security threats

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 3: Getting Down to Brass Tacks

“We have met the enemy and he is us.” – Pogo

Review

Our last two blog posts have focused on revealing the greatest threat to your company’s security. The first cited a 2018 report published by PricewaterhouseCoopers that indicated cyber threats to the security of company data are continuing to increase and that employees are the top sources of security incidents. The second shared the finding that “100% of government entities see their own employees as the biggest threat to security.”

This week we wrap up the series by getting ‘down to the brass tacks’ of the best practices you can implement to minimize the greatest threat to your company’s security.

Respond

Myrtle Beach Data Loss PreventionKnowledge is power only if we use it. Now that we are aware that the greatest weakness in our systems appears to be the users, how we respond to that knowledge is key to protecting your data. Here are a few recommendations for your business.

  • Establish policies that define usage rights and responsibilities.
  • Develop a training program. The program should be formal and documented. Each module of the program should be comprehensive and comprehendible.
  • Start at the beginning. Include employee security awareness and expectations when onboarding new employees. Include computer use policies and cybersecurity awareness and practices as an essential part of employment.
  • Train continuously. Avoid falling into the “one-and-done” trap so common in business training. People to not retain everything they learn. Remind, review, and update training continuously.
  • Put employees to the test. Some companies have gone on phishing excursions. The company creates and sends “fake phishing” emails to employees to see who, if any, responds to them. Use the results to coach those employees and, discreetly, use their cases as examples during employee training.
  • Evaluate employee security performance. Cybersecurity has become an important and essential part of your business. It should, therefore, become an important part of the regular employee evaluation process.
  • Raise awareness of new threats. Stay abreast of new cybersecurity concerns as they arise. Communicate those dangers to your employees. Add the new threats to your cybersecurity training.
  • Reward employee performance and compliance. When employees spot a potential security issue, recognize their contribution. Do the same when they “pass” phishing tests or demonstrate an exemplary approach to their use of your technology.
  • Don’t expect perfection. Yes, after all, we are human. That is what makes employees the biggest threat to your company’s cybersecurity. An occasional reminder that you, too, are human is always helpful. The mistake that is made could be yours.
  • Always err on the side of caution. Need we say more?

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

malware breaches

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 2

OOPS!

Oops! That’s the word you never want to hear from your barber, your surgeon, or your pilot.

Business owners are beginning to realize that it is not what they want to hear from any employee working at a company-owned computer – or a BYOD computer linked to the company system.

Last week, we shared some statistics that indicate that company employees may be the biggest threat to your digital data (click here for part 1). To underscore that foundation, we were stunned by one of the findings of a Netwrix 2017 IT Risks Report of government agencies:

“100% of government entities see their own employees as the biggest threat to security.”

Think about that for a minute. Not malware, not data breaches, not hackers, but employees.

The attacks may come from the outside, but the biggest threats are the employees on the inside. In fact, the report also revealed that 57% of actual security incidents among those agencies in 2016 we attributable to employee human error.

computer errorBefore taking comfort in “only 57%,” the remaining 43% had their root cause in “insider misuse.” In this case, insider means “employee.”

Obviously, we are trying to make a point here. It is not that you should consider your employees to be ill-intentioned culprits. It is that you should understand the reality that, although they are probably not the attackers, they are the actors via which attackers gain access.

ICU

Before we share some of the finer details and proven ways to protect your technology from damage by your own personnel, which we shall do next week, we want to emphasize and re-emphasize that the essentially cornerstone of security protection for your technology is having an ICU approach. Perhaps we should say an “I see you” approach.

We are talking about an approach in which activity is monitored for the ability to identify aberrations that typically point to security issues and better position your company to handle the potential threats to your systems.

SPY

Secure and Protect Your Technology

Other than the logistical and operational issues we will discuss in the next article, there are two important obstacles that business leaders must foresee prior to making a bona fide commitment to protecting your technology.

1.   The rapid advance of digital technology is not going to stop or slow down to wait for you to catch up or keep pace.

2.   Some employees will perceive monitoring as a violation of their rights.

In Daniel Boone’s day, advancing pioneers secured a position then developed their operational resources within. Today, new resources are coming at us at a furious pace that security often follows rather than leads. If you are going to commit to advancing technology, you must commit to guarding it.

Employees (those people whom government agencies see as their biggest security threat) must be groomed to understand that it is not their activity that must be protected. It is your data. And it is your digital technology. Reasoning to the next level, savvy employers must change to employee paradigm in such a way that they become protectors of your security rather than perpetrators of OOPS moments that could bring your business to its knees.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency. The next step is raising your employees’ awareness.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

protect your technology

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 1

Yep! That’s one of them.

Surprise!

It’s not hackers and scammers who are the biggest threat to your company’s data security. It’s your employees. And it’s not just because they haven’t learned to keep their coffee away from their keyboard. That’s so late last century.

Speaking of last century, the employee culture then and now are almost polar-opposites. In the 1990s most office staff were unfamiliar with PCs. They were on a learning curve of which the leading edge was the fear of doing something wrong. God forbid that they should do anything that would cause a mistake or to “mash a key” that would create a data error.

Nearing the end of the second decade of the 21st century, the workforce is replete with older employees who have long ago learned the ropes and the next generation that knows no fear. Employees whose first words were “momma, digital, and daddy,” have replaced the retirees who had learned just enough to get by before they got their gold watch (or their pink slip).

The bigger problems today are complacency, carelessness, curiosity, and the occasional class clown. Every research report we have read agrees that the overwhelming majority of data breached can be traced directly to employee negligence. For example,

  • An IBM report indicated that 60% of the cyber-issues reported were caused by insiders.
  • A government survey reported that 57% of cybersecurity incidents were caused by human error.
  • A 2018 PwC report indicated that cyber threats to the security of company date are continuing to increase and that employees are the top sources of security incidents.

Should You Be Worried?

That depends. If you think that your employees are so special that your company is exempt from the reported realities, the answer is yes.

On the other hand, if you take the potential loss or corruption of your business data seriously, and you are willing to take some reasonable steps that will help to ensure that you can reduce the insider threats to your digital technology, the answer is still yes. But you should be able to worry a lot less.

What Should You Do?

We could spend an entire article offering best practices and guidance for guarding your technology in house. That’s what we will do in our next post. Sure, we could do list them here, but we’re going to limit this article to the first and most significant step a business owner must take.

It all depends upon you.

That’s right. The only way to reduce insider threats – malicious, mischievous, or mistakes – is for ownership to make protection of data and technology a priority for your business.

Next week we’ll share some proven ways to protect your technology from damage by your own personnel.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

internet security

Scary Thoughts About Internet Security

BOO! Welcome to cyberspace.

What? Doesn’t cyberspace scare you? Well, it should. Don’t blame us. We don’t want you to be scared. We want your digital technology to be protected.

We’ve discovered that many people who fear cyber technology the most simply try to avoid it. On the other hand, we have noticed that whole new generations been raised on expanding technology. The problem with this group is more that they are not afraid.

The unchanging truth is that cyberspace – the internet and connected devices – is not safe. It is not dangerous in and of itself so much as that it can lead you to dangerous places or to dangerous persons who attack you unexpectedly. Consider them modern-day scam artists.

Let’s put this into perspective.

Question: What’s the biggest problem with being wealthy?

Answer: You have more stuff to protect. (That’s why rich people live in gated communities and have security guards.)

Question: “What would you think about creating a world in which people sell really insecure products that can be used to attack the very fabric of the internet?”

We are guessing that your answer would be “No!” In that case, “Houston, we’ve got a problem,” because we are already there – relative to both questions asked and answered.

We try to keep our clients and readers aware of specific issues – viruses, malware, and ransomware, for instance. However, we have learned that, in some cases (certainly not yours), we can lead a person to cyberspace, but you can’t make them think.

So, in case you missed the point, we are addressing the fundamental truths that everyone needs to understand.

  1. We are all, whether we like it or not, whether we think we are or not, getting more and more connected to cyberspace.
  2. Cyberspace is a dangerous place.
  3. You need to be aware and alert.
  4. You need to protect your electronic devices.
  5. You need full-time, round-the-clock protection because the danger does not diminish when you or your computer are asleep. Neither is it any less of a threat when you and your devices are awake.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

computer backup

Backing Up: Your Computer Needs a Rearview Mirror

You wouldn’t drive your car without a rearview mirror. You certainly wouldn’t back up without one.

Neither should you drive your computer without one. You might even say that backing up your computer is your rearview mirror. Perhaps if we thought of it that way we might be more consistent backing up our PCs than most of us probably are.

Okay. Enough punning around. The point is that we need to back up our computers. Backing up preserves the memory of where we have been.

Here are five good reasons to back up consistently.

  1. Your computer isn’t going to do it by itself. Think of all the work that your computer is doing for you. Do you really expect it to do EVERYTHING for you? Backing up is something you do for your computer so that it can be all that it needs to be for you.
  2. Your computer can get sick. If your computer gets a virus, you can lose valuable information. Backing up what you know to be accurate can make restoring your data to complete health and functionality easily.
  3. Your computer can die. If you haven’t had a hard drive crash, you have got to be in the minority. They die. In fact, their mortality rate is much higher than we think – or would like to think. Statistics show that 22% of hard drives fail during the first four years of use. Some have defects. Some just die from overwork. If your hard drive crashes and you don’t have a backup, you will need a memorial service for your dearly departed data.
  4. Your computer user makes mistakes. We know this probably doesn’t apply to you, but we need to mention it for all our other readers. When you know that something has gone terribly wrong – like accidentally deleting a file – a recent backup may be your only remedy for human error.
  5. Your computer uses is a klutz. Again, this probably doesn’t apply to you, so be considerate of our other readers who have dropped their laptops in the past. Maybe some thought they were lucky (?) that it fell into a pile of snow, only to find that something got wet that shouldn’t get wet. It may not have been broken into smithereens, but the effect is the same.

We could go on, but the important thing is that you get the point and start backing up your digital devices on a regular basis, at least daily.

We understand that it is a pain to do and to remember to do. But it is still true that an ounce of prevention is worth a pound of cure. Guarding your technology begins with protecting your data. It is really that important and your protection all begins with you.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

Good News and Bad News About Cybercrime

You’ve heard it before. We’ve got good news and we’ve got bad news. Which do you want to hear first?

The crowd response to our question seems to be about 50/50, so we’ll give you the bad news first.

Cybercrime is growing.

You probably either knew that or expected that, so the bad news may not seem to be too bad. Unless, of course, you are the victim of one of the many types of cybercrime. Then, it’s really bad news.

But, let’s look at it on a global scale. A recent report indicates the global cost of crime – what it costs its victims –increased by 20% over the two-year period between 2014 and 2016. That’s a one billion dollar increase from $500 billion to $600 billion, an amount approaching one percent of the global GDP.

Here is a breakdown of some of the details of the bad news.

  1. It is estimated that more than two billion people have had their personal information stolen or compromised online.
  2. 64% of Americans have had personal information stolen or compromised online.
  3. Cybercriminals are generally quicker to adopt new technologies than other users. That doesn’t even consider that cybercriminals may frequently be ahead of the technology curve.
  4. The number of countries that have become centers for cybercrime is increasing, led by Brazil, India, North Korea, and Vietnam.
  5. The emergence of digital currencies has made profiting from cybercrime much easier. (What’s that? You’re not into digital currencies? You will be. Ten years ago, you weren’t into smartphones. Twenty years ago, you weren’t into using debit cards. Thirty years ago, you weren’t into personal computers.)
  6. Cybercrime is easily scalable and growing. One ISP has reported as many as 80 billion malicious scans per day with as many as 300,000 to a million new versions of malicious software being created daily.
  7. Cybercrime is becoming highly automated.
  8. Cybercrime is now being black marketed as CCAS – Cybercrime as a Service.
  9. Cybercriminals, like other criminals, tend to focus their activities where the money is, with North America, Europe, and Central and Eastern Asia each having about an equal portion of 63 percent of the global GDP. The FBI estimates that 4,000 people in the U.S. were victims of ransomware attacks per day in 2016.
  10. Far too many of us choose to ignore the risk.

Now for the good news. You can do something to guard your technology. In fact, you can personally reduce the list of bad news items by ten percent!

Don’t ignore the cybercrime issue. Stay informed and guard your technology.

And here is more good news. Tech Sentries can help you guard your technology. Our services, however, