Data Breaches Are Getting Worse: Know the Basics

by

The exposure of sensitive information can be disastrous for individuals, businesses, or governments. Yet data breaches aren’t going away. The first data breach compromised more than a million records in 2005. Since then, we’ve seen ongoing news of breaches. But there are some basic steps you can take to avoid falling victim to an attack.

Let’s look just at August 2022:

  • A breach at communications giant Twilio exposes 1900 users’ phone numbers and SMS verification codes.
  • Researchers discover at least 9000 virtual-network computing endpoints exposed online without a password.
  • CISCO confirms a ransomware gang has exfiltrated 2.8GB of data.
  • An American neurology practice notifies 363,833 individuals of a data breach.
  • 4 million Twitter users are thought to have been affected by a data breach at the social media firm.

And that’s all during a 10-day period!

In its annual Cost of a Data Breach study, IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

How does a data breach work?

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone. Data breaches happen mainly when hackers can exploit user behavior or technology vulnerabilities.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

  • phishing – emails in which hackers persuade users to hand over access credentials or the data itself;
  • brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in;
  • malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.

Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to human error.

Basic steps to avoid data breaches

Too many data breaches trace back to people using weak access credentials. Yes, there are still people out there using “password” or “123456” to log in at work! Thus, an important step to counter data breaches is enforcing strict password policies.

Multi-factor authentication can also help. This way, even if the employee uses a poor password, or their strong password is stolen, the hacker has to work to get access. They might need the user’s physical device to confirm a one-time-use code sent to verify identity.

It’s also important to patch and upgrade software as soon as asked to do so. Manufacturers support security by keeping abreast of hacker attacks throughout the world. They’ll also watch for bugs and any vulnerabilities. Disregarding that message to upgrade or patch could leave your computers at risk.

Encrypting all sensitive data can also cut the risks of a data breach. That way, if the bad guys do get inside your systems, they can’t do anything with the information they access.

With more people working remotely, the number of users doing business on their own devices is also up, which represents another data breach risk. Enforce strict Bring Your Own Device (BYOD) policies to minimize exposure. You might require virtual private networks and professional-grade antivirus protection.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. You may lose customers and also have to pay legal fees or compliance fines. Don’t let this happen to you. A managed services provider can install protection and take precautions against data breaches. Call us today at (515)422-1995.

How Secure is Cloud Data?

by

Data security is a common concern when migrating to the cloud. When data is on-premises, the business secures the sensitive data, and that feels safer. But that isn’t always the case. In fact, data can be safer in the cloud than on-site at your business.

When you put together your business infrastructure, you have many business priorities. Securely storing data is only one of your objectives and could even be one that you added on later.

A cloud services provider builds from the ground up with the goal of securing data online. Thus, cloud companies typically offer far more robust cybersecurity measures. After all, the success of Dropbox or Amazon Web Services depends on securing cloud data.

A hacker can use malware or phishing emails to target the data on your business devices. With ransomware, they make it impossible to reach your data unless you pay a ransom (or have a good data backup). Yet these cyberattacks don’t work in the cloud. Bad actors might access what’s stored on an individual user’s device, but they can’t get to the larger trove of data online.

Cloud servers are also safer because they’re in data warehouses most workers can’t physically access. Plus, the service providers will usually set up redundancies. So, for example, if a natural disaster hits one server site, they will offer continued access from another site.

Some cloud service vendors will also invest in third-party testing. To keep data safe, they hire external companies to test for vulnerabilities.

More reasons cloud data is safe

Cloud data is encrypted not only in storage but usually also in transit to and from the servers. This means your information is scrambled, and a bad actor getting between your business and its cloud data can’t understand it.

Cloud service providers also regularly monitor and maintain security. They spend more resources ensuring systems are up to date. They’re also more likely to use data analytics to identify trends or threats to their security. You might do the same, but you are unlikely to do so on the same scale.

Another advantage of keeping your data in the cloud? When you move to the cloud, you no longer have to store all that data on your own hardware. You still have access to your documents, media, or reports, but the third-party provider will likely have more storage space and processing speed. So, your on-site technology may function better, too.

You’re also cutting out common cybersecurity risks. You don’t have to risk storing data on laptops, which can get lost or stolen. You also end the need for thumb drives (or USB drives), which can also be stolen or lost. Plugging in these external devices can also expose you to viruses or other risks.

How to secure data in the cloud

First off, encrypt your data. Make sure you contract with a provider who will encrypt data in transit. This makes it more difficult for hackers to get at your information.

Enabling multi-factor authentication can also help secure data by adding layers of rigor. It moves your data security beyond just asking for a username and password. We know all too well that those are often compromised or guessed.

When you move your data to the cloud, you will need to pay attention to compliance regulations. Depending on your industry, there may be particular standards for data storage. Encryption is a common compliance expectation.

It’s also a good idea to train your employees on the importance of securing data. Engaging in ongoing security awareness training can help protect your endpoints. This is particularly important with people working remotely and connecting from off-site locations.

Help with securing your cloud data

Migrating to the cloud has its benefits. Still, that doesn’t make it a straightforward process. Work with our IT experts to move your data to the cloud with minimal disruption. We can help you find the right cloud service provider and assist with data backup processes. Contact us today at (515)422-1995.

Automated Data Backups Still Need Management

by

Your business is backing up its data in case of a cyberattack or other disastrous disruption. Yes, you can pat yourself on the back for that, but don’t get too complacent with backing up. Automated backup still needs monitoring and management.

Having decided to back up data, you may feel confident you can withstand an attack or recover from unexpected downtime. But if you simply trust the backup to run at a certain time, you might be surprised. Automated backups can make the job easier. Still, you should be monitoring these backups and checking them, too. There’s nothing worse than finding out months later that something went wrong with your automated backup.

Why you need to monitor backup

A technician can set an automated backup to run on a set schedule. They select a time that causes the least interruption while ensuring up-to-date data. Yet this is too important a process to leave unattended.

Things change. The automated backup is set up for the technology configuration when originally installed. A lot can happen in the meantime as the IT environment evolves.

Blindly trusting automated backup could leave you unaware of problems such as:

  • an unplugged backup device;
  • an altered device letter, which means it isn’t found;
  • moved folders;
  • software updates that might have changed what needs to be done and how;
  • the original plan not accounting for new servers or migration from on-premises to the cloud;
  • insufficient capacity for the backup.

If no one is monitoring that backup, your business could assume it went smoothly. Then, when you need that backup, you could find out the hard way it didn’t go as planned.

Keeping an eye on automated backup

It’s not that you can’t automate backup, and there is convenience in doing so. Automating the backup of a computer, network, or IT environment can save time and money.

Yet you need someone to pay attention. Monitoring backups ensures that the process is running smoothly.

A managed service provider (MSP) will take a hands-on approach to your automated backups. If there is a failure, they have the skills to address the issue quickly and alert you of any bigger issues. Plus, with an MSP in your corner, you gain IT experts skilled at data recovery, too.

The MSP’s techs can even run data-restore drills, helping you to prepare for challenges such as ransomware attacks or accidental data deletion.

Process automation helps businesses, but don’t rely on it unattended. Optimize data backup by adding a human element. An MSP can ensure quality and fully protect your business. Contact us today at (515)422-1995.

What to Do If Your Data Is Included in a Leak

by

Data breaches are now daily occurrences and can happen to any business. The April 2021 leak of 533 million Facebook records was one of the largest known data leaks, but even if you weren’t affected by that one, you may still be at risk.

There is no easy way to know if your information has been leaked. When a business is hacked, it typically sends a notification letting you know, but this isn’t guaranteed. And you can’t go in and check the Dark Web. It is difficult to find and dangerous to access, and that is why the bad guys like it.

It’s a good idea to navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files. This isn’t conclusive, but it can help.

Even, if you’re not sure if you’ve been a victim of a data leak, you’ll want to take action.

There are several smart strategies to follow immediately.

#1 Limit your social sharing

It is simple to share on social media – that is part of the fun. You share the pictures of your wedding day or anniversary, or your new house with its address. You’re filling in family and friends in your life, right?

Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo who uses the feline’s name as a password gives hackers an edge.

You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.

#2 Use Unique Passwords

Would you believe people still use “12345678” and “password” as their passwords? If you are one of them, stop now. We’ve said it before, and we’ll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.

You might use a password keeper such as 1Password or LastPass to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them.

#3 Add Two-Factor Authentication (2FA)

Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need to obtain access not only to log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birthdate from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.

Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.

#4 Stop Signing into Other Sites Using Social

Sure, it is convenient to use your Facebook or other social media account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too. Yet you are increasing the risk of account compromise.

The hacker may access the third-party application and use that as a stepping stone to get into your social account. That’s where the trove of data is.

#5 Develop an Alternate Ego

It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.

Don’t fabricate personal details for an employer, or a financial or educational institution. But you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.

Need help securing your social media or other online activity? Our experts can help. Contact us today at (515)422-1995!

Handle with Care: Sending Data Securely

by

In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.

What data do you send in a day’s worth of emails? Sensitive data you send might include:

  • personally identifiable information (PII);
  • credit card or payment card information;
  • attorney–client privileged information;
  • IT security information;
  • protected health information;
  • human subject research;
  • loan or job application data;
  • proprietary business knowledge.

The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?

Transmitting data on the Internet in plain text is like the postcard – anyone can read the information. And before you think that no one can actually see your data in transit, think about where you are sending from. Your office network may be password protected and secure, but what if someone waiting for their coffee at Starbucks opens the message using the free Wi-Fi network?

Anyone can intercept communications on open networks with the right tools. This type of cyberattack is common enough to merit its own name: a “man-in-the-middle” attack.

So, how can you stay safe when sending sensitive data?

Embrace encryption. Encrypting the data is like sending that sensitive information in a locked box. Encryption encodes the information to add a level of security. If encrypted data is intercepted, the scrambled data is unreadable by unauthorized users. Only a user with the correct decryption key can access the text.

Encryption also provides additional confirmation that the information is coming from a reliable source.

Your business should also require Secure File Transfer Protocol (SFTP) for sending and receiving large or numerous digital files. You may have heard of FTP, but this file transfer protocol is not encrypted. SFTP is the secure version of FTP, as it encrypts the files in transit. If a nefarious entity does intercept the files, it won’t be able to read them without the decryption key.

Specifically, encourage your employees to:

  • use encrypted email only (common providers such as Gmail and Outlook support it; others require third-party apps or services);
  • encrypt files before sending to the cloud (in case accounts are breached or services hacked);
  • never open business communications on unsecured Wi-Fi networks;
  • keep good track of laptops and other portable devices and use drive encryption in case – with encryption, a lost laptop or stolen thumb drive is more secure, and criminals will have a difficult time stealing sensitive information, too;
  • control data access – grant permission to view, edit, or send files with sensitive information only to users who need that data for their jobs.

Managed service providers help your business decrypt how to send its sensitive information. Turn to experts in cloud services and IT security to learn how to securely send and receive data.

Contact us today at (515)422-1995!

Storage Struggles? How to Keep Up with the Data Explosion

by

The digital boom presents us with brand new problems too. By moving all our files into a digital space, the amount of storage we need to maintain has grown larger and larger just to keep up.

As digital technology has improved, the resolution, clarity, and size of the digital files we create has exploded. Items such as Xrays, which used to be printed on film are now digital files transferred by computer. As a result of the increase in both the number of digital files we use and their ever-growing size, the size of the data we need to store has exploded exponentially.

There are a number of ways in which we can tackle our ever-growing storage problem.

Local server or Network Attached Storage (NAS)

A local server is a machine physically located within your own office or building. These are typically designed to serve many files to multiple clients at one time from locally held storage.

The primary advantage that a local network server has is that all your vital data is available to all users in one central location. This means that employees across the network can access all the resources made available.

These machines can serve files at the speed of the local network, transferring large projects, files, and documents from a central position within the network with ease.

A NAS has many of the same network properties, typically packaged as a smaller profile, low powered computer. A NAS is specifically designed to enable network file sharing in a more compact package. These can be available in units small enough to fit in a cupboard nook and yet still provide staggering storage capacity on only a small amount of power.

Both a local server and NAS device allow for large amounts of storage space to be added to the local network. These units are often expanded with more and more storage over time. As an organization grows over time, so do its data storage requirements.

Cloud Storage

Sometimes the best option for storage is to move your ever-expanding data outside of the business completely. Often, offloading the costs of hardware and IT management can work out to be an intelligent business decision. One that provides freedom and flexibility in your data storage needs.

The major advantage of cloud storage comes from the ability to expand and contract your services as needed without the unnecessary overhead of adding and maintaining new hardware.

By moving storage to the cloud, data can be accessed from anywhere in the world. The flexibility provided by cloud storage allows limitless expansion to any number of devices, locations, and offices. Being able to access data from many locations at a single time can often provide a valuables boost to productivity that can help to speed projects along.

Some of the drawbacks of cloud storage come from factors that may be outside of the control of the business. Not all internet connections are found to be up to the task of handling large amounts of data to and from the cloud. In some cases, the infrastructure is quite simply not in place yet to support it.

IT security regulations can prove to be a barrier to enabling storage in the cloud too. Some regulations either prohibit the feature entirely or enable only certain specific types for use.

The Right Choice for your data

Both cloud and local storage can provide further benefits to enhance your business. Audit logs, central backups, and version control can all be used to secure the way your firm handles data.

Whatever your situation, whether a small NAS can boost your office productivity, a local server can provide the connectivity missing from your firm, or cloud storage can switch on new resources, we can advise on the best choices for your business.

Give us a call at (515)422-1995 to allow us to use our expertise to make the right chose for your data.

How Losing a Mobile Device Puts Your Entire Business at Risk

by

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device is unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services are vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at (515)422-1995 and let us help secure your business.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy