Posts Tagged ‘Network Security’

Wall Street is Investing in Cyber Security, Are You?

Thursday, September 3rd, 2015

 

The Only Good News in the Cyber Security Industry

cyber crime investment snapshot

Six months in and 2015 has already brought headline after headline of security scandals, breaches, hacks and more bad news in the world of cyber security. While 2014 was dubbed the ‘year of the hack’, 2015 unfortunately appears to be a continuation.

Motif Investing, an online only brokerage allows for investments into trendy portfolios of stocks. The Cyber Security motif which includes a conglomerate of companies aimed at protecting businesses is up 36.6%, beating out the S&P’s 5% return to date.

What is clear in 2015, is everyone is investing in cyber security from stock traders to criminals. As the CEO of a technology consulting business, it’s a client’s worse fear to lose customer data and be breached. Yet, many business owners don’t know where to begin and don’t invest in safeguards. Follow these rules for a more secure technology infrastructure.

Invest in Basic Network Security

Apathy often plagues the small business owner that doesn’t see the return of investing into standard network security measures. Yes, Staples, Target and Home Depot spent millions on preventing cyber attacks and all were breached. However, it doesn’t require millions for a small to mid-market business and it’s expected if tasked with protecting customer or vendor data.

Inevitably, a data breach can and will happen, even to a small business in 2015. Cyber criminals know and understand that many SMB’s leave the door wide open, often with access to much larger vendors and pools of customers data.

If still a skeptic, implement basic security measures to save face. What’s worse than getting breached? Getting breached without a disaster recovery plan, anti-virus protection, encryption of confidential data and more. How the breach happened will get out to your customers and vendors and can easily lead to soured relationships and lost contracts. Is your network secure?

Move from One Time Security Measures to Ongoing Prevention

Too many businesses view security measures as a one time implementation. Realize no amount of investment into initial setup can prevent an attack in the future. The most critical moment of an attack is when it’s happening. Network monitoring allows for safeguards to beef up security and decrease vulnerability in times of need. Part software and part IT consultant, actively monitor networks, files and employee activities for suspicious activities.

Ongoing employee education plays a bigger role, as phishing attacks are on the rise in 2015. Cyber criminals are getting smarter and realizing that sometimes the easiest way to get inside an organization is to ask for access. These aren’t your Nigerian prince schemes, but highly sophisticated attacks that are legitimate enough to fool U.S. Department of Energy Employees.

Hold ongoing sessions and educate employees upfront on what websites are allowed, software access and email phishing schemes.

Target the Weakest Link

Target, the home goods retailer, was breached by an attack on a HVAC contractor with external network access. The weakest link for a global brand was a third party vendor. What access do your third party vendors have to your networks? What is the weakest link and point of entry into your systems, who has access to those systems?

Often the weakest link will be your employees. In addition to preventing phishing attacks, limit access to only necessary applications. Does an intern have access to sensitive company IP? Implement a password protection plan and limit access. Rather than allow a single employee to manage control over company data and passwords, use a system of checks and balances to prevent an employee from leaving with sensitive data.

A More Serious Problem than the HeartBleed Bug – Apathy

Thursday, May 8th, 2014

As Heartbleed began to affect the tech world last month, it has now become inescapable, popularized in all forms of news media. The bug affects more than 2/3rds of all websites and capitalizes on a flaw in SSL (Security Socket Layers). Information once thought to be encrypted online can now be stolen, and the bug is already beginning to claim victims.

Most likely your data is affected which could include social security numbers, credit card numbers, but more commonly your online identity through usernames and passwords. Although it’s still unknown whether successful attacks directly attributed from Heartbleed have  occurred. National media coverage is a step in the right direction, as Heartbleed continues to become a more serious threat to the personal identities of millions of internet users. The more the average consumer perceives Heartbleed as a threat, the more likely they will take action, yet all is not in the clear.

Apathetic Consumers

As the flood of emails from common sites we use everyday begin to bombard our inbox, a more serious problem with human nature still exists. Apathy will prevent heartbleed from being resolved in a timely manner. How many consumers will ignore the password reset emails and continue browsing the web without a second thought? Too many. And what’s worse is consumers who do change passwords on online accounts are still vulnerable, it’s possible the information was stolen before a website patched the Heartbleed bug vulnerability.

Apathy is why according to a survey conducted by PayPal, 60% of online users use the same password for all online accounts.

Apathy makes Heartbleed a serious threat to the security of the internet. It also leads to ignorance, provoking one commenter on a national news site to share their username and password of their online accounts. The inevitable happened next, they were hacked.

Apathetic Companies

Heartbleed has affected 2/3rds of the internet, yet not all companies are Google and Amazon. Many small business websites have been comprised. Without an internal IT team or partner, it’s very likely local or small businesses have been hacked with data compromised and what’s worse, they might not do anything about it. As a small business, it is your responsibility to alert customers and monitor if your site has been affected by the Heartbleed bug. If so, it is your responsibility to patch and fix the vulnerability.

What to Do if You Are Apathetic

If you are a consumer, take the time now to update your online accounts and create new, more secure passwords. Mashable shared this great guide which shows sites that need passwords changed, and those that don’t, for now.

If a small business, discuss with your IT department or partner any vulnerabilities from the Heartbleed bug. There are many sites that exist to help identify if your site has been affected. Here’s just one.

Author

Daren Boozer is the President & CEO at NCC Data. NCC Data specializes in IT outsourcing and managed services consulting. It is one of the top independently owned IT services and communications companies in the Dallas-Fort-Worth Metroplex.

The Dark Side of Social Media

Thursday, March 1st, 2012

Which of the following statements are true?

  • 845 million people actively use Facebook.
  • Over 50% of the population in North American uses Facebook.
  • Facebook accounts for 1 out of every 5 pageviews on the internet worldwide.
  • There are 2.7 billion likes every single day on Facebook.
  • Facebook has 425 million mobile users.
  • Facebook is a favorite target for cybercriminals.

If you said that they all were true, you’re right. Obviously Facebook and other social media networking sites are a boon for businesses, an opportunity to reach enormous amounts of potential customers. But the last statement is also true. Facebook and other social media sites hold stores of valuable information, and draw cybercriminals like pirates to buried treasure.

This particular type of crime is on the rise. Security research labs report a 20 to 40 percent increase in malware targeting social networking sites. Just this January, a campaign disguised as a friend request attacked Facebook users, who not only didn’t get a new friend, but ended up connecting to a site hosting a malicious JavaScript.

Right about now, you may be wondering why a network support provider is blogging about friends and social media sites. But Facebook and the other sites aren’t just about friendship. Just one look at the numbers shows you the impact they can have on your business. The negative impact can also be huge. The number one cause of data breaches is malicious attacks. Not stolen laptops or accidental sharing, but attacks that arrive via the Internet and more and more often through social media. And social media has a wide range. Your business may have a page. You employees may access Facebook on breaks. They may use company laptops off hours.

But don’t write off social media—it’s too valuable. Instead, we suggest using a two-fold security strategy: education and technology… First, educate your employees. Make sure they use strong passwords and don’t click on links that seem even slightly suspicious. If you know of a particular threat, make sure everyone at your company knows about it. And for the technological half of your security, call us at NCC Data, the leading provider of IT services in the Dallas Fort Worth Area. We stay up-to-date with the newest security solutions and monitor the latest threats, so you don’t have to. You can take advantage of the opportunities that social media offers, knowing that NCC Data, your network support provider, is protecting you from the dark side.

Is Your Network Security Up to Date?

Monday, February 20th, 2012

Managed network security means you can breathe easy knowing NCC Data is proactively monitoring your network for security flaws and risks. Through our software partnership with Webroot, we enable management staff to monitor and control their employees’ access and time on the internet, applying Internet access policies to individual users or groups to increase productivity and to maintain the security of your network. We enforce policies even when users attempt to circumvent them via proxy bypass sites.

We also maintain security software on all computers connected to your network to protect it and all the others from malware and spyware by monitoring your company’s position on the security life cycle, allowing us to prepare a customized strategy to ensure your network is secure. Early intervention allows us to be proactive in addressing potential threats to network security.

The Cost of Cybercrime: $114 Billion+

Tuesday, September 27th, 2011

According to the Norton Cybercrime Report 2011, online criminals cost global businesses $114 billion in 2010. In addition, the value of time lost to cybercrime was estimated by the victimized businesses as $274 billion. All together, cybercrime set companies back a whopping $388 billion. To put it in perspective, that’s more than the global black market in marijuana, cocaine and heroin combined ($288 billion). The number of people affected is also staggering. Each day, more than a million people will fall victim to cybercrime. That’s twice the number of babies born every day (490,000).

