A Recent Data Theft Shows Us What to Watch Out For
Trend Micro, the developer of the popular antivirus program, has attracted some unwanted attention after a former employee managed to steal customer data and sell it to scammers. These scammers then use this data to call Trend Micro customers. If you use Trend Micro’s antivirus solutions, you’re going to want to pay close attention to any calls you get.
We aren’t shy about informing our clients about the potential dangers of allowing access to more than an employee needs to do their job. This is a practical example of why we say that.
The (now former) Trend Micro employee was able to access more data than they needed to have. Trend Micro provided a pretty succinct explanation of the situation, saying that the employee was able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”
The perpetrator’s name has not yet been made public, but whoever they were, they were able to bypass Trend Micro’s internal protections.
Consider what it would take for a phone scam to really be convincing: really, if you were called by someone from “Trend Micro” who knew who you were and that you were a user of their product, you wouldn’t have much reason to doubt them, would you? The data that was up for grabs at Trend Micro contained much more information than that, making it potentially even more valuable to a cybercriminal or scam artist.
You Need to Watch Out for Unsolicited Tech Support Calls
As you might imagine, this scam has been around for about as long as there have been personal computers and is in no way exclusive to Trend Micro customers. Tech support scams have been used to target users for years, often profiling users by their age to find victims more likely to fall for the ruse. Combining this profiling with scare tactics and put-on urgency, the scammer is able to shock their target into handing over their credit card information or allowing the scammer to access their PC remotely.
It isn’t uncommon for these scammers to identify themselves as a member of some “Microsoft Windows support team” or another support company. If the targeted business is big enough, a scammer may just claim to be from the IT department.
This is why you have to be sure that all of your employees know how to have their technology support questions addressed through the right channels.
You Also Need to Keep Your Employees from Accessing More than They Need
Take a critical look at the permissions you afford your employees as far as your network is concerned. How accessible are the folders you store your sensitive information in, like a client’s personal data or financial information?
Best practices dictate that an employee only be given access to what they need to do their job, while common sense dictates that you can’t make an employee’s job too difficult for them, either. Striking a balance between the two can be tricky but working with your IT provider to establish permissions makes it far easier.
If you want to avoid potentially running into a similar situation as Trend Micro did, enforcing security policies is a step you need to take. Doing so should include access control to certain files and areas of your network, requiring MFA/2FA (multifactor/two-factor authentication), and quite a bit of planning to put it all together. However, if it keeps your data safe from threats (inside and out), it’ll be worth the damage control you get to avoid.
If you could use some assistance in securing your network and educating your employees about how scams can be identified, give VentureNet a call. Our professionals are here to help – call 214-343-3550 today.
Start Using Two-Factor Authentication Everywhere, Today
It can be easy to slack off when it comes to good password practices. Many users still use the same password across multiple sites and often don’t use secure passwords. Password managers make this a lot easier, but it’s really two-factor authentication (2FA) that can make all the difference. Strong, unique passwords are still important (not all accounts offer two-factor authentication) but let’s talk about why you should always enable two-factor or multifactor on all of your accounts when possible.
Getting into my programs or logged onto different websites has been easy enough by using a password management tool, especially since there are settings that can be enabled to remember a specific device. When logging on from a different device, my phone or email is immediately hit with a notification. It’s a PIN, and without the PIN there is virtually no chance of logging in. This might be annoying if my phone isn’t on me and I’m sent a text notification, but let’s be honest, I don’t go anywhere without my phone, it’s my most valuable tool.
So, you might have tried 2FA before or you might have been endlessly hitting the “ask me later” option that you are prompted with on new software that implemented the additional authentication measures. Whether you decide to use it or not there is one indisputable statement regarding this feature: two-factor authentication makes your accounts more secure.
What Is Two-Factor Authentication
Even if you haven’t used 2FA, you’ve probably seen it in action. In fact, many sites, like bank accounts, Google, and Facebook might force a type of 2FA on you. If you’ve ever logged into a website from a different computer and then received an email or notification on your phone that a login from an unknown location just happened – that’s two-factor authentication. Albeit, it’s the reactive version that doesn’t do much to prevent others from gaining access to your information. Let’s not rely on being reactive, and look at true two-factor authentication.
By definition, two-factor or multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two pieces of evidence to an authentication mechanism: knowledge, and possession.
Knowledge: This is your password. You’ve memorized it or stored it securely in a password manager. The idea is that only you know it or have access to that information. In events where you don’t know your password, some sites might also accept your full email address or phone number in order to reset your password.
Possession: This is something that you own and almost always have in your possession. This is typically your smartphone, but other methods might have you carrying around a USB thumb drive or an electronic key that generates a random number.
The instantaneous code that is sent provides one more feature. It acts as an informant. If somebody were to log into one of my accounts with my password, I would find out instantly. Even then, they wouldn’t be able to get the PIN from my text message or authenticator app to finish the login process. This tells me I should change my password immediately, but otherwise my account should be safe.
Don’t Assume You are Safe
Enabling two-factor authentication won’t entirely protect you from threats or breaches. If you have two-factor set up on Facebook, Facebook can still get breached and passwords could be stolen. We see this happen all the time, with high profile attacks on large online entities stealing millions of records in a shot.
Following the other password best practices, like using strong passwords and never using the same password on two accounts is critical.
Recently, we saw the launch of Disney+, and it was reported that several thousand users had their brand-new accounts hijacked within hours of the launch of the service. This wasn’t because Disney was hacked; hackers just attempted to log in to steal accounts with emails and passwords they already had from some other data breach.
Phishing attacks are plaguing millions of inboxes every single day. These attacks replicate the website in which they are impersonating, with a realistic login screen. Users are tricked to go there, fill in their information, and the credentials are directly sent to the cybercriminals.
As previously mentioned, 2FA isn’t the fix-all to cybersecurity. It does however put one more step between you and an ill-willed cybercriminal. VentureNet has many more tips to help your business become more secure. If you would like to talk to one of our experts, give us a call at 214-343-3550.
Speed Things Up with Solid State Drives
Using a slow computer can be very frustrating; and, since there is a laundry list of things that can cause your computer to slow down, you may have a difficult time troubleshooting the problems. Slow computers can be filled with viruses or malware, they can have too many applications running in the background, or they could just be getting old. If your computer is relatively new and in healthy condition, but is starting to slow, one upgrade can make a big difference.
Update the HDD to an SSD
The hard drive of the computer is used to store data. Most of the computers built today come with what is called a hard disk drive (HDD). That is the type of hard drive that has been found in computers since the launch of the PC in the 1980s. These drives tend to do fine at first, but over time they can degrade as they are written to (and written over) several hundred times. Today, there is a powerful alternative option, the solid state drive (SSD).
The HDD works by storing data on very thin magnetic platters. These platters are stacked on top of each other and spin at a rate of ~7,200 revolutions per minute. A magnetic head reads and writes data from the spinning disk, much the way a record player plays a vinyl record.
Since there are so many moving parts, it takes a bit for the drives to spin up, for the head to find the data, and then read the data for transmission. This happens very quickly, but as time goes on, it takes longer and longer.
Alternatively, solid state drives have no moving parts. They store data electronically, and as a result, they work efficiently at reading and writing data. They are also more energy efficient, faster, and if used in the same way as an HDD, they tend to last longer.
So Why Don’t Manufacturers Build Systems with SSD?
Simply put, cost. SSDs are slightly more expensive than HDDs, and manufacturers, looking to profit from computer sales can sell more units if they are priced more modestly. SSDs also don’t typically support the large capacity needs of some business computers.
The price difference between HDD and SSD is noticeable, but the gap is shrinking. Only a short time ago, if you were looking to build a dozen computers for your office, you would have to choose HDD because the price difference would have been significant. The difference today, however, is negligible. Moreover, the performance increase that SSD brings will speed up computing, making things more efficient. One problem with SSD is that if you need high capacity hard drives, SSD drives with multiple terabytes on them are still much more expensive than comparable HDDs, but that only starts to affect users who need to store a massive amount of data on their PC, like video editors and gamers.
How Much of a Difference Can SSDs Make?
The results you will see will vary based on the device’s hardware profile and the software that is being run on it, but we can provide an existential example:
A PC that was bought four years ago with a traditional HDD took about 48 seconds to get to the login screen when booting up. It then took an additional 80 seconds before the user could get to their email.
