3 Cyber Security Issues Businesses Should Prepare For

Caucasian IT professional admin using laptop computer doing data transfer operation with rack server cabinets in digital room of data center. Cyber security

Cyber security should be a top priority for all businesses, regardless of size. The unfortunate reality is that many business owners do not take the necessary steps to secure their data, which could lead to significant problems further down the line.  

As technology becomes more advanced and hackers become more sophisticated, it is important to stay on top of these issues so that your company doesn’t fall victim. In this article, we will highlight three cyber security issues that you need to address before it’s too late! 

Mobile Malware 

Increased dependence on mobile devices has led to increased mobile cyber-attacks. Cybercriminals are taking advantage of the fact that people have become increasingly reliant on their mobile devices. 

In 2020, it is estimated that there were two trillion text messages sent. These texts could contain “phishing” attempts whereby malicious actors could attempt to access sensitive information such as passwords, usernames, and account numbers. 

Bank apps and other apps with sensitive information are also at risk. Consumers typically download new apps without doing any research on the company, so it’s critical to do your homework, before adding these apps to your device.  

Check if other users have downloaded and installed the app before you install it yourself. Read the reviews, and conduct a search on Google or one of the other search engines to cover as many bases as possible.  

Compliance Fatigue 

The list of compliance standards grows each day with technology updates and new threats. Compliance fatigue is a real risk faced by businesses that can lead to costly mistakes and time investments. However It’s more cost effective to keep up to date now rather than face the inevitable repercussions of not doing so later 

Lack Of Awareness and Education About Cyber Security 

Many people have no idea that phishing and other cyber scams are a problem. Any security is only as strong as its weakest point.  Employees are a network’s biggest weakness, so education about the dangers of cyber security is one way for them to be aware of the risks they face with every click on their computer or mobile device. 

When it comes to cyber security, you need to take precautions at every level: from your on-site systems and data storage, all the way up through the different layers of technology that connect with various parts of your business. Engaging with a trusted MSP like 4Corner IT can help mitigate cyber security risks. 

What is Data Privacy’s Status Going Into 2021?

what is data privacy

As a consumer, how concerned are you about the care that businesses give to your data privacy. Very? You aren’t the only one. 87 percent of Americans see their data privacy as a human right. However, despite these views, most people are far too lax when it comes to their own security. What is data privacy’s status going into 2021? Let’s take a closer look.

Consumers on Businesses and Their Data Practices

In a recent report from advisory firm KPMG, the results of a survey that asked American consumers about their expectations of corporations and the privacy of their collected data were revealed. These results showed a few concerns very clearly, while revealing that not all respondents were fully aware of today’s most pressing cyberattacks.

  • 86 percent of respondents to the survey felt that their data privacy was a rising concern.
  • 70 percent claimed to be “generally familiar” with how companies collect their personal data, while 64 percent were familiar with how it was used and stored, 63 percent say they understand how it is protected, and 57 percent say they know how it is sold.
  • Having said that, 68 percent don’t trust these companies to sell this data ethically, 54 percent don’t trust it will be used ethically, 53 percent don’t feel it will be collected ethically, and 50 percent don’t trust these companies to protect their data sufficiently.
  • Most consumers are concerned about the theft of their social security number, with 83 percent of respondents identifying this concern. Following closely behind come the 69 percent worried about their credit card numbers.
  • Surprisingly, only 16 percent are concerned about the theft of their medical records.

Data Practices Amongst Consumers

While this sounds like a decent start, the survey’s results showed a bit of hypocrisy. Most users agreed that repeating passwords, saving credit card information to a website, and using public Wi-Fi are risky behaviors, but more than 40 percent of them did these things anyways. 61 percent neglected to use all available tools to secure their accounts, as well.

What We Can Learn

It doesn’t matter if it’s your data at stake, or your business’… your highest priority needs to be your security.

In another study, this one conducted by Harvard Business Review Analytic Services, it was shown that almost half—46 percent—of consumers surveyed had stopped doing business with a retailer because of issues with that retailer’s privacy statement.

Are you willing to let half of your client base abandon your business?

It just goes to show that, from the consumer’s perspective, it is our responsibility to make sure that companies are accountable for the data they collect. From the business standpoint, it shows that data security is something that can’t be slapped together or neglected. Is ensuring data security simple? Far from it… but when compared to what you risk otherwise, it’s a no-brainer.

4 Corner IT is here to help. We can help you to implement the security solutions and processes that will help protect all your data. To learn more, or to get started, call our team at (877) 771-2384 today.

Documenting An Information Security Policy During the Pandemic

documenting an information security policy during the pandemic

The work environment that many organizations have today looks entirely different from the working environment they had pre-pandemic. Thousands of organizations now have their employees scattered throughout large geographical regions in environments that are not under the employer’s direct control. While the option to work remotely has saved many a company from going bankrupt, it also vastly changed both the physical and technological environment in which staff members work. While outwardly many organizations seem to be working from home fairly successfully, it is possible that their official information security policy looks exactly as it did before the pandemic, if they even had one at all. That is why documenting an information security policy during the pandemic is so important.

Starting Anew

Whether an organization had a previous ISP (information security policy) or whether they now realize they should draft one, the steps they must take to create one will likely be fairly similar since the working environment has changed for so many companies. The first step in drafting an ISP is to consider the scope of one’s business. Some organizations may interact with many vendors and/or suppliers, or they may only have a few. Other organizations have large customer or employee bases, or some combination thereof. Whatever the scope, companies must consider all the different components that could be affected by their new information security policy.

The next step is to set objectives in order to establish the overall direction of the policy, including factors such as legal, regulatory, business, and contractual security requirements. As those in charge of creating the policy gather information about the company’s operations, they must consider the structure of their risk assessment as it relates to the area they are evaluating, as well as use appropriate criteria in order to properly evaluate security risks.  

Drafting the Policy

While each organization’s ISP will be unique, there are a few standard points that most businesses will likely put in their specific policy. These items include enforcing a password policy where users must meet certain requirements such as password length, the type of characters required, and how often the password must be changed.

Other key points will likely include the requirements for handling data from third-parties, employees, and customers, along with establishing guidelines that outline what employees can and can’t do, with regard to actions such as internet usage and accessing controls. Some organizations may want to take their internet security policy one step further by ensuring their new policy adheres to certification programs that pertain to their particular type of industry, or technological certifications.   

Who, Where, What, Why 

A finalized internet security policy may not be that lengthy. In fact, a company’s ISP may not be longer than a page or two, however, it will answer some essentials questions such as who issued the policy — meaning it is under their authority. Other questions the policy will answer include where the policy applies such as specific departments and/or locations, what the overall goal of the policy is, as well as company-specific security issues it addresses.

Lastly, it will also answer the question as to why a new policy was needed. In most cases, this will be a statement discussing how the ISP will help ensure that a business continues to protect their sensitive data while operating under a new working environment. In addition, the new ISP is intended to safeguard the continuity of the organization, while maximizing their ROI.

Summary

The world-wide pandemic forced many businesses to make drastic changes in the way they conduct their business practices, including how they secure their corporate data, along with their hardware and software resources. Although creating an ISP for their new way of operations may represent a challenge during this time of uncertainty and upheaval, informing employees how to safely navigate through their new circumstances is essential for a successful future beyond the pandemic. If you would like more on how to create a corporate ISP for your new working environment, please contact us.

Hackers Target Cloud Services in the New Normal

hackers target cloud services in the new normal

Many employees all over the world have benefited from the recent pandemic’s ability to push millions into working remotely from home. With decreased commute times and the ability to work in a more casual environment, many employees are probably hoping to continue to work remotely for some time to come. While employees may be happy with their working arrangements, the different working environment presents some definite challenges for those working in the area of technology security. Always operating as opportunists hackers target cloud services and the influx of remote workers, hoping to find a way into the cloud in order to steal data and wreak havoc, which in turn increases costs and/or headaches for organizations.

The Target

Hackers know where to find golden information and with remote users, the gold is found in the Cloud services they use. According to recent stats gathered by McAfee, attacks on Cloud services increased by 630 percent between the months of January and April of this year! It doesn’t take much to conclude that this phenomenal number of attacks coincided with the explosion of businesses across the globe who shut down their offices, thus leaving employees with working from home as their only option. 

How Hackers Attack Remote Users

Generally speaking, hackers attack remote users in two forms. Of course, virtually every computer task begins with a user entering in their login information. If a hacker can gain login information from someone working remotely, it is that much more difficult to detect if the login is coming from a legitimate remote worker or if the user logging in is a threat to the company. With remote workers sometimes living long distances away from where their physical office building resides, or if they decide to go to a vacation home or to a relative’s home in another state, it is almost impossible to determine whether a user is legitimate or not based upon geographical location.

The second form of attack which is sometimes easier to spot, has been given the name of suspicious “superhuman” logins. This occurs when multiple login attempts are noted in a very short span of time from regions scattered throughout the world.

For companies who don’t have any employees working across the globe, these types of logins are fairly obvious to spot as suspicious. However, for companies who do have staff members distributed throughout large regions, these types of attacks can still present a challenge.

Solutions

Thankfully, there is a relatively easy solution already available that can bring successful login hacking attempts down to almost nil. Two-factor authentication procedures are essentially a must for any company that has employees who work from home. When an employee has to verify their login by entering a code sent to their phone, this eliminates virtually anyone attempting a break in by way of the login process.

Of course, employers must also train their remote-work employees to be extra diligent in discerning whether someone truly is who they say they are. Hackers can easily find out which businesses have closed their public offices and often businesses will list key personnel along with their email on corporate websites.

Under these types of circumstances, it would be easy for a hacker to impersonate someone in the company, then send a phishing email that looks like an official email from someone high up in the company, to an employee working remotely at home.  Companies can address this by instructing employees to verify identification by phone, prior to releasing any sensitive data or monetary funds. 

If you would like to know more about keeping corporate data safe and secure while employees are working from home, please contact us!

6 Cyber Security Must-Haves for Remote Work

6 cyber security must haves for remote work

The quick transition to remote work that many companies have had to make has revealed security risks that IT professionals are not able to monitor or correct as closely as they would be able to when employees work in-house. To mitigate these risks and protect data, employees will need to follow security best practices and abide by the requests made by IT. Fortunately, skills and security measures like the following that employees will need during these times help not only their employers in the present but protect them from personal security risks in the future. 

Secure Wi-Fi

The convenience provided by an open wireless network doesn’t mitigate the risk of sensitive data falling into the wrong hands, and this applies to personal financial information as much as it does to data relating to work. Employees will need to secure their home wireless networks with the most advanced protection available to them. Users should also have the latest firmware.

Encrypted Traffic

IT departments can consider a virtual private network, or VPN, on top of secured wireless networks to encrypt all traffic data. There are downsides to VPNs, however, including slower connection speeds. Some users may not like that their employer can monitor their network usage with a VPN, either.

Phishing Prevention

It doesn’t matter if a company uses the most advanced security software or the most impenetrable hardware if the user is the weak point. Employees should undergo training to detect and avoid phishing scams and their various modes — phone, text, and email —  before working remotely, even if they’ve already issued this training in the past.  All it takes is a careless click to give access to a user’s login information.

Fortunately, modern security software can even warn about potential phishing attacks.

Smart Password Usage

Not only is it risky to use the same password and username for multiple websites, but choosing simple passwords that are easy to crack also puts a user at risk. Because users won’t necessarily opt for best practices such as strong passwords that they periodically change, companies should ensure that their software systems require these password security measures and even use password managers to generate and store strong passwords. Businesses should also encourage two-factor authentication, which requires that users enter a second code that is typically sent via email or text, to log in.

Company-Issues Devices

Many of the risks listed above can be minimized when a company issues devices that prevent unauthorized changes and have the appropriate software installed so that employees have all the resources necessary to complete their jobs. Sending employees home with company devices keeps sensitive data away from personal devices, which may be less secure and more likely to be compromised, and companies can install enterprise-level security software to prevent malware and phishing attacks. 

If this is not possible, companies should set standards for which devices can be used, including software and hardware requirements, to ensure the devices being used are as secure as possible and to avoid the risk of “shadow backups” to personal cloud storage accounts.

Data Backup

Assuming that users abide by security best practices and a company’s software is set up securely, there is always the risk of hard drive or another mechanical failure, which is why a company must have a plan in place to back up data. Many companies opt for cloud storage, a solution that is especially useful when the office is inaccessible; however, some choose physical servers that their IT team members maintain themselves. 

Companies that want to increase security measures for remote workers or ensure that their systems are secure enough for telecommuting can contact us for a cybersecurity analysis.