Posts Tagged ‘IT Network Security’

Wall Street is Investing in Cyber Security, Are You?

Thursday, September 3rd, 2015

 

The Only Good News in the Cyber Security Industry

cyber crime investment snapshot

Six months in and 2015 has already brought headline after headline of security scandals, breaches, hacks and more bad news in the world of cyber security. While 2014 was dubbed the ‘year of the hack’, 2015 unfortunately appears to be a continuation.

Motif Investing, an online only brokerage allows for investments into trendy portfolios of stocks. The Cyber Security motif which includes a conglomerate of companies aimed at protecting businesses is up 36.6%, beating out the S&P’s 5% return to date.

What is clear in 2015, is everyone is investing in cyber security from stock traders to criminals. As the CEO of a technology consulting business, it’s a client’s worse fear to lose customer data and be breached. Yet, many business owners don’t know where to begin and don’t invest in safeguards. Follow these rules for a more secure technology infrastructure.

Invest in Basic Network Security

Apathy often plagues the small business owner that doesn’t see the return of investing into standard network security measures. Yes, Staples, Target and Home Depot spent millions on preventing cyber attacks and all were breached. However, it doesn’t require millions for a small to mid-market business and it’s expected if tasked with protecting customer or vendor data.

Inevitably, a data breach can and will happen, even to a small business in 2015. Cyber criminals know and understand that many SMB’s leave the door wide open, often with access to much larger vendors and pools of customers data.

If still a skeptic, implement basic security measures to save face. What’s worse than getting breached? Getting breached without a disaster recovery plan, anti-virus protection, encryption of confidential data and more. How the breach happened will get out to your customers and vendors and can easily lead to soured relationships and lost contracts. Is your network secure?

Move from One Time Security Measures to Ongoing Prevention

Too many businesses view security measures as a one time implementation. Realize no amount of investment into initial setup can prevent an attack in the future. The most critical moment of an attack is when it’s happening. Network monitoring allows for safeguards to beef up security and decrease vulnerability in times of need. Part software and part IT consultant, actively monitor networks, files and employee activities for suspicious activities.

Ongoing employee education plays a bigger role, as phishing attacks are on the rise in 2015. Cyber criminals are getting smarter and realizing that sometimes the easiest way to get inside an organization is to ask for access. These aren’t your Nigerian prince schemes, but highly sophisticated attacks that are legitimate enough to fool U.S. Department of Energy Employees.

Hold ongoing sessions and educate employees upfront on what websites are allowed, software access and email phishing schemes.

Target the Weakest Link

Target, the home goods retailer, was breached by an attack on a HVAC contractor with external network access. The weakest link for a global brand was a third party vendor. What access do your third party vendors have to your networks? What is the weakest link and point of entry into your systems, who has access to those systems?

Often the weakest link will be your employees. In addition to preventing phishing attacks, limit access to only necessary applications. Does an intern have access to sensitive company IP? Implement a password protection plan and limit access. Rather than allow a single employee to manage control over company data and passwords, use a system of checks and balances to prevent an employee from leaving with sensitive data.

A More Serious Problem than the HeartBleed Bug – Apathy

Thursday, May 8th, 2014

As Heartbleed began to affect the tech world last month, it has now become inescapable, popularized in all forms of news media. The bug affects more than 2/3rds of all websites and capitalizes on a flaw in SSL (Security Socket Layers). Information once thought to be encrypted online can now be stolen, and the bug is already beginning to claim victims.

Most likely your data is affected which could include social security numbers, credit card numbers, but more commonly your online identity through usernames and passwords. Although it’s still unknown whether successful attacks directly attributed from Heartbleed have  occurred. National media coverage is a step in the right direction, as Heartbleed continues to become a more serious threat to the personal identities of millions of internet users. The more the average consumer perceives Heartbleed as a threat, the more likely they will take action, yet all is not in the clear.

Apathetic Consumers

As the flood of emails from common sites we use everyday begin to bombard our inbox, a more serious problem with human nature still exists. Apathy will prevent heartbleed from being resolved in a timely manner. How many consumers will ignore the password reset emails and continue browsing the web without a second thought? Too many. And what’s worse is consumers who do change passwords on online accounts are still vulnerable, it’s possible the information was stolen before a website patched the Heartbleed bug vulnerability.

Apathy is why according to a survey conducted by PayPal, 60% of online users use the same password for all online accounts.

Apathy makes Heartbleed a serious threat to the security of the internet. It also leads to ignorance, provoking one commenter on a national news site to share their username and password of their online accounts. The inevitable happened next, they were hacked.