Surprised? You’re not alone. To begin with, the enormity of cybercrime is just recently mainstream news. The cost to businesses had not been calculated until Norton’s recent report, and it’s not the type of crime to make big headlines, with the exception of a few notable cases. You may also be surprised at the profile of cybercrime victims: it’s tech–savvy men between 10 and 35 who most commonly experience cybercrime. It may be because they’re more likely to use mobile devices. The Symantec Internet Security Threat Report, Volume 16, released this past April, observed 42% more vulnerabilities in mobile operating systems in 2010 than in 2009.
According to the Symantec report, cybercrime in general is up, too: web-based attacks increased 93% in 2010. Besides the new mobile technology threat mentioned above, the report noted four other cybercrime trends:

  • Targeted attacks. As the name implies, these are not random attacks.  Instead, the attacker chooses victims by identifying them as having access to valuable data or systems. It’s not just large corporations who are at risk: more than 50% of victims are businesses with less than 500 employees.
  • Social networks. Criminals often peruse social networks for identifying information, so that they can gain the trust of their victims and then target them with malicious malware.
  • Zero-day vulnerabilities and rootkits. Organizations are often not aware of a cyber threat in time to stop it. Criminals exploit this window of opportunity to attack. Rootkits, which allow the attackers continued privileged access to the computer system, may be installed.
  • Attack kits. Easily available, sophisticated attack kits allow even novice criminals to steal online information.

The rising wave of cybercrime and the costs involved should make it obvious that online security should be a priority. Instead, many businesses who could benefit from the protection offer by a professional computer network support company leave themselves open to attack. NCC Data offers complete IT services to Dallas-Fort Worth businesses and can protect your business from cybercrime. Our specialists recognize the complexity of current threats, keep abreast of new trends in cybercrime, and understand the best ways to protect your company’s valuable information. By engaging NCC Data as your computer network support company, you can make sure that your business is armed with knowledge and shielded with support.

Network Security: Three Threats You May Have Overlooked

Wednesday, August 24th, 2011

Most of us take the time to make sure that our houses are secure. We lock our cars and hide our valuables in safe places. We’re just as careful with our businesses.  No one leaves the door unlocked. But there’s one priceless commodity that too many people (and too many companies) leave vulnerable: information. Even businesses that have professional computer network security support may not have covered all their bases. Is your company at risk? Read on to learn about three security threats you may not have considered:

Mobile Devices

Mobility technology presents an opportunity for businesses to increase efficiency. It also provides an opening for criminals on the lookout for information. Sometimes the thieves target specific devices. This past spring another iPhone worm reared its ugly head. Tablets like the iPad are now being used for work and so are open to attack. On January 21, 2011, buyerzoneblogger posted, “Ironically, the same week that Apple boasted that 80% of Fortune 100 companies are currently experimenting with the iPad for business use, an Apple iPad security breach story from June resurfaced in the news. On January 18th, the FBI stepped in to charge two individuals over a security breach that affected over 120,000 Apple users, including CEOs, media company employees, Mayor Michael Bloomberg, government employees, politicians, and the U.S. military. It was reported that email addresses and other personal information were stolen.”

Sometimes information loss isn’t planned. Mobility technology, by its very nature, is more apt to be lost or left behind by a careless employee. Which leads us to our second threat …

Your Employees

Your employees may not mean to put your company information at risk, but simply opening an email can import malicious spyware. Employees who access Facebook on company computers can invite trouble, too.

And then there are disgruntled employees who have access to company data. There are dozens of cases of malicious insiders attacking systems and stealing data. Fannie Mae, United Way and T-Mobile have all been victims. But it’s not just large organizations that are in danger from cyber criminals. In fact, many businesses, large and small, put themselves at risk with …

A False Sense of Security

A recent report from Qualys noted that more than 80% of websites are vulnerable to attack due to incorrect SSL implementation. Even more concerning, the companies thought their sites were secure. Research by AMI-Partners industry found that almost half of all small and medium-sized businesses don’t have even basic security precautions. Enormous corporations also leave themselves open to attack: recent data breaches at Citigroup, Epsilon and Sony could have been prevented with basic security measures, according to a Protegrity report.

These three often unheeded threats are just the tip of the iceberg. We’ve provided this insight into these potential problems believing that forewarned is forearmed. Now that you’re armed with information, what do you do next? You consult with a computer network support company that stays up-to-date on the latest threats, and knows how to keep your business’ data secure. We at NCC Data offer IT services to Dallas-Fort Worth businesses. We provide much more than just computer network support, we provide peace of mind.

Is Your Network Safe from Malware Attacks?

Thursday, April 28th, 2011

Managed network security means you can breathe easy knowing NCC Data is proactively monitoring your network for security flaws and risks. Through our software partnership with Webroot, we enable management staff to monitor and control their employees’ access and time on the internet, applying Internet access policies to individual users or groups to increase productivity and to maintain the security of your network. We enforce policies even when users attempt to circumvent them via proxy bypass sites.