Our technicians migrated all of the data to a new SSD, and the boot time (to the login screen) went down to 12 seconds. After logging in, it took about 20 seconds to get into email.
It’s Time to Upgrade
If you are looking to improve your business’ efficiency, upgrading the technology that your staff uses to get things done is a good investment. Call us today at 214-343-3550 to learn more about how solid state drives can help your business get ahead.
The End Has Come for Windows 7
On January 14th, Microsoft pulled the plug on both Windows 7 and Windows Server 2008 R2. If your business still has to move away from this software, you need to act quickly. The consequences for not moving away from these titles can be absolutely dire for your business, and the risks will only increase with time. Let’s take a look at your options.
Option 1 – Purchase Upgraded Hardware and Migrate Your Data
This may not seem desirable (or possible), but with support ending for these titles, you will need to do your best to upgrade away from your current infrastructure. One real problem you are going to face is that the expedited nature of any migration will almost certainly cost you much more than if you would have upgraded months ago.
While Windows 7 and Windows Server 2008 R2 will still work, they are no longer supported. This means that any crucial security updates and software patches that are needed will no longer happen, leaving any vulnerability wide open for hackers to exploit.
If your organization simply cannot afford to purchase new hardware, you may be able to at least upgrade to a supported platform on your endpoints. The minimum specifications that Windows 10 needs to run on a workstation are:
- Processor – 1 GHZ or faster
- RAM – 1 GB for 32-bit or 2 GB for 64-bit
- Hard disk space – 16 GB for 32-bit or 20 GB for 64-bit
- Graphics card – DirectX 9 or later with WDDM 1.0 driver
- Display – 800 x 600 resolution
Realize that this is the minimum, so don’t expect the system to run efficiently if these are the specs of your workstations. We recommend at least a 2 GHz dual-core processor, supported by 8 GB of RAM, and a hard drive with at least 160 GBs of space.
Option 2 – Virtualization
Another option is that you can migrate your data and processing to the cloud. This option will also be costly, but it’s much more cost-effective than purchasing new hardware and software for every machine at the last moment. Businesses have begun to leverage virtual machines in cloud-hosted platforms such as AWS and Azure rather than hosting their infrastructure in-house.
This also eliminates the need for huge computer upgrades as each end point you depend on can run as thin clients. The cloud-based system may not save you money in the long run, but being able to pay for your IT improvements as an operating expense rather than a huge capital expense, especially considering the lack of time you have before the software becomes unsupported, is a huge win.
Option 3 – Microsoft 365
Sure, Microsoft 365 won’t solve your major Windows Server 2008 R2 problems, but it can be a great option if you really need to maintain productivity AND upgrade. Microsoft 365 provides users and administrators the tools they need to conduct business. It features Windows 10 for Business, the Microsoft Office 365 productivity suite (including Microsoft Teams, Outlook email, and OneDrive storage space), and customizable security tools that allow you to retain control of your organization’s data. By being able to get all the tools your team needs on such a short schedule, you can maintain productivity while you figure out your next move. Heck, you may like Microsoft 365 and choose to keep it as a core part of your productivity strategy.
The time is now to upgrade. Reach out to VentureNet today at 214-343-3550 to talk to one of our knowledgeable consultants and let us help you figure out how to get past this looming deadline before your entire business is in jeopardy.
Training Has to Be a Big Part of a Cybersecurity Strategy
Do you know those horror stories you catch every so often where a huge business has their network hacked and millions of their customers and employees have their personal and financial information leaked onto the dark web? Your organization isn’t likely as big as theirs, but regardless of how much money, people, and diverse revenue streams an organization has, having its network breached and its customers’, or its employees’, information strewn about over the dark web is not an ideal scenario.
The problem is that you, like these enterprise businesses, spend huge percentages of their available IT budget on security. So why is everyone dealing with this problem? It’s simple: It only takes one mistake to put everything at risk. More precisely, all it takes is one person falling for a phishing scam or one person that has a too-easy-to-guess password to make big problems for your business. That’s why it is important that you give each employee the knowledge and tools necessary to keep your business secure. Let’s take a look at some tips you can use to do so.
The first thing you should do is understand that anyone can be the weak link of your business’ security chain. Hackers have strategies that aim to target any level of your business, from your custodian to the CEO, and in order to stay secure, everyone has to receive the same knowledge and complete the same training. The only way to gain any confidence that you aren’t going to be the next business dealing with ransomware or a top-to-bottom data breach is if you know that you’ve prepared your people properly.
The security culture is not all that difficult to implement, in theory, but as we stated above, all it takes is one. This means that in order to put together a security training platform that works for everyone, you need to include everyone in it, and keep at it. Many times, an organization that falls victim to an attack has a thorough cybersecurity strategy in place, but complacency takes over. In order for people to work diligently to keep your company’s data safe, you need to make everyone aware that it is always under attack.
Meet Potential Problems with Solutions
Many times decision makers make the mistake that they can control everything. When it comes to security, however, there is almost assuredly people that know better. These security professionals, like the ones at VentureNet, deal with IT security every single day. As a result, they know exactly what needs to happen to keep your business secure. They know what training materials work, they know what antivirus and firewall to use, they know a lot more than you do about how to keep business’ IT free of downtime, and secure.
These professionals will ensure that all software systems are patched and up-to-date. They have worked with business-class software that is priced in a matter commensurate with its effectiveness. By hiring someone to come in and handle your in-house security infrastructure, you will be giving your employees all the tools needed to keep your business secure and working efficiently.
Create Policies that Eliminate Risk
In order to promote a secure network and infrastructure, the way that employees interact with their technology needs oversight. You need to put in policies and procedures that actively address the security needs of your company. This does two things: First, it gives your staff a set of very clear dos and don’ts. If these rules are broken, there needs to be repercussions. This way, if a threat is present, individual judgment is eliminated, and there is a unified response. You can’t be afraid of adequately preparing for security problems.
Some policies you will want to confront include:
- Acceptable use
- Phishing and spam
- Passwords and access control
- Multi-factor/Two-factor authentication
- Mobile device management
- Internet of things monitoring
- Remote access
- Incident response
- Business continuity
- File and media destruction
- Physical security
Moreover, physical security is a big part of keeping your business free from outside threats. A business needs to have a good physical security system that includes security cameras and end-to-end access control to ensure that all onsite assets are looked after.
Finally, there has to be understanding that even if you’ve implemented a strong training system that actively keeps users engaged in the security of the company, there is always the threat that someone that already has access will use it nefariously. That’s why some businesses are considering security right from the first interview. If your new hire isn’t genuine enough to gain the interviewer’s trust, then he may not be a good fit at an organization where it only takes one lapse to ruin things.
If you would like to talk about your business’ security strategy, or if you want to put in a strong training platform and don’t know where to start, contact the IT professionals at VentureNet today at 214-343-3550.
Deploy IT with a Purpose
As information technology becomes commonplace in nearly every business, it stands to reason that some businesses will put pressure on themselves to get some of the most innovative tools available. On the surface, this seems like a great idea, but just because a piece of technology exists, doesn’t mean it will help your business right now. We thought it would be a good time to take a look at some strategies that will help you build the technology your business needs to see a positive return on those investments.
Before we start, we should identify the parts of the business where IT is typically deployed. The purpose of IT is to make operations more efficient, allow for collaboration, automate simple aspects for cost reduction, protect business against disaster and more. The most important role that IT has in any business is as a worker interface. Most workers today are proficient with digital systems. This creates a nice standardized working experience in which people can get more things done and collaborate more effectively.
This seems like a great situation: You get more out of your workers and streamline your processes. It’s not so cut and dry, however. Many small business owners contend that investments in technology often fail to meet the expected ROI. The reasons include:
- Ongoing maintenance costs
- Payroll considerations
- Faster-than-expected obsolescence
- Upfront costs make rapid ROI impossible
- Solution complexity
- Lack of reliability
So, with these variables causing businesses to rethink their technology investment strategies, how can decision makers work to ensure that their organization sees a dependable return on their strategic technology investments?
First, an organization’s decision makers will want to have realistic expectations of the technology they plan on implementing. There’s a growth period to the use of any technology, and often it is sold as a solution to a problem with no mention of the adjustments that would keep the solution from immediately returning a strong ROI.
Secondly, you need to take a hard look at your operational effectiveness as it is and ask yourself if you are looking to technology investments because they can help bring better profitability; or, because leaning on innovative new technologies isn’t as prudent as working to upgrade the technology your organization already depends on. Occasionally, decision makers will overlook practical changes for more dynamic ones, leaving decisions that could have a better ROI wait for more innovative, and less effective tools.
Lastly, there are options available today that are designed to limit your organizational cost while providing the value any business can use. Cloud-based services such as Infrastructure as a Service, Software as a Service, and hosted communications solutions can really make adding powerful computing resources easy. The value of paying monthly for only what is used can boost the return of a company’s technology investments substantially.
What Is the Purpose?
Upgrading for the sake of upgrading is nice, if the business can afford to do that; but, realistically, what business can? It’s important that each piece of technology helps an organization meet its goals. Are you considering expanding your data analytics platform to get more concrete answers about your business? Will investing in a more dynamic communications platform save you money by using your company bandwidth rather than paying for a business telephone system through your local telephone provider? Will integrating an end-to-end management software save enough time and money to improve customer-facing services and support?
Ultimately, there are hundreds of business technologies out there that promise to improve a business’ ability to function efficiently. What the small business owner or decision maker needs to ascertain, of course, is how will the investment in a particular technology serve to accomplish this. Once an inefficiency is identified, the purpose of an investment in technology is to make that more efficient. If a decision maker can deploy technology that effectively eradicates the stated problem, the solution will ultimately be worth it.
There is a lot of technology out there that could potentially help your business, and the IT professionals at VentureNet can help you strategically deploy solutions for your business’ most glaring operational problems. Call us today at 214-343-3550 to talk to one of our knowledgeable consultants and we’ll get you started on improving your business through the deployment of technology today.
Even If You Don’t Hear About Small Business Breaches, They Happen
If you have a bank account or a credit card, chances are you’ve been made aware of a hack or a data breach. Big organizations are more frequently being breached, forcing them to run damage control for the often millions of customers affected. News coverage often bashes these big organizations, but what about smaller ones? The truth is, smaller businesses are breached just as often, with the consequences being just as severe.
Does Your Business Really Have to Worry About Data Breaches?
When the news reports a data breach or large-scale cyberattack, the event in question is usually one that has targeted an astronomical number of people, or has created difficulties that are undeniably newsworthy. How often has the national news reported a breach in one of your local Mom and Pop shops, as compared to entities like Equifax or Capital One?
Obviously, it makes sense that these small-scale attacks don’t often hit the national news cycle… after all, the Equifax breach compromised the data of 40 percent of Americans. However, in the month of July 2019 alone, there were approximately 2.2 billion records leaked over an assortment of 27 different cyberattacks. That’s about a quarter of the world’s population – not accounting for overlap between the information accessed.
Now, you may be wondering, how do these major breaches influence your business? Well, I’d like you to consider how many employees (out of a total of 49,000) Capital One has dedicated to its cybersecurity and data theft prevention? While I don’t have the official number to give you, it’s a pretty safe bet that it’s more than the average small business in Dallas.
Why Small Businesses are Vulnerable
As a result, a cybercriminal generally finds it much easier to access a small business’ network, and while the gains to be had are significantly smaller than they would be to hack into a global enterprise, many cybercriminals prefer to take the “larger amounts of smaller payouts” than the “more challenging single payout” option.
It’s no wonder, either…nearly 40 percent of small businesses ultimately pay up when faced with ransomware, and a single person’s personal information can be sold on the Dark Web for anywhere from $1 to a thousand times that… all depending on how much of their data was stolen. How many records like this do you keep on your customers and employees? It doesn’t take very many to make it worthwhile for a cybercriminal to steal them.
Many Attacks are Random
Chances are, if you were to be targeted right now by some kind of online threat, it would probably be more due to bad luck than it would be due to a concerted effort against you, specifically. Many of today’s biggest cyberthreats are the ones that can spread independently – things like phishing, malware, and trojans. Once a system is infected, the threat can spread via a network connection or an email.
While these threats have largely become obscured by the more newsworthy breaches, they are no less dangerous to a business.
How Can My Organization Protect Itself without an Enterprise Budget?
Smaller organizations do have one considerable advantage over large enterprises, like the 49,000-employee Capital One: fewer employees means fewer points of entry for a cyberthreat. You need to be sure that each employee, each piece of technology, every access method, and too many other factors to list here are all properly secured. The smaller size of a small business makes this a much more manageable goal.
How to Secure a Small Business
- Deploy the basics: protect your organization with centralized antivirus and antimalware, keep an updated firewall, maintain content filtering and intrusion detection solutions, use a spam blocker, and keep everything patched and updated.
- Comprehensive monitoring: this helps to catch issues early before they become major problems.
- Employee training: educating and evaluating you team will help prepare them for dealing with real threats they encounter.
- Compliance audits: based on the industry you operate in and the data you retain, you need to be sure you are abiding by established security standards.
- Data access requirements: enforcing things like Bring Your Own Device policies and password guidelines will help keep company data secure.
- Backup and disaster recovery: in the case of a data disaster, you will want to be able to restore your business’ data from a backup and continue operations.
While this isn’t a one-size fits all list, a business of any size should use these practices as a least a starting point for their IT security. If you want more help in keeping your business secure, reach out to VentureNet. An IT security audit and the right solutions are just a call to 214-343-3550 away.
How Google is Trying to Make Passwords Easier and Better
Common opinion more or less states that passwords aren’t so much “necessary,” as they are a “necessary evil.” The best practices that are recommended to maintain the efficacy of passwords today can certainly feel excessive – which tempts many users into ignoring these practices, to the detriment of their security. Fortunately, many large companies – like Google – are trying to make passwords easier to manage.
What Is Password Checkup?
Consider how common weak passwords (things like “abc123” or “QWERTY” or “password”) are, even after the vulnerabilities that passwords like these can present have been so clearly demonstrated. There are entire lists available online discussing how common these kinds of passwords are. A whole 66 percent of surveyed Americans confess to using – and repeating – weak passwords across accounts.
Many tools have been designed to help fight these tendencies, like the password managers that many different designers have tackled – including the team at Google. One major step to accomplishing this goal was to introduce a built-in password manager to a user’s Google account and Chrome browser. Not only does this option eliminate the need for a user to remember dozens of different passwords, it simply makes them more convenient to input.
However, this didn’t really stop users from resorting to sub-par passwords, so Google has released another new feature, incorporated into its password management solution, to help users maintain proper password security. This feature is known as Password Checkup.
What Does Password Checkup Do?
Password Checkup examines the passwords that you have saved to your Google Account and confidentially analyzes them for common issues, like:
- Involvement in a security breach – Has one of your passwords been exposed in a third-party breach to attackers?
- Password reuse – Is a password repeated across different sites? Instead of one account being breached, this opens multiple accounts to easier misuse.
- Insufficient password strength – How easy would someone find it to guess your password, with just a little bit of online digging to inform them?
As a result of these checks, Google can inform users when a password needs to be changed – and these alerts will also pop up in context.
This feature was made available as an extension of the Chrome Web Store in February of 2019. However, due to the importance of security, its features have been directly integrated into Chrome and Google accounts.
You can use the new password tool by going to https://passwords.google.com while logged into your Google account.
How Else Can I Improve My Passwords?
There are numerous methods that can be used to increase the security of your passwords, in addition to relying on a tool from Google. For instance:
- Consider Using Passphrases – Passphrases are an alternative to passwords that have shown to be effective security measures, while also being more memorable to a user. Rather than trying to remember a series of random letters, numbers, and symbols, a passphrase requires a user to remember a pattern of disparate words with no context to connect them. This is inherently easier to remember, as you can create a reminder that gives you enough context to recall your passphrase.
So, let’s say you picture a census taker reclining on a couch, smiling as he slurps down some minestrone. This image could be your reminder for a passphrase like “PollSatisfiedLoungeSip.”
- Switch Out the Digits – Once you’ve created a passphrase that you are happy with, you can always incorporate some other password complexity tricks, like substituting different characters for others. So, returning to our example, “PollSatisfiedLoungeSip” could become “P0!!Satisfi3dL0ung3$!p.”
- Add Details – As the time comes to update your passphrase, you may consider simply adding a detail to your imagined image. Perhaps our census taker specializes in automotive data, making our updated passphrase read: “Vr00mP0!!Satisfi3dL0ung3$!p.”
Passwords are one of the most basic fundamentals of your business’ data security, which means you have to be sure that they are able to hold their own against the many means out there to undermine them. VentureNet can help you to accomplish this, and many more elements of your business IT’s security and functionality. Call 214-343-3550 today to learn more.
Data Privacy Issues You Need to Confront
Data privacy is the kind of issue that people don’t ever want to deal with. In fact, many of the organizations that we come in contact with have a lot of personal data on file, and some of them (even some of the most reputable) are at risk to have that data stolen from them. This month, we’ll go over what constitutes personal information, why it is constantly being targeted for thefts, and what you need to do to keep your personal information as secure as possible.
Personal data refers to all information that identifies an individual. The typical info includes:
- Full Name
- Phone Number
- Email address
- Social security number
- Biometric data
Today the exposure to risk for individual data loss is higher than ever before. This is because more organizations have access to this data. Think about how many businesses ask for your personal information when you first sign up for their service. You may not think anything of it at the time, after all they are reputable and won’t lose it, until they do.
Control Over Personal Data
Since every transaction you make online involves handing over some form of personal data, you need to understand the basics of data privacy. Not only because it will help you keep your own information out of the hands of people who are looking to do ill with it, but because it will give you a better perspective of the blowback that can happen when a business is careless with its customers/employees data.
The truth is that you can’t really trust companies to protect your personal information. In Europe, the EU has made significant strides to ensure that people’s private information is being protected, but in many parts of the world, it is on the company to protect it; often with disastrous effect. This is why you have to be mindful of who you provide this information to, and how you monitor it.
The statistics suggest that people are at least getting more skeptical about how companies are using their information, but it doesn’t seem to be doing much good in the practical sense. People are continuously willing to distribute their information with the confidence that the data will be compromised by the companies they give it to. Less than a quarter of surveyed respondents say they believe companies are doing enough to protect their information, while 10 percent believe that they maintain control over their own personal data.
The strange thing about these numbers is their correlation to what consumers want. 92 percent of surveyed consumers said that they absolutely would love to have control over their personal data; and, 87 percent would like to be able to remove personal data from the Internet if it negatively affects their reputation.
Problems and Solutions
It would be easy to say that the solution to deal with data privacy is just being diligent about the people that you give your data to, but it’s not really that simple. The best way to understand what practices help promote the security of sensitive data is to look at the threats. They include:
- Phishing Attacks – Right now, there is no attack vector more common than phishing, which relies on a user to fall victim to a legitimate-looking email. Some of the most recent high-profile cyberattacks started with a phishing email.
- Vulnerabilities in applications – Data breaches are often caused by software that isn’t updated with up-to-date threat definitions. This problem can happen to any organization that isn’t diligently updating the software it uses.
- Poorly trained workers/sabotage – You wouldn’t believe just how many massive data breaches are caused by the people that a business depends on the most. If your staff isn’t properly trained, or you have disgruntled employees that have access to sensitive information, those situations could end poorly for you.
- Lack of response – Even if you have all the security you need in place, breach is still a possibility. That’s why it is crucial to be prepared in the event of a breach that your organization has the tools and expertise to mitigate the situation before it becomes a problem.
- Refusal to dispose of data – Your organization may find the data it takes in useful for multiple reasons, but if you sever ties with customers, vendors, and staff, it is your responsibility to securely dispose of their personal information. A failure to do so in a timely fashion could lead to a negative situation. Get rid of the data you no longer need, especially if it contains sensitive information.
- Collection of unnecessary data – If data is a form of currency, it stands to reason that it will be shared between companies. If you don’t need the data, however, why do you have it? Possessing data you don’t intend to use–or don’t need–can lead to losing track of it.
Much of the problem organizations have controlling the sensitive information that they obtain comes from a lack of understanding of the data that is in their possession, the lack of effort to properly protect that data, or the use of the data for purposes that aren’t explicitly outlined in their agreements. Without a diligent approach to keep sensitive data away from hackers, there is a good chance that your organization will have to confront these issues in an arena that is a lot less attractive than one you can control.
Add Cybersecurity Best Practices to Your Next Hire’s Training
Growth can be very exciting for a business. It generally means that all the hard work that has gone into getting the business to that point has paid off. For some in your organization however, it can be a very stressful time. This is because once you commit to pay new employees, there’s some pressure to get them up to speed quickly. After all, what are you paying them for?
By slowing down your training process and making sure to touch every element of the new staff member’s responsibilities, including security, you can be confident that your new hires won’t be more of a detriment than the benefit they’ve been brought on to be. Let’s identify some security-related training items that you absolutely have to touch when onboarding new employees.
Keep It Clean
The first element that you want to train your new hires on is a simple one and will actually benefit everyone: Keeping a clean workstation. We all have worked with that one person that has stacks of paper, old coffee cups, and other trash taking up the majority of their desks. You may be thinking, why does keeping a clean desk benefit the organization? Mainly because it is easier to find things if they are filed in the proper place, but also because people who don’t keep a tidy workplace have a tendency to leave sensitive information out in the open. If anyone that walks by has access to work documents, there is a good chance that there is going to be some information left exposed that could, if used by someone outside the organization, become a major problem.
If it is explained, as a part of the onboarding process, that your business has a Clean Desk policy–in which it is expected that any documents that have any potentially sensitive information be filed away from public view–it will go a long way toward ensuring that passersby won’t have access to that information. Under a Clean Desk policy, all sensitive or confidential information has to be removed from public view at the end of each day.
Bring Your Own Device Policy
Most people won’t think much of bringing their phone anywhere they go; and, the modern business can use this ubiquity to their advantage. Before that can happen, however, the new staff members have to be on board with your Bring Your Own Device (BYOD) policy. The purpose of your BYOD is to secure the use of personal devices on the business networks. This policy also includes all Internet-connected devices like smart watches, music players, and the like. Since each device carries with it the possibility of threat, choosing which devices you want to support on your network is the first step. Remember, it’s not necessarily about totally restricting personal devices, it’s about establishing policies to protect company data when personal devices are present.
As far as training goes, you will inform your new hires that your business has a very serious BYOD policy that they can accept or deny. If they choose not to participate, their devices will not be available on the organization’s network. If they opt in (which many begrudgingly do) they will gain access to company resources, while giving the organization the ability to manage the use of business files, applications, and access on the device. All new hires need to understand that their use of business resources from that device could be monitored and managed by network administrators. You’ll want to explain what you, as the business owner, can and cannot do, and that is not to invade their privacy (you don’t want employees thinking you can read their text messages, and they WILL assume that if you aren’t careful).
Managing data is a big deal for nearly any organization, and during the onboarding process it should be brought to new hires’ attention. It is their responsibility to file digital data in the proper places. If your organization doesn’t do a good job informing new hires exactly how they go about managing their internal data before deploying them to do a job, there is a good chance that data that belongs in one place will be filed away in another. It has a negative effect on the overall efficiency of the business.
Nowadays, using removable media in business is inadvisable. Most businesses have network attached storage and cloud computing resources that they can use to transfer information. If an employee were to have to use an external media source it would have to be one provided by the company. Any other removable media should not be brought into a business.
Chances are that any worker that is using a computer for work, will need to be taught how to interact with online resources, including email and social media. As far as risk, access to the Internet for a new employee is right up there with giving them hazardous materials to dispose of. Even the most seasoned Internet users can fall victim to phishing attacks or other malicious entities on the Internet, so for the uninitiated, it is important that they understand just how critical it is to be vigilant in the face of unrelenting threats. Before they are unleashed, they should have to prove that they:
- Understand phishing tactics – Phishing is the number one threat to any business right now. Phishing, a social engineering tactic that aims to gain authorization to network resources, can result in data breaches, malware, and more.
- Shadow IT – New hires should understand that network administrators handle the downloading, updating, and deleting of software, not employees. The better they understand that any unapproved application could be the one that puts a business in danger, the more likely they will be reluctant to go ahead and try to download unapproved software on their company workstations.
- Social media – Having a social media training program that makes them understand that their social media use in the workplace should be commensurate with their social media-related tasks, makes sense for any business.
- Email scams – Besides phishing (which we can’t stress enough is the most prevalent problem facing the modern business), spam emails are a threat as routing through them wastes time and hinders productivity.
Since employees play an important role in your business’ success, when you onboard some new ones make sure that they won’t be the ones that reverse that trend. If you would like help from our IT experts at VentureNet, call us today at 214-343-3550.