Before we go into detail about what network security tools your organization should be using, we should say that the whole point of doing all of this is to protect your organization?s investments. You?ve paid for the services, hardware, software, and the time that it has taken to create and store the data, so it only makes sense that you should make the effort necessary to protect it. By protecting your data, you are protecting your staff, your customers, your vendors, and your business. You wouldn?t just leave a bag of money in plain sight inside the front door of your business unless it was locked and you could ensure that no one was coming through it, would you? The same precautions should be taken for your digital assets that, make no mistake about it, are being targeted. Protecting Business Computing A business? computing infrastructure is larger and supports many more services than it ever has in the past. For this reason, we have to start outside the network itself. Cloud services are a big part of today?s business. When they are hosted outside of your network, they are managed by a third-party and one would think they have their own security team handling cybersecurity. Obviously, this can?t be guaranteed, but one would think that if a company is selling processing, applications, or storage over the Internet that their business model depends on their systems remaining secure. For the end-user to access these systems there is a dedicated access control program attached. Many times organizations will require users to set up two-factor authentication to get the most out of the access control system that accompanies the cloud solution. In the cloud, many different types of software, hardware, and other services are available. As we get into the outer layers of the network, the first place where a company has secure is called the perimeter of the network. The best way to do this is by deploying a firewall. A properly deployed and maintained firewall will go a long way toward keeping unwanted visitors off of your network. But in today?s state of things, having only a firewall in place isn?t going to cut it. Going the Extra Mile There is now security solutions called Intrusion Prevention Systems (IPS) or Intrusion Detection Systems (IDS). While these solutions aren?t mutually exclusive, and IDS? job is to tell administrators that there has been a security breach, while an IPS is designed to keep these threats out by attempting to block suspicious activity. An IPS also logs all network traffic, an often substantial undertaking, to ensure that administrators can review, and try to isolate any potentially unwanted action or file that enters the network. Years ago, this would have been enough to keep most threats out. Today, it?s just the beginning. If you think of a computing network like an onion, every ?layer? of the network will get its own access control system and its own firewall. This way each part of a computing network, from the perimeter, to the applications, to the databases where all the data is held are all protected by a different source of encryption. By setting up a tiered access control system that requires authentication in multiple places, it makes it harder for unauthorized access. It also protects your […]

Most social media sites require that you create an account to represent your business, but in order to do this, Facebook and LinkedIn require you to have a personal account prior to creating a business page. To this end, we?ll be providing tips on how to keep your personal accounts safe from other users, thereby protecting your business. Facebook First, you?ll need to create a personal profile. Facebook doesn?t allow Pages to be created without having a personal profile. Once you have done this, you can use the blue bar at the top of the page to find the feature to Create a menu item. From these options, select Page. From here, select the Business or Brand option to fill in the requested information. You can hide the personal information on your profile page by accessing the Settings via the drop-down arrow at the top-right of the window. From here, you can navigate to the Privacy sub-menu. To lock down your account, set Who can see your future posts to Only me. You can also limit past posts. Furthermore, you should take these actions. Under the How People Find and Contact You area, you need to select Friends of Friends for Who can send you friend requests. Set Who can see your friends list to Only Me. It?s important that you set Who can look you up using the email address you provided to Friends and do the same for the option Who can look you up using the phone number you provided. Uncheck the box on Do you want search engines outside of Facebook to link to your profile, too. Next, you?ll want to click on the Timeline and Tagging option on your left. Change the option for Who can post on your timeline to Only me. With all these settings configured in this way, only your Facebook friends will be able to see your account. LinkedIn LinkedIn also requires you to make an account before creating an official business page. Once you have an account set up, you can create a business page by clicking on Create a Company Page + under the nine-dot menu and following the prompts given. You can hide your LinkedIn profile by accessing Settings & Privacy. Under Privacy, you?ll see several options allowing you to customize the information that LinkedIn shares with others. While social media can lend a considerable amount of visibility to your business, it shouldn?t come at the cost of security. For more tips on how to be as secure as possible with your business, subscribe to our blog.

Wearable Technology Has Been a Successful Mixed Bag When you crunch the numbers, wearables have been an overwhelming success, and they are much appreciated by their consumers. The number of connected devices in the world was a modest 525 million in 2016, but it is expected to skyrocket to 1.1 billion by 2022. It?s estimated that 167 million smartwatches and wristbands will be shipped that same year. It?s clear that wearable technology is a commercial success, giving those who research and create it more than enough reason to pursue its continued manufacturing, but there are major concerns regarding security that need to be addressed. The Dangers of Data Wearables present security risks that all businesses need to address. One example of wearable devices accidentally leaking data comes from a heat mapping feature of the Strava fitness application, which accidentally revealed the locations of classified military bases. Wearable devices are also not updated as frequently as other devices, meaning that they could be more likely to contribute to a DDoS attack as part of a botnet or provide hackers with an unsecured network access point. It?s also important to consider that these devices tend to collect data. In many ways, the data collected by these devices can be considered disadvantageous to the user, so they will need to consider how the data could be used by any of their devices. The Regulations that Have Been Put in Place (and Which Matter) Any technology that makes a big enough splash is one that will eventually be subject to regulations. However, the governing bodies and organizations that would put these regulations in place might not be able to do so at any given time. Here are a few to consider: The FD&C Act The Federal Food, Drug, and Cosmetic Act doesn?t have any power of wearables–even medical devices–because they are defined as a ?low-risk general wellness product.? Therefore, the manufacturer?s intended use of the device is what defines it as a medical device or not, meaning that devices that are put together by wearable manufacturers won?t be classified under this umbrella term according to the FD&C Act?s standards. HIPAA The Health Insurance Portability and Accountability Act protects the individual?s right to their health information. HIPAA provides many protections, but it doesn?t specifically cover wearable technology. Wearable manufacturers also aren?t touched by the secondary use of health data, which is the use of personal health information beyond the direct delivery of healthcare. Considering how all data is produced by a consumer and not a covered entity, the secondary use of health data doesn?t apply. The FTC Act The Federal Trade Commission can go after companies that are carrying out deceptive practices, including a failure to comply with a privacy policy. This covers entities that are covered and not covered by HIPAA, and the FTC Act dictates how non-covered entities handle their health information-related security practices. The FTC can also bring on legal action against these organizations who are careless with consumer information, whether it?s violated privacy rights or a failure to keep proper security measures. The FTC has made its stance on wearables clear. In 2017, the FTC reported that few companies ever discuss their cross-device tracking practices in their privacy policies. Cross-device tracking can allow multiple devices to be associated with a single […]

Why Do You Need Business Continuity? You?d think the answer to this question is pretty simple, right? You need a business continuity plan so that when some horrible thing happens, that all the people that depend on your business aren?t victims of your lack of preparedness. Having to shutter your business is never a happy time, so if something were to happen that puts that option squarely on the table, having a plan in place that will allow your business regain solid footing is only practical. What Exactly is a Business Continuity Plan? It?s easy to talk about the things that you need to do to protect your business, but no matter how big your business is on the surface, once you realize how many people it affects, how many people have come to depend on it, and how many considerations are needed to keep everything in order in the face of an operational interruption, you realize you need a plan. The business continuity plan is exactly that. It is a strategy that takes into account all the parts of a business, and makes contingencies for them all. Successful businesses manage risks better than less successful businesses, and a business continuity plan is put in place to manage all the potential risks that could jeopardize your business? sustainability. The Strategy Behind Business Continuity In order to properly strategize a continuity plan, you?ll first have to ascertain what scenarios you would need one for. Of course there are the ones you first consider: Disaster. When people think of disaster they typically think of fire, flood, tornado, and the like; but, what needs to be understood is that any situation that could cause an interruption to regular operations needs to have a continuity strategy. That?s not to say that a little Internet downtime that you?ll inevitably receive from your ISP needs to have a BC strategy tied to it, but any meaningful operational downtime could be incredibly costly, so having a plan to proactively avoid risky problems puts your business in a position to avoid those events. Some Business Continuity Tips for the Business New to Business Continuity The first thing you have to identify the risks you have. Risk is the number one variable you need to know to establish a useful business continuity strategy. Establishing what your business? most prominent risks are, and what effect they will have on your business can lead you to understanding where to start. For example, if your business is in a flood zone, you can be fairly sure that one of the biggest risks to your sustained operational effectiveness will certainly be flood. Since you know that flood is something you have to ward against, your business continuity strategy will be to set your business up to be able to sustain itself even if you are inundated with flood waters. Some risks you are going to run into are inherent in the course of doing business, but some risks; and, often some of the worst ones, are specific to the situations your business will get into. This leads us to our second tip. We suggest that you give some thought to how to most effectively, and affordably, address the risks you?ve identified. Oftentimes the answers are common sense, but sometimes resolutions can be difficult […]

What?s the Difference Between Phishing and Spear Phishing? In a word, personalization. Your typical phishing campaign, in keeping with the analogy, casts a wide net to try and catch as many victims as possible. By writing a very vague and generic email that appears to be from some large company or organization, the typical phishing attack can be leveraged against almost anyone with a reasonable chance of success – although this also makes them easier to spot if one knows what to look for. Spear phishing, on the other hand, goes for quality over quantity. Instead of casting out a wide net to snare a large group, spear phishing requires a focused approach, as it targets a single, influential individual. In order to do this effectively, a cybercriminal can?t just rely on a generic message. Instead, the hacker will do some digging, finding out everything they can about their target – where they work, who they work with, and what it is that they do. Once they?ve collected the information they need, the hacker will spoof an email – often referencing some project or mutual contact to prove their ?legitimacy? – with a link to a downloadable file. This link will take the recipient to what appears to be a login page for Google Drive or Dropbox, but is actually another part of the hacker?s trickery. Once the user enters their credentials, the scammer has them to use for themselves, completely undermining the user?s security and potentially causing a business crisis. How Do Spear Phishers Fool People? There are a variety of ways that hackers can make their messages more convincing, especially when they?re leveraging a spear phishing strategy. These methods combine some practical skills with a bit of psychology, supported by the research that these types of hackers do. As a result, instead of the phishing message being vague and generic, it might reference actual events, people, and things relevant to the target. They will often be spoofed to appear to come from an authority figure, like a manager or the CEO, to encourage the recipient to do as the email says without really thinking about it or questioning it too much. Unlike many other phishing messages, spear phishing messages are typically well written, without spelling or grammar errors. These cybercriminals can be especially devious and will even buy close-match domains to make their attacks that much more convincing. Let?s say that you owned the domain example-dot-com. Someone trying to phish someone else by posing as you could purchase their own domain, example-dot-com. Looks the same, but by using a capital ?i? instead of a lowercase ?l?, the phisher can create a lookalike site that truly appears to be legitimate. Who Do Spear Phishers Target? This is one of the main reasons that spear phishing requires so much research – not only does the hacker have to identify who they are going to target; they have to also identify the best way to scam them. As a general rule, however, spear-phishing attackers will target those people in an organization who have access to the information that the phisher wants, but not enough clout to question a request from (what appears to be) up the chain of command. In other words, a business? end users. So, what can you do […]