We also maintain security software on all computers connected to your network to protect it and all the others from malware and spyware by monitoring your company’s position on the security life cycle, allowing us to prepare a customized strategy to ensure your network is secure. Early intervention allows us to be proactive in addressing potential threats to network security- security breaches have become more dangerous and malware is smarter than ever. Blended threats, multi-pronged attacks on multiple locations within your system , are on the rise, and businesses that do not address security for their network and peripherals are vulnerable to attacks that could cause irreparable damage. AMI-Partners industry research shows that nearly half of all small- and medium-sized businesses have not implemented even the most basic security precautions, such as anti-virus software and firewalls. There is a general misconception that large companies are more likely to be victims of network security attacks. This false sense of security leaves many small- and medium-sized business networks inadequately protected from spyware, viruses, worms, hacker attacks, customer data theft and other security threats.

NCC Data can take a proactive approach to your business’ proctection from malware, viruses and hackers. Call us today to see how we could help safeguard your network.

What is your Plan B?

Friday, October 8th, 2010

Many businesses overlook the importance of data back ups until they incur an unexpected loss or corruption of data. When it does occur many times the only option is a restore from a previously created backup. If your company has made backups of all data stored on the various hard drives and servers, restoring that data will go much more quickly.

All computer components are subject to failure at one point. Unfortunately, virtually every company faces some type of failure in technological infrastructure. The largest threat to operational rebound is data loss or corruption. While the causes of these vary, not all are easy to overcome.

There are many options available to businesses for storing and backing up of data.  Although antiquated and sometimes limiting in size, there are tape drives and tape libraries, CD-R’s and CD-RW’s to DVD technologies. More popular today are the options to use NAS (Network Area Storage) and SAN (Storage Area Networks) and even remote backups over the Internet. Windows XP/Server 2003 and beyond offer the capability of a restore point in the event that your system becomes corrupted.

Just having these tools available to you is not enough. They need to be implemented properly and on a continuous basis to be effective. Companies need to create back up plans for their businesses and review them annually to evaluate viability and potential need for expansion – and the smart ones know to hire a company like NCC Data to do it right.

When discussing data backup plans with our clients, there are certain options to consider:

·       How often to perform the backups

·       What type of backup media is best suited for your business

·       Keeping your backups off site in the case your business is affected by some type of natural or man made disaster

·       Software to monitor your backup process in order to ensure that your backups are not corrupted as well.

Additionally, we check the effectiveness of the restore process occasionally to determine that it will run as smoothly as possible.

What is your Plan B?  Ask NCC Data how we can help! Your business needs to be secure in the continuity of operations with a customized data back up plan meets your needs and we’re ready to go to work. Contact us at 972-354-1600 or on the web at www.nccdata.com to learn more.

Hackers Have No Place in Your Business

Monday, September 13th, 2010

Just how important is network security? Aside from your employees, your company’s computers and network are the epicenter of your business. Now that almost everyone is online and connected to extended networks, it is of paramount importance that network security is top of mind for all organizations to protect their infrastructure, data and customer’s information.

A network can be any group of computers that are linked internally or externally. Network Security is simply a process adopted to detect as well as prevent unauthorized usage of your computer network. Different types of network security that NCC Data deploys for our clients include:

•    Authentication – Prevents unauthorized users from accidentally accessing other users’ resources.

•    Intrusion Detection System (IDS) – A platform designed in such a way that it alerts administrators when there is trouble from an external or internal source.

•    Email security – Encryption software keeps hackers from intercepting and reading confidential information. Email signing certificates not only let you digitally sign your email so that recipients can verify it’s authenticity, but it also encrypts your messages for viewing by intended recipients only.

•    Web access control – Access to website areas or applications served via the Internet are controlled via a role based or user based access model to limit access to certain data and applications by unauthorized users.

Network security is the backbone of the network ensuring confidentiality, integrity, and protection against many external and internal threats such as email based network security problems, denial of service attacks, worms, trojans, and wireless network security attacks. Hackers are always on the lookout for vulnerable networks to break into, and it’s our job to stay one step ahead of them. In fact, since today’s networks commonly connect to the Internet, it’s estimated that when one computer is online it is connected to an average of 50,000 unknown computers and networks making it extremely vulnerable to attacks.

Your business needs a safe platform for your computers, programs, and users to carry out their tasks within a protected environment, and NCC Data is ready to help.  Contact us at 972-354-1600 or on the web at www.nccdata.com to learn more.