What to Do If Your Data Is Included in a Leak

by

Data breaches are now daily occurrences and can happen to any business. The April 2021 leak of 533 million Facebook records was one of the largest known data leaks, but even if you weren’t affected by that one, you may still be at risk.

There is no easy way to know if your information has been leaked. When a business is hacked, it typically sends a notification letting you know, but this isn’t guaranteed. And you can’t go in and check the Dark Web. It is difficult to find and dangerous to access, and that is why the bad guys like it.

It’s a good idea to navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files. This isn’t conclusive, but it can help.

Even, if you’re not sure if you’ve been a victim of a data leak, you’ll want to take action.

There are several smart strategies to follow immediately.

#1 Limit your social sharing

It is simple to share on social media – that is part of the fun. You share the pictures of your wedding day or anniversary, or your new house with its address. You’re filling in family and friends in your life, right?

Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo who uses the feline’s name as a password gives hackers an edge.

You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.

#2 Use Unique Passwords

Would you believe people still use “12345678” and “password” as their passwords? If you are one of them, stop now. We’ve said it before, and we’ll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.

You might use a password keeper such as 1Password or LastPass to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them.

#3 Add Two-Factor Authentication (2FA)

Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need to obtain access not only to log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birthdate from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.

Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.

#4 Stop Signing into Other Sites Using Social

Sure, it is convenient to use your Facebook or other social media account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too. Yet you are increasing the risk of account compromise.

The hacker may access the third-party application and use that as a stepping stone to get into your social account. That’s where the trove of data is.

#5 Develop an Alternate Ego

It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.

Don’t fabricate personal details for an employer, or a financial or educational institution. But you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.

Need help securing your social media or other online activity? Our experts can help. Contact us today at (515)422-1995!

Handle with Care: Sending Data Securely

by

In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.

What data do you send in a day’s worth of emails? Sensitive data you send might include:

  • personally identifiable information (PII);
  • credit card or payment card information;
  • attorney–client privileged information;
  • IT security information;
  • protected health information;
  • human subject research;
  • loan or job application data;
  • proprietary business knowledge.

The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?

Transmitting data on the Internet in plain text is like the postcard – anyone can read the information. And before you think that no one can actually see your data in transit, think about where you are sending from. Your office network may be password protected and secure, but what if someone waiting for their coffee at Starbucks opens the message using the free Wi-Fi network?

Anyone can intercept communications on open networks with the right tools. This type of cyberattack is common enough to merit its own name: a “man-in-the-middle” attack.

So, how can you stay safe when sending sensitive data?

Embrace encryption. Encrypting the data is like sending that sensitive information in a locked box. Encryption encodes the information to add a level of security. If encrypted data is intercepted, the scrambled data is unreadable by unauthorized users. Only a user with the correct decryption key can access the text.

Encryption also provides additional confirmation that the information is coming from a reliable source.

Your business should also require Secure File Transfer Protocol (SFTP) for sending and receiving large or numerous digital files. You may have heard of FTP, but this file transfer protocol is not encrypted. SFTP is the secure version of FTP, as it encrypts the files in transit. If a nefarious entity does intercept the files, it won’t be able to read them without the decryption key.

Specifically, encourage your employees to:

  • use encrypted email only (common providers such as Gmail and Outlook support it; others require third-party apps or services);
  • encrypt files before sending to the cloud (in case accounts are breached or services hacked);
  • never open business communications on unsecured Wi-Fi networks;
  • keep good track of laptops and other portable devices and use drive encryption in case – with encryption, a lost laptop or stolen thumb drive is more secure, and criminals will have a difficult time stealing sensitive information, too;
  • control data access – grant permission to view, edit, or send files with sensitive information only to users who need that data for their jobs.

Managed service providers help your business decrypt how to send its sensitive information. Turn to experts in cloud services and IT security to learn how to securely send and receive data.

Contact us today at (515)422-1995!

Storage Struggles? How to Keep Up with the Data Explosion

by

The digital boom presents us with brand new problems too. By moving all our files into a digital space, the amount of storage we need to maintain has grown larger and larger just to keep up.

As digital technology has improved, the resolution, clarity, and size of the digital files we create has exploded. Items such as Xrays, which used to be printed on film are now digital files transferred by computer. As a result of the increase in both the number of digital files we use and their ever-growing size, the size of the data we need to store has exploded exponentially.

There are a number of ways in which we can tackle our ever-growing storage problem.

Local server or Network Attached Storage (NAS)

A local server is a machine physically located within your own office or building. These are typically designed to serve many files to multiple clients at one time from locally held storage.

The primary advantage that a local network server has is that all your vital data is available to all users in one central location. This means that employees across the network can access all the resources made available.

These machines can serve files at the speed of the local network, transferring large projects, files, and documents from a central position within the network with ease.

A NAS has many of the same network properties, typically packaged as a smaller profile, low powered computer. A NAS is specifically designed to enable network file sharing in a more compact package. These can be available in units small enough to fit in a cupboard nook and yet still provide staggering storage capacity on only a small amount of power.

Both a local server and NAS device allow for large amounts of storage space to be added to the local network. These units are often expanded with more and more storage over time. As an organization grows over time, so do its data storage requirements.

Cloud Storage

Sometimes the best option for storage is to move your ever-expanding data outside of the business completely. Often, offloading the costs of hardware and IT management can work out to be an intelligent business decision. One that provides freedom and flexibility in your data storage needs.

The major advantage of cloud storage comes from the ability to expand and contract your services as needed without the unnecessary overhead of adding and maintaining new hardware.

By moving storage to the cloud, data can be accessed from anywhere in the world. The flexibility provided by cloud storage allows limitless expansion to any number of devices, locations, and offices. Being able to access data from many locations at a single time can often provide a valuables boost to productivity that can help to speed projects along.

Some of the drawbacks of cloud storage come from factors that may be outside of the control of the business. Not all internet connections are found to be up to the task of handling large amounts of data to and from the cloud. In some cases, the infrastructure is quite simply not in place yet to support it.

IT security regulations can prove to be a barrier to enabling storage in the cloud too. Some regulations either prohibit the feature entirely or enable only certain specific types for use.

The Right Choice for your data

Both cloud and local storage can provide further benefits to enhance your business. Audit logs, central backups, and version control can all be used to secure the way your firm handles data.

Whatever your situation, whether a small NAS can boost your office productivity, a local server can provide the connectivity missing from your firm, or cloud storage can switch on new resources, we can advise on the best choices for your business.

Give us a call at (515)422-1995 to allow us to use our expertise to make the right chose for your data.

How Losing a Mobile Device Puts Your Entire Business at Risk

by

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device is unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services are vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at (515)422-1995 and let us help secure your business.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy