October 21st, 2013
As we’ve mentioned before, it’s impossible to be completely secure. Hackers continually adjust their tactics and upgrade their tools to breach any network. Because of this constant evolution, security has to constantly change and be updated as well. Your security infrastructure becomes less effective every day. Debbie Mahler, of the State of Security blog, writes that security is a process. She suggests some tips for how to continually improve your cyber security.
- Identify the weakest link
In order to improve security, you first have to find out where it needs to be improved. Usually, employees are the downfall of any security infrastructure. Unsafe web surfing habits, or human error often result in breaches. It’s important to study their habits in order to put policies in place that will keep your business more secure.
Having a firewall in place, and password protection on routers is a great step towards being more secure. But, too many people fail to utilize the tools they have at their disposal. For example, there have been many instances of security breaches stemming from a failure to change default passwords on routers. If you’ve taken the time to put these measures in place, take the additional time to make sure you’re using them effectively.
This is a common IT security rule. For any file, no one should have access. That’s where you start, then add permissions as necessary. This will keep your most valuable data secure because only a select few will have access to it.
Catastrophic data breaches usually happen after your network has been infiltrated previously. And, each time there’s suspicious behavior on your network, the logs have the evidence. Be sure to regularly review the logs in order to catch potentially harmful situations before they explode into disasters.
Security for your business is a big job that requires constant supervision. For help, contact Geek Rescue at 918-369-4335. We offer security audits and solutions for any breaches in your current security infrastructure.
September 30th, 2013
You’ve probably taken some precautions to make sure your computer is protected from malware, viruses and other potential security issues. But have you taken precautions to protect your router?
A recent post on NewsFactor notes that there are router-specific malware threats capable of reconfiguring it. A malware infected router is able to redirect users to malicious sites in order to steal data or infect them with more malware and viruses.
Imagine you are using your computer to check your bank balance. If your router is infected with malware, it could redirect you to a similar looking site that is actually designed to steal your log-in information. Minor differences will alert you that something is wrong, but you have to be looking for them. A slight difference in the way the site looks, or a missing option in the menu are tell-tale signs that this site isn’t legitimate.
Thankfully, most banking websites offer security specifically designed to alert you if you’re not on their official website. However, other websites don’t take the same precautions.
Your browser also has security tools available to help keep you safe in these situations. When the warning pops up that a website’s security certificate isn’t recognized, don’t ignore it. This is a warning that using this site puts your data at risk. If you see that warning, don’t use that website. If needed, contact the business directly by phone and ask them about their website.
To protect yourself, make sure your router is updated continuously. Newer models usually update automatically, but it’s worth checking to make sure. Also, use the password protection options. Not only should your router be password protected, but that password should be changed often and not easy to guess.
To find out how to improve the cyber security at your home or office, contact Geek Rescue at 918-369-4335.
September 30th, 2013
Creating an adequate, effective security infrastructure for your business is difficult. It becomes impossible, however, if you don’t take the time to consider where your weaknesses are.
Patrick Budmar, of ARN, reports that security experts estimate that 80-percent of IT security spending at an average company is focused on only 30-percent of the problem.
Firewalls, intrusion protection systems and endpoint security are noted as receiving the bulk of most security budgets. However, diverting funds to increase prevention and detection of threats is a more efficient practice.
Regardless of the amount of security software in place, there will be breaches and gaps in your security. That’s why experts recommend focusing more attention on monitoring data and constantly checking for abnormalities within your network. Many times, a security breach goes unnoticed for weeks or months at a time. This allows for an exponentially higher amount of damage than if the breach was detected immediately.
An audit of your company’s cyber security exposes the potential flaws. It also shows where more attention or funding is needed, and where funds can be diverted from. This way, you’re able to upgrade security by spending more intelligently, not necessarily by spending more.
Geek Rescue provides security audits and the tools needed to improve security. Call us at 918-369-4335 before an attack to avoid costly damage and data loss.
September 27th, 2013
You’ve heard how important robust cyber security is for your business. You’ve read the articles, you’ve seen the statistics and heard the urging from IT professionals. Unfortunately, for many small business owners, the warnings don’t truly sink in until after they become a victim of an attack.
Ericka Chickowski, of Dark Reading, writes that a cyber attack doesn’t have to solely be a negative on your company. It is costly and it could hurt your credibility with your customers and prevent you from offering your services for a time. But, it’s also a chance to learn a lesson and become stronger.
During the recovery process, it’s important for companies that have been victimized to take time to study why they became a target in the first place. The exploit is like a real-world audit of your security infrastructure and, unfortunately, your security failed. Take this opportunity to improve the holes and the day-to-day processes of your company.
Be sure to take this opportunity to address your entire security infrastructure, not just the part that was exploited. Your security likely doesn’t have only one flaw. And even if you find that the software in place is adequate, you may discover that you employees actions put data at risk.
You should also critique your recovery plan. Think about the company-wide actions after the attack took place and consider how they could be improved. Your goal should be to cut downtime and restore data as quickly and fully as possible.
If your security is breached, you definitely can’t afford to ignore it. Let it be a message to you that a more serious investment in cyber security is needed.
For a security audit, or to find out what your options are for improving security, contact Geek Rescue at 918-369-4335.
September 18th, 2013
The focus of data breaches is usually on the company who was breached. Articles detail how to better secure your company’s data and how to recover if your company gets hacked, but what about the users whose personal information is now in the hands of criminals?
If you are informed by a company you have an account with that your data has been compromised, Andy O’Donnell of About has some advice for what to do next.
The absolute first thing to do is change the password on the compromised account. This isn’t a futile effort. Most likely, your log-in information is just one of thousands or millions of log-ins stolen. There’s a good chance that the hackers haven’t even been able to try it yet. So, change that password immediately and you could save yourself a lot of trouble. To be safe, take this opportunity to change the other passwords on your most used accounts. Passwords should be changed periodically anyway, but if a knowledgeable criminal has your email address and other information, it’s possible they’ve hacked into other accounts.
- Contact Your Bank And Credit Card Companies
Even if your bank was the company who contacted you about the breach, you’ll want to make sure there’s a fraud alert on your accounts. This way, any suspicious activity will be immediately noticed and you won’t end up with thousands of dollars missing. You’ll probably also want to get new credit and debit cards with new numbers. Credit card information is often the goal of any data breach, so if there’s any way the compromised company had your card number on file, be proactive and get a new card.
- Ask About Free Identity Theft Prevention Services
It has become common practice for a breached company to offer this service to their affected customers. But, you may have to ask to get the offer. Or, asking may cause them to offer it to you even if they weren’t planning to originally.
- Request A Freeze On Your Credit Report
This isn’t for everyone as their are positives and negatives to a security freeze. Do your research before requesting one. The reason it may be useful is that criminals who have access to your personal information will likely attempt to open a line of credit with it in your name. Irreparable harm could be done to your credit score if left unchecked.
Should you learn that your valuable data has been stolen from a company you do business with, you’ll want to act quickly to avoid as much damage as possible. You can’t get the data back, but you can make it significantly less valuable and prevent it from hurting you.
Geek Rescue helps business stay more secure in order to avoid these data breaches. We also help keep your home computer and network secure, so your personal information isn’t stolen directly from you. To find out how Geek Rescue helps your home and business, give us a call at 918-369-4335.
September 5th, 2013
Many companies have adopted an agile, mobile infrastructure to give employees access to vital data from practically anywhere. This is certainly effective for day-to-day business, but what happens when an employee leaves the company? How do you protect your data?
A recent post on IT Manager Daily suggests the key is a balance between your own interactions with the departing employee and security put in place after the individual leaves.
The first step is to develop a plan. In this plan should be a detailed, step-by-step protocol that is followed each time an employee leaves the company. You should also assess the risk an employee poses to the business should they be terminated or resign. Many times a senior member of your organization is more likely to steal data and start a competitor than a low-ranking employee.
Part of that plan should also include a robust contract signed at the time of hiring. This contract, similar to a non-compete, should have a data protection clause that prohibits employees from accessing and misusing company data once they’re no longer a part of the organization. These contracts also typically include a plan of action for lame-duck employees and how they will spend their last work days after putting in notice.
After an employee leaves, it’s vital that you shut off their access to any company data. Passwords should be changed on everything the employee previously had access to. If they used a company email account, you should even change the password to that. All company property should be turned in before the employee leaves. Once out the door for the last time, an employee doesn’t need any access to your data.
Taking these precautions against data theft doesn’t mean you don’t trust employees. They’re just good business tactics to ensure your data stays secure. In fact, developing a trust and allowing employees to leave on good terms is one of the most powerful ways to make sure no data is stolen. If an individual leaves liking you and your business, they’re less likely to do anything to harm it.
If you’d like to increase the security on your company’s data, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to secure your network and keep your data safe.
August 26th, 2013
Data security for all types of businesses is a hot topic. Strangely, there are still many that subscribe to the theory that data theft won’t happen to them because they either have nothing of value or because they are too small to be targeted.
Thor Olavsrud reports for CIO that about two-thirds of industrial executives at midmarket firms said they were “at little or no risk”. Even though that’s down from about 77-percent a year ago, the large number of decision makers who don’t make security a priority is exactly why their firms become a target.
While larger companies tend to embrace the security risks they face, small to medium sized companies often feel they can get away with less security because larger companies will be targeted instead. If you’re a hacker, however, would you go after the company with robust security, or the company with next to none?
The belief that a company’s data is not valuable is also a false assumption. Even without a desire for access to the data you use to run your business, a cyber criminal will want personnel files, which contain social security numbers, personal identifiable information and financial information. This is data kept by any company, no matter how big.
Without the proper security measures in place, a business will have a difficult time knowing what’s been compromised, or even if they’ve been hacked at all. That makes recovery more difficult. It also makes it next to impossible to take necessary precautions to prevent stolen data from costing you more.
Data security is extremely important for any business. Those that feel they don’t need security are actually advertising themselves as ideal targets. To build an effective security infrastructure for your business, contact Geek Rescue at 918-369-4335.
July 18th, 2013
Recently, cybercrime is growing and it’s being attributed to what’s being called “an industrial approach”, which means criminals measure their talents, programs and equipment as commodities to trade and sell. This makes the ability to attack a network a mere price tag away. John P. Mello Jr.’s article for CIO quotes Trend Micro’s Vice President of Cybersecurity as saying, “you can get enough capability to hack into almost anything for 600 bucks”.
The leading cybercrime trends were identified in a report from 41st Parameter, a fraud detection and prevention company. The first is data breaches, which refers to someone hacking into a database and stealing account information in order to sell or use for identity theft. In the past two months alone, Twitter, LinkedIn and LivingSocial have all been the victims of a data breach, which led to more than 50-million users’ passwords and personal information being compromised.
Businesses have to be aware of DDoS attacks. Short for Distributed Denial of Service, the goal is to disrupt a company’s operations, usually by disabling the website. This leads to an influx of calls, an increase in company costs and a decrease in customer trust and satisfaction. This is not necessarily done for profit, but just to hurt a business. Experts are finding, however, that often a DDoS attack is a diversion for another operation being run simultaneously.
Malware and viruses for all devices, particularly mobile due to a usual lack of security, are also significant threats. Geek Rescue protects you from all of these threats and more. Call them at 918-369-4335 for your home and business solutions before an attack infiltrates your network.