Why Two Factor Authentication Should be a Requirement for SMBs in 2017

Two factor authentication is gaining popularity quickly for good reasons. This technology makes it much more difficult for hackers to gain access to accounts, thus providing business owners with more security and peace of mind. In addition, two factor authentication is inexpensive and easy to use.

What is Two Factor Authentication?

Two factor authentication is a form of identity verification that requires the user to prove his or her identity in two different ways when logging into an account. In most cases, one factor is the user’s password and the other is a physical object, such as a specific computer, mobile phone or token. When logging into an account, the user will first be asked to provide his or her password. Next, the second factor will be verified. If either of these factors is missing, the user won’t be able to log in.

Why is it Important?

Two factor authentication makes it more difficult for malicious individuals to access accounts than don’t belong to them. In today’s world, hacking tactics are highly effective, and usernames and passwords just aren’t enough protection anymore. Some of the benefits of two factor authentication include:

  • Better security – Perhaps the most obvious benefit of two-factor authentication is better security for your company, your employees and your customers. With this technology, the chances of a hacker breaking into your system are much lower.
  • More peace of mind – Knowing that your accounts and data are well-protected provides you with peace of mind, allowing you to worry less and focus more energy on other tasks.
  • Cost effectiveness – Two factor authentication is not expensive or difficult to implement, making it a cost-effective choice for businesses.
  • Protection for your business – Nothing ruins your business’s reputation quite as quickly as a security breach. If a breach compromises your customers’ data, you have to inform them and take steps to protect them from harm. Not only is this costly, but it can also cause you to lose business. Two factor authentication makes these breaches much less likely, which reduces the chances of an embarrassing situation.
  • Guarantee of employee involvement – Implementing two factor authentication in the workplace necessitates employee buy-in, thus ensuring that every employee’s account is protected. When two factor authentication is required, employees must use something for their second factor. This means that even employees with weak passwords or a propensity to share passwords will have a reasonable amount of account security.

Implementing Two Factor Authentication

Because of the benefits of two factor authentication, as well as the ever-increasing threat of security breaches, two factor authentication is highly recommended for both businesses and individuals. Some people complain that two factor authentication is more cumbersome than simply inputting a password. However, this is a small price to pay for extra security. Even though it may take you a little more time to log into your accounts, hackers will have much less success when they try to break in illegally. If you aren’t already using two factor authentication to protect your company, it’s time to make this technology part of your everyday security protocol.

Key Takeaways

  • Two factor authentication is a form of identity verification that requires the user to prove his or her identity in two different ways.
  • Two factor authentication offers several benefits that make it a good tool for businesses, including better security, better peace of mind, more employee involvement and cost effectiveness.

Security Services

How to Properly Manage Your Default Passwords

Whenever you purchase a new piece of IT equipment – be it a router or a Wi-Fi extender or something else entirely – it usually comes with a default password already set by the original equipment manufacturer. This is for your convenience – a product with some type of password is always better than one without.

However, it’s far too easy to forget about these passwords or to leave the default passwords on a machine or device for an extended period of time. It’s far too common, too, leading to severe security issues in place from the moment you get something up and running.

Default Passwords: The Problem You Face

If a hacker has access to a username on a machine, they have 50% of the information they need to get into your system. They can either get the username through a phishing attempt or through similar means, or if you have left the default username in place, they already have it. If the default password on your device was never changed, that same hacker now has 100% of the information they need – all without you even realizing you have a problem.

What To Do With Your Default Passwords

In order to prevent the type of devastating data breach that can bring even larger organizations to their proverbial knees, it’s important to always follow a few key best practices. First, you should always randomize your user names – they’re just as important as your passwords, which means they should also be just as complex as your passwords.

Next, take steps to randomize the passwords themselves. The consequences of failing to do this cannot be overstated enough, so you should always use very complex passwords even on seemingly innocuous devices. Remember that any device connected to your network – no matter how small – is a potential vulnerability just waiting to be taken advantage of by someone who knows what they’re doing. It is of paramount importance that you do not give them that option.

Another step you can take is to use two factor authentication. Because two factor authentication (2FA) requires more effort to log on, it is much harder for anyone that wants to break in. They would need not only a user name and a password, but physical access to a device like a cell phone as well. The changes of this person having all three of these core pieces of information is slim, which is why this is always a step worth taking.

In the End

Default passwords were designed for your convenience, but if they’re left in place for too long they could cause a chain reaction from which you may never recover. Always change your default passwords as soon as possible after you procure a new piece of equipment and take steps to randomize passwords, user names and use two factor authentication for your continued protection moving forward.

Key Takeaways:

  • Default passwords can be exploited if you’re not incredibly careful.
  • You should always change your default passwords immediately after adding a new device or other piece of equipment to your network.

Security Services

Why CEOs Should Care About Business Continuity

Most CEOs understand the importance of business continuity and data recovery.

But not all business leaders have reached a level of concern sufficient to ensure reliable IT security and data protection.

With mission-critical functions increasingly reliant on the Internet and information systems, CEOs should care about their data integrity for a number of reasons.

Business Continuity Depends on Data

Few modern organizations could operate today without their critical data, so ensuring continued access to information and applications at all times is imperative. By evaluating an organization’s capability for restoring IT functions following a disaster, a CEO takes an important step toward establishing a solid business continuity plan.

Effective business continuity planning should consider the entire business, with a goal of developing the capacity for quick recovery from any calamity. Many business continuity policies begin with a risk assessment and analysis of overall operations to uncover weaknesses. Disaster will inevitably happen; it’s how a business responds that matters most for continuing operations.

Off-Site Backups Are Critical

Few businesses today fail to execute some form of data backups. But for too many businesses, the buck stops with on-site backups — which can be destroyed easily by a flood, fire or other disaster. CEOs should consider off-site backups non-negotiable; in the past, tape backups often routinely went to a separate location. Modern business continuity plans more often involve running applications from virtual servers and cloud services.

Running applications in the cloud as crews restore on-site equipment and systems now is considered the gold standard in business disaster recovery. CEOs must ensure that their organizations use modern technology that helps prepare for every contingency. Backing up data and ensuring business continuity constitute different tasks, and CEOs should attend to both.

Downtime Comes with Significant Costs

For most organizations, a loss of access to critical data and applications directly affects productivity and revenue.

Restoring data from a local backup can take a full business day or longer and can cost organizations tens of thousands of dollars in lost productivity and sales. By establishing modern business continuity and data recovery systems, CEOs give their organizations the ability to keep operating — seamlessly — from duplicate applications and data on virtual servers.

Many ‘Disasters’ Are Routine

A significant portion of business “disasters” don’t make the evening news. Interruptions in business operations often result from everyday mishaps like hardware damage, deletion of data and incomplete IT security measures. Employees can compromise networks by using public Wi-Fi systems, and viruses and attacks can interrupt operations as well. Human error may be unavoidable, but a sound business continuity plan can keep an organization up and running.

IT Planning Plays a Key Role in Business Continuity

In business, disasters happen — and they’re often manmade. By establishing off-site backups, cloud services, and virtual servers, CEOs help disaster-proof their organizations to ensure business continuity.

Key Takeaways:

  • While most CEOs grasp the importance of business continuity, many fail to implement sound procedures for data protection and IT security.
  • Even a brief loss of access to critical applications and data can significantly impact business operations and revenue.
  • In many cases, everyday problems like data deletion and poor IT security result in loss of business continuity.

The Most Important Thing to Avoid Getting Compromised in IT

You’ve just spent a huge amount of money completely overhauling your cyber security, making sure that every last vulnerability (that you could find) has been taken care of. You’ve invested a lot of time and effort getting everything up to date, making sure that your employees always have the latest versions of all applications to work with. Despite this, you’re still dealing with a compromised IT situation and all of that effort appears to have been for nothing.

So what happened? Simple: someone probably clicked on a link in an email they shouldn’t have.

Email Can Do More Harm Than Good

Say you get a link in an email from your bank. You’ve received dozens (if not hundreds) of different emails from your bank over the years and, at first glance, nothing appears too out of the ordinary with this one. You’re being asked to provide more information to make your account more secure – sounds like you should probably do it, right?
Wrong.

Unless you’re absolutely sure you know that the sender is legitimate, never click on a link in an email under any circumstances. Phishing emails like these are incredibly common and can appear absolutely authentic, even under careful scrutiny. Instead of making your account more secure in this case, you’ve just accidentally compromised it – you’ve handed your login information over to hackers in gift wrap and a bow, basically.

Now, consider the implications if the exact same thing had happened with an email you assumed to be a business associate? What type of damage could the same compromised IT situation cause to your entire business?

Staying Protected Means Staying Proactive

In the 21st century, there is absolutely no reason why you should be clicking on a link in an email. You already know how to access whatever information is being requested of you through alternate means. If you get an email from your bank, go directly to your bank’s home page. If you get an electronic bill, go directly to your provider’s page.

Right click on a link to see exactly where it is pointing – Is the link actually going to send you to the location you thought it would?

You can have all of the security measures in the world in place and it won’t mean a thing if a single employee clicks on the wrong message in the wrong email. If you had to make a list of the vulnerabilities all organizations have, this would undoubtedly be right at the top.

Clicking on links in emails is one of the key ways that ransomware attacks occur – they’re almost always initiated by the user on the network. In this case, education is everything – you need to make sure that your employees not only understand the dangers they face but the very real consequences that can occur by making the wrong move in the digital world in which we now live.

Key Takeaways:

  • Never, under any circumstances, click on a link in an email. Always find a way to get the same content through alternate means.
  • Ransomware is almost always initiated by a user on a network – usually one with too many permissions and rights – and clicking on email links is one of the prime ways these attacks occur.

TeslaCrypt: One Less Ransomware to Worry About

If you had to make a list of all the truly serious threats facing Internet users today, ransomware would undoubtedly be right at the top.

Ransomware is a specific type of malware that encrypts either some or all of the files on a user’s hard drive, holding them for ransom by third-party attackers. Recently, a particularly nasty strain of ransomware called TeslaCrypt was neutralized for all time – though not in a way that you can necessarily count on happening again at any point in the future.

What Was TeslaCrypt?

TeslaCrypt was a specific type of ransomware that was first detected in February of 2015. It was primarily aimed at computer gamers and was unique because of the specific types of files it targeted. It didn’t encrypt files that were larger than 268 MB in size, but it didn’t need to as it was specifically going after things like game saves, user profiles, replay videos and more. The most common ransom demand for the decryption key was $500, though that price would always increase the longer the victim waited.

TeslaCrypt affected gamers all over the world with reported cases in not only the USA but also Germany, Spain, Italy, and France to name a few.

Like most ransomware, TeslaCrypt was incredibly difficult to beat once infected because the “damage had already been done,” so to speak. By the time you realized you had a problem, your important files (in this case, gaming files) had already been encrypted and the best chance a victim had at recovering lost information was just to pay the ransom.

Luckily, a team of analysts at ESET took a fairly interesting approach to combating this threat. After TeslaCrypt’s operators announced they would be stopping their activities, ESET contacted them directly and requested the universal master decryption key – which they then made public. The researchers at ESET then used this to create a free decrypting tool that successfully unlocks all files struck by the 3.0.0 and 4.2 variants of TeslaCrypt.

What Happens Now? Is Ransomware Still a Concern?

Just because A strain of ransomware has been neutralized doesn’t mean that this isn’t still one of the most dangerous cyber threats in the world today, particularly to business owners. The TeslaCrypt situation is a rare one and one that you cannot expect to happen again in quite the same way.

Ransomware can still be devastating if mission-critical files are compromised, which is why making regular backups of data to a secure, off-site location is so important. Making an effort to always keep your systems updated is also one of the keys to fighting and preventing ransomware, as many of these malware strains utilize bugs and other issues present in a computer’s operating system that have yet to be patched in order to guarantee effectiveness.

Key Takeaways:

  • Ransomware is a type of malware that literally encrypts the files on a computer’s hard drive, holding them for ransom.
  • TeslaCrypt was a significant ransomware strain affecting gamers, but luckily it has been thoroughly addressed by experts.
  • Ransomware is still an incredibly significant threat, which is why proper security practices are so important.

How to Reduce the Growing Threat Ransomware Poses on Your Business

One of the most important things to understand about ransomware is that you’re dealing with more than just a standard computer virus. You’re dealing with true cyber extortion, plain and simple.

The key to reducing the growing threat that ransomware poses on your business is not to wait around to get hit and then to react – it’s to take a proactive approach starting immediately.

There are a few key steps you can take that will help not only mitigate the risk of falling victim to ransomware in the first place, but that will also make it easier to get things back up and running in the event that an attack does occur.

Put a Data Backup Plan in Place

Regular backups of your data are great, but to prevent them from becoming encrypted along with the rest of your files during a ransomware attack, they need to be kept in a secure, offline location and set to READ ONLY. This is hugely important, as storing backups locally either on your computer’s hard drive or even on network attached storage still puts them within arm’s reach of those who may wish to do you harm.

Investing in a cloud-based backup solution is also a great way to help make sure you can easily restore any compromised files in the event of an emergency.

Pay Attention to Your Email

Another one of the key steps you can take to help reduce the growing ransomware threat to your business involves enabling on-access scanning, real-time protection scanning and other advanced security features offered by your email provider.

In order to combat such a constantly evolving threat, you’ll need all of the help you can get – this means that your anti-virus software should work well with your email client to not only help immediately scan and identify files that could be malicious, but that will automatically block a user from being able to execute a file that turns out to be ransomware as well.

Educate Your Employees

You should always be educating your employees on a regular basis regarding the small but important steps they could be taking to prevent ransomware attacks from occurring. They need to know that they shouldn’t open attachments or click links in emails from senders they don’t know. They should pay attention to all domains and should be reporting any suspicious files or activities to your IT department for further investigation.

If the best defense is a good offense, the same is true when it comes to battling ransomware and the growing threat it poses to your business in the digital age. Addressing this problem requires you to go above and beyond simple common sense – you need to make sure that you understand exactly what you’re facing, so you can have the best possible chance of doing something about it before it’s too late.

Key Takeaways:

  • Ransomware is a specific type of malware that encrypts the files on a hard drive during an attack, holding them for “ransom.”
  • One of the best ways to mitigate the damage of a ransomware attack is to make sure you’re performing regular backups to an OFF SITE location.
  • Always scan all email attachments and enable features like “on-access scanning” to prevent users from accidentally executing a file that turns out to be ransomware laying in wait.

3 Best Practices to Protect Against Ransomware

If you had to make a list of the top cyber threats businesses in the 21st century have to concern themselves with, ransomware would undoubtedly be right at the top. Strains like Cryptolocker are a bold new type of malicious software that actually encrypt the files on a hard drive and essentially hold them hostage.

The only way to regain access is to pay a fee, normally in the thousands of dollars, and even then nothing is a guarantee. If you want to protect your business from ransomware, there are a few important best practices that you need to start using immediately.

Backup, Backup, Backup

Experts agree that the number one way to prevent the devastating effects of a ransomware attack is to make sure that all of your mission-critical data is always backed up. Your backups should be conducted automatically on a regular basis and they should always go to a secure, off-site location. Backing up files to a hard drive attached to the same computer won’t protect you, as those archived copies of files will likely be encrypted alongside everything else. Backups help ensure that even if you are hit with ransomware, you can simply wipe the machine and start again like nothing ever happened.

Updates

As with most malware, one of the most important best practices to help stay safe involves making sure that all of your software, including your operating system, is updated and patched at all times. Malware like ransomware is normally so successful by taking advantage of certain security loopholes and other issues inherent in outdated software. By making sure that you always have the latest version of your operating system, for example, you help close these loopholes as soon as they’re discovered – making it harder for ransomware to execute successfully in your environment.

Watch Out For Those .EXEs

Because ransomware is still technically a computer program (albeit a malicious one), one of the most important steps you can take to remain protected involves not executing any .EXE files that were sent to you via unsolicited emails. Many email providers will even let you filter out messages from unknown recipients with .EXE files attached for this reason. Also, be very careful of .EXE files downloaded from the Internet if you don’t explicitly know they come from a trustworthy source.

As with most other cyber security issues, the key to remaining protected against ransomware is to take a proactive approach. By backing up your data, making sure that your software and operating systems are always updated and more, you can help prevent yourself from falling into the type of trap that has struck even some of the largest corporations on the planet.

Key Takeaways:

  • Ransomware is a new type of malware that encrypts the files on your computer and holds them for ransom.
  • One of the keys to making sure that you and your employees remain protected involves creating regular backups of all data at a secure, off-site location.
  • Staying away from .EXE files from unknown recipients and making sure that all of your software is updated and patched are also very important steps.

What is Ransomware?

Ransomware is a type of malware that is a bit unlike any other that has come before it. Instead of merely infecting or destroying the contents of a hard drive, ransomware actually encrypts it. After completely blocking a user’s access to the important documents contained on their machine, cyber attackers then force them to pay a ransom in order to get it back – something that is very much not guaranteed. CryptoLocker, Cryptowall, and others are just a few of the many high-profile strains of ransomware to hit the web in the last few years.

Ransomware: What You Need to Know

Perhaps the most important thing to understand about ransomware is that, while personal and home users are infected on a regular basis, it is actually businesses that need to show the most concern.

For starters, the types of files that personal users are likely to lose access to aren’t necessarily “valuable” in the strictest sense of the term. While the user may have a significant emotional or sentimental attachment to the contents of their hard drive, they won’t actually be out any money if they get it with ransomware and they refuse to pay to regain access.

Businesses, on the other hand, stand to lose quite a bit from this type of situation. A single hard drive that gets infected with ransomware could cut off access to gigabytes of client or other mission-critical information including financial statements, bank account numbers and more. Not only that, but the hackers will normally have access to this information throughout the entirety of the process. In essence, this means that not only is there no guarantee that you’ll regain your data by paying the ransom, but you also cannot know for sure that a hacker still won’t use the compromised information for identity theft or other cyber crimes.

A few of the best ways to make sure that your business is protected from ransomware include certain architectural changes – like making sure that a single compromised hard drive won’t affect every device on your entire network. The use of firewalls and image-based backups are also efficient ways to combat ransomware. An image-based backup is essentially a “screenshot” of the contents of your hard drive at a given moment. When stored in a secure, off-site location, this gives you the ability to restore either individual files or the entire drive should the need arise.

Ransomware is a dangerous threat and, unfortunately, it’s one that doesn’t look to be going away anytime soon. The FBI has warned that ransomware is on the rise, so the best way to combat this phenomenon head-on is to make sure that you’re properly protected. Common sense, firewalls, image-based backups and other techniques are the best way to make sure that you or your business doesn’t fall victim to this 21st-century type of attack the way so many others have in the past.

Key Takeaways:

  • Ransomware is a type of cyber threat that literally takes a person’s data hostage, forcing them to pay in order to get it back.
  • Ransomware is far more dangerous for businesses than it is for personal users.
  • Things like firewalls and image-based backups are the best way to stay protected against ransomware.

Managing the People Side of Cyber Security

We tend to imagine cyber security as a wall we need to build around a company to keep invaders out. Whether our nameless enemy is a terrorist, a hacker, an invading virus or a snooping competitor, we rarely – if ever – imagine the threat coming from the inside.

Yet frequently cyber threat comes from sectors we would never imagine, from inside our own walls or from stupid mistakes that in hindsight were obvious but at the time were totally unpredictable.

Unfortunately, too often human error accounts for major cyber security problems, and only being aware of the risks can help you avoid them.

Let’s take a look at how you can protect your business by keeping cyber security risk on your radar and doing your best to mitigate it.

The Human Element

There are many ways people can pose a significant cyber threat. For instance, inappropriate Internet use by people within your company can let in malware or spyware, which can compromise your system or leak important information. Rogue devices on the network, whether intentional or not, can also have the same effect.

Other threats include people misusing their security clearance levels or other credentials, leaving accounts unsecured and allowing unauthorized people into the system, using firewalls or systems that are out of compliance or leaking data to untrustworthy sources and third parties. While you can’t prevent all of these things from occurring, you can do much to shore up your system and make such occurrences far less likely.

Cyber Security Problems

While most companies want to manage cyber security threats wherever possible, there are several obstacles to doing so. These include budget constraints since security systems can be expensive, as well as competing priorities, organizational issues and turf battles. Additionally, a complicated internal environment can make it difficult to find and plug security leaks. The best idea is a continuous monitoring solution that helps you assign risk to all areas and keep an eye on them at all times.

Sources of Threats

Of course, there are plenty of threats from outside your company as well: malware, hacking, physical attacks, mobile device theft, spam, terrorists, foreign governments, and so on.

While you can’t completely eliminate these threats, you can boost your internal security to:

  1. Make it less likely that such hazards can compromise your company
  2. Make it much more difficult for internal sources to work with or leak information to external ones.

Now that you know where to look for the most common human cyber security threats, it’s time to make a risk management plan that will help you avoid them. For the best possible outcome, get the advice of a company that specializes in helping businesses manage cyber security risk. That way you’ll have professional help recognizing all possible weaknesses in your unique business plan, and shoring them up before disaster strikes.

Key Takeaways

  • Many cyber security risks stem from the human element.
  • Fixing cyber security weaknesses can be frustrating, but overcoming the obstacles is totally worth it.
  • Knowing the sources of possible cyber threats is the best way to mitigate those risks.

3 Questions to Ask Before Implementing a Business Continuity Plan

In the world of business, the concept of business continuity is ultimately a simple one. It’s a set of plans, processes and related procedures that are designed to guarantee your business’ mission-critical functions will continue to operate in the event of a disaster. If your physical business suddenly burns to the ground one day, a solid business continuity plan will tell you how long it’s going to take to get you to the point where you can continue moving forward like nothing ever happened in the first place.
Read more