign or are terminated, it is best to deactivate their user accounts and disable any access they may have to the network (including wireless) right away. This will help safeguard your business against disgruntled employees who may have been let go and are looking for vengeance.
If you use an external IT Service Provider to support your business, another thing to consider is what their password policies are. Does the provider use the same administrator username and password for all of their clients? Does the administrator account password get changed when their technicians leave? Do they store any passwords pertaining to your business in a password management system or secure file?
Texas Systems Group has multiple safeguards in place to protect our BrightStar Managed Service clients’ passwords. Two-factor authentication, a password management system and tight security policies ensure that your passwords are secure and help deflect cybercriminals from hacking your user accounts. To find out more information, contact us.