6 Cyber Security Must-Haves for Remote Work

6 Cyber Security Must-Haves for Remote Work

The quick transition to remote work that many companies have had to make has revealed security risks that IT professionals are not able to monitor or correct as closely as they would be able to when employees work in-house. To mitigate these risks and protect data, employees will need to follow security best practices and abide by the requests made by IT. Fortunately, skills and security measures like the following that employees will need during these times help not only their employers in the present but protect them from personal security risks in the future. 

Secure Wi-Fi

The convenience provided by an open wireless network doesn’t mitigate the risk of sensitive data falling into the wrong hands, and this applies to personal financial information as much as it does to data relating to work. Employees will need to secure their home wireless networks with the most advanced protection available to them. Users should also have the latest firmware.

Encrypted Traffic

IT departments can consider a virtual private network, or VPN, on top of secured wireless networks to encrypt all traffic data. There are downsides to VPNs, however, including slower connection speeds. Some users may not like that their employer can monitor their network usage with a VPN, either.

Phishing Prevention

It doesn’t matter if a company uses the most advanced security software or the most impenetrable hardware if the user is the weak point. Employees should undergo training to detect and avoid phishing scams and their various modes — phone, text, and email —  before working remotely, even if they’ve already issued this training in the past.  All it takes is a careless click to give access to a user’s login information.

Fortunately, modern security software can even warn about potential phishing attacks.

Smart Password Usage

Not only is it risky to use the same password and username for multiple websites, but choosing simple passwords that are easy to crack also puts a user at risk. Because users won’t necessarily opt for best practices such as strong passwords that they periodically change, companies should ensure that their software systems require these password security measures and even use password managers to generate and store strong passwords. Businesses should also encourage two-factor authentication, which requires that users enter a second code that is typically sent via email or text, to log in.

Company-Issues Devices

Many of the risks listed above can be minimized when a company issues devices that prevent unauthorized changes and have the appropriate software installed so that employees have all the resources necessary to complete their jobs. Sending employees home with company devices keeps sensitive data away from personal devices, which may be less secure and more likely to be compromised, and companies can install enterprise-level security software to prevent malware and phishing attacks. 

If this is not possible, companies should set standards for which devices can be used, including software and hardware requirements, to ensure the devices being used are as secure as possible and to avoid the risk of “shadow backups” to personal cloud storage accounts.

Data Backup

Assuming that users abide by security best practices and a company’s software is set up securely, there is always the risk of hard drive or another mechanical failure, which is why a company must have a plan in place to back up data. Many companies opt for cloud storage, a solution that is especially useful when the office is inaccessible; however, some choose physical servers that their IT team members maintain themselves. 

Companies that want to increase security measures for remote workers or ensure that their systems are secure enough for telecommuting can contact us for a cybersecurity analysis.

The Federal Reserve Bank of New York Cyber Security Study is Scary

If there is one industry where both organizations and consumers alike would want the most stringent levels of cyber security, it is likely the financial services industry. The fallout of even one successful hacking event attempted on a bank, a credit card company, a credit reporting agency, has far reaching consequences for both consumers and the smaller companies that interact with these financial entities.

According to the Federal Reserve Bank of New York’s recent report, “Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis“, firms associated with financial services are 300 times more likely to encounter a cyber attack within any given year, than other firms in other industries. This should be a wake-up call to all of the smaller organizations who depend upon the integrity of the data they receive from these larger financial institutions. While smaller firms have no control over the larger financial entities they interact with, there are steps they can take on their end to stop a cyber disaster in its tracks before it reaches their internal systems.

Maintain System Updates

Hackers are continually on the lookout for outdated systems, browsers, and other types of software that make it so much easier for them to penetrate a computer system. Every organization, whether related to financial services or not, should have a comprehensive plan that includes keeping track of all their various types of software and applying any software updates in order to stay abreast of the latest versions, patches, etc.

Regular Vulnerability Testing 

It’s not enough to hire a technology firm to do a one-time-only penetration and vulnerability test to look for weak areas in an internal computer system. Software changes continually and vulnerabilities can occur in areas that were previously deemed safe. Financial service organizations need to conduct regular vulnerability scans and penetration testing to ensure previously safe systems are still secure.

Harden Emails 

Hackers love to target email servers because it allows them an opportunity to gain access to internal email accounts and pose as employees in the organization. Malicious hackers can then ask for confidential information from another employee, who doesn’t realize they are interacting with a cyber attacker. Hackers can also send out emails to an organization’s clients and infect their networks with malicious code. A financial services company that does not harden their email activity, runs the risk of exposing confidential or sensitive data to bad actors and/or receiving a poor reputation within the financial services community for passing on a cyber attack nightmare to their clients.

How to Stay Safe

It is possible for even smaller financial organizations to secure their computer systems to prevent the chaos that occurs from a cyber attack. While smaller firms may not have the resources to hire a full-time IT professional, there are IT management companies that offer security services to their clients. By hiring an external company to provide cyber security, even smaller firms can have access to professional management of their data without adding the burden of investing in a full-fledged IT department.  

Small firms who hire these types of IT companies should expect them to create a comprehensive plan detailing how the IT firm plans to secure the client’s data. An external IT firm can analyze their client’s computer resources and make suggestions on how to protect critical, sensitive data from becoming vulnerable to attack both from within the company and from without. At the very least, the three key points of maintaining system updates, regular penetration testing, and securing email traffic should be part of the IT company’s security plan. 

If you need help securing your financial service-related or any other type of organization, we can help!

Please contact us today for more information.

Why Business Owners Are 12x More Likely To Be a Cyber Target

As a business owner, you have enough to worry about. 

Now, you have to worry about being a cyber target, too.  But, what does it mean to be a cyber target?  Is there something more you should do?  Your business already has a firewall and anti-virus software.  Isn’t that enough?  Your business isn’t a multinational corporation, after all.

Cyber Target

You and your business are a target because hackers want a return on investment (ROI).  The days of a lone hacker are long gone; instead, cybercriminals form groups, operating as a crime syndicate.  They identify profitable targets and set their considerable resources to complete an attack.  If you are identified as a target, odds are you, and your organization will be attacked.

Business owners, especially of small-to-mid-sized companies, are considered prime targets because:

  • They are extremely busy and more likely to click on a link or download a file without looking at the sender.
  • Their company’s cybersecurity is less stringent than larger organizations.

The latest statistics on cybercrime show that:

  • 43% of cyberattacks target small businesses.
  • Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, or attacks as highly effective.
  • 60% of small companies go out of business within six months of a cyber attack.

None of those statistics are good news for business owners.  What are some of the threats that take advantage of an executive’s busy schedule?

Cyber Threats

Most cyberattacks begin with a phishing email.  A phishing email tries to entice the recipient to click on a link or open an attachment, which is designed to either collect data, deploy malware, or provide access to an organization’s network.

Spearphishing

Spear phishing is targeted phishing.  A cybercriminal sends an email that appears to be from a trustworthy source.  The recipient clicks on a link or downloads an attachment.  When the recipient is a business owner, the hacker acquires access to a higher level of data and credentials, making it easier to obtain valuable information. 

Executives aren’t always as careful about checking the sender of an email as they should be.  There’s always so much to get done.  It’s easy to be distracted checking emails on the run.  Sometimes the cybercriminals want access to the network so they can make a more profitable cyberattack such as a business email compromise (BEC).  Often, they deploy ransomware, which is still the most popular form of cyberattack. 

Ransomware

Ransomware is a form of malware that prevents end-users from accessing their data. To restore access, the business must pay a ransom. The latest ransomware wipes out shadow volumes, security event logs, and backups, making it harder to find the malware or to restore the system.  If a cybercriminal can deploy the latest ransomware, your organization will pay the ransom.  That’s why, everyone should be vigilant when checking email.

Cybersecurity

If you want cybersecurity to be a priority, the process has to begin with you, the business owner.  Employees need affirmation that cybersecurity is central to business operations.  They must see that leadership is participating to believe that cybersecurity is everyone’s responsibility.

To secure your business, start with these steps:

  • Create a plan for how your data is gathered, managed and stored
  • Determine who should have access to what data and limit access to those individuals. 
  • Identify your critical vulnerabilities and how to mitigate any possible attacks. 
  • Provide ongoing training to your employees

If you need help designing and deploying a cybersecurity plan, contact us.  We are ready to help.

5 Technology Challenges Businesses can Expect in 2020

As new solutions and inventions continue to aid businesses, they come with a ton of challenges. Where a connected world allows you to take your business digital, it comes with the risk of cyber-attacks. Where you can get clients from any corner of the world, there is the challenge of data privacy.

But it is not all doom and gloom. Yes, there are challenges, but forewarned is forearmed. Here are some of the problems you can expect to face in 2020 and how you can prepare.

1. Cyber Security

More and more customers are coming forward about hackers breaking into their ring devices, and wreaking havoc in their homes. Such attacks are a foreboding that most businesses will struggle with cyber-security in 2020.

Some threats include phishing and social-engineering attacks. Of every 99 emails, one is a phishing attack amounting to 4.8-emails in a workweek. Phishing attacks are the gravest as they can trick a business owner or employee into giving up legitimate credentials. As a result, the hacker can access sensitive business information.

Other threats include IoT (internet of things) attacks owing to the increasing number of smart devices. There is also ransomware which increased by 340% from 2018 to 2019.

Using a password manager, and 2-factor authentication can help secure your business, but only professionals can provide foolproof cybersecurity.

2. Cloud Network Issues

Cloud computing has allowed better data storage, flexibility, and collaboration. It has allowed large enterprises to make better decisions while reducing costs, but you can expect to have issues with it in 2020.

One of the top cloud network issues will be security. There are risks involved in the implementation and management of the cloud, and reports on hacked interfaces, breaches, and account hijacking don’t help the situation.

Also while cloud computing enables businesses to scale without investing in expensive hardware, the quantities and cost become challenging to predict.

3. Implementation of Privacy Protection

Back in 2018, the EU general data protection regulations came into force. It was about time, but that came with challenges for businesses. Problems that will persist into 2020.

Governance and accountability top the list of concerns. The regulations created a need for business-wide regulations during the full lifecycle. Also, you have to provide more information to your data subjects (customers), and there is always the risk of getting that wrong.

Businesses also have to keep a detailed record of processing activities which is a burden. Mandatory impact assessment questions about when they are required is still a mystery.

4. Getting the Right Skills

Though freelancing has allowed businesses to hire from a wide-pool of experts, finding the right skills will still be a concern in 2020. And it should be your top concern as nothing can work without the right people.

Should you choose to hire an in-house expert, you can expect to pay a fortune in salaries, and their supply is quite limited. You also have to contend with compliance issues. As such, we recommend you outsource your IT needs.

5. Deep Fakes

Finally, you have to contend with deep fakes. People are employing unethical methods to make it seem like politicians and celebrities said things they did not say. Deep fakes will now trickle down, and business and thought leaders will find themselves at the mercy of such technology.

People willing to employ deep fakes will sway people’s opinions and can affect your business.

2020 will be a remarkable year for companies looking to use technology. But with great tech comes equally great challenges. The challenges above are a few you can expect.

Hire IT professionals, as they allow you to focus on the essential things in your business while they provide the necessary support.

Watch Out for Cyber Attacks this Holiday Season

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.