Apathetic Companies

Heartbleed has affected 2/3rds of the internet, yet not all companies are Google and Amazon. Many small business websites have been comprised. Without an internal IT team or partner, it’s very likely local or small businesses have been hacked with data compromised and what’s worse, they might not do anything about it. As a small business, it is your responsibility to alert customers and monitor if your site has been affected by the Heartbleed bug. If so, it is your responsibility to patch and fix the vulnerability.

What to Do if You Are Apathetic

If you are a consumer, take the time now to update your online accounts and create new, more secure passwords. Mashable shared this great guide which shows sites that need passwords changed, and those that don’t, for now.

If a small business, discuss with your IT department or partner any vulnerabilities from the Heartbleed bug. There are many sites that exist to help identify if your site has been affected. Here’s just one.

Author

Daren Boozer is the President & CEO at NCC Data. NCC Data specializes in IT outsourcing and managed services consulting. It is one of the top independently owned IT services and communications companies in the Dallas-Fort-Worth Metroplex.

The Dark Side of Social Media

Thursday, March 1st, 2012

Which of the following statements are true?

  • 845 million people actively use Facebook.
  • Over 50% of the population in North American uses Facebook.
  • Facebook accounts for 1 out of every 5 pageviews on the internet worldwide.
  • There are 2.7 billion likes every single day on Facebook.
  • Facebook has 425 million mobile users.
  • Facebook is a favorite target for cybercriminals.

If you said that they all were true, you’re right. Obviously Facebook and other social media networking sites are a boon for businesses, an opportunity to reach enormous amounts of potential customers. But the last statement is also true. Facebook and other social media sites hold stores of valuable information, and draw cybercriminals like pirates to buried treasure.

This particular type of crime is on the rise. Security research labs report a 20 to 40 percent increase in malware targeting social networking sites. Just this January, a campaign disguised as a friend request attacked Facebook users, who not only didn’t get a new friend, but ended up connecting to a site hosting a malicious JavaScript.

Right about now, you may be wondering why a network support provider is blogging about friends and social media sites. But Facebook and the other sites aren’t just about friendship. Just one look at the numbers shows you the impact they can have on your business. The negative impact can also be huge. The number one cause of data breaches is malicious attacks. Not stolen laptops or accidental sharing, but attacks that arrive via the Internet and more and more often through social media. And social media has a wide range. Your business may have a page. You employees may access Facebook on breaks. They may use company laptops off hours.

But don’t write off social media—it’s too valuable. Instead, we suggest using a two-fold security strategy: education and technology… First, educate your employees. Make sure they use strong passwords and don’t click on links that seem even slightly suspicious. If you know of a particular threat, make sure everyone at your company knows about it. And for the technological half of your security, call us at NCC Data, the leading provider of IT services in the Dallas Fort Worth Area. We stay up-to-date with the newest security solutions and monitor the latest threats, so you don’t have to. You can take advantage of the opportunities that social media offers, knowing that NCC Data, your network support provider, is protecting you from the dark side.

Proactive or Reactive? What’s YOUR Approach?

Monday, May 30th, 2011

Too many times  you call a network security and managed IT firm like NCC Data because you’ve already experienced a catastrophic data loss or a devastating security flaw. Anyone paying attention to the news lately has heard about Sony’s widespread data leaks, with hackers stealing 100 million user accounts’ worth of user data. Trying to fully rectify a breach like this is as if you’re trying to put toothpaste back in the tube.

The problem with a break-fix approach is that breaks and breakdowns mean serious costs and downtime for your network, plus security breaches can cost not only your privacy, but user data and your customers’ trust as well. Data can be recovered, but you might never get that trust back. Taking a proactive approach reduces risk of downtime and data loss while preventing privacy breaches and hacked networks.

Automated network monitoring tools allow the NCC IT Consultants to effectively:

  • Review the health of all of critical systems
  • Measure performance at the highest levels first, then look lower within the hierarchy for underlying problems. In other words, treat the disease rather than the symptoms.
  • Improve IT staff efficiency, productivity and cost-effectiveness by using management tools common across all platforms and applications
  • Mitigate risk and minimize human errors by providing intelligent automation of repetitive tasks and responses
  • Optimize business performance by identifying and reacting to issues before service levels are impacted and by utilizing proactive notification mechanisms
  • Support business priorities by enabling business-driven problem resolution and IT resource allocation
  • Accelerate business growth by utilizing industry-leading solutions that can be integrated with other processes

A break-fix approach never fully fixes anything. Prepare for the worst by hiring the best- Call NCC Data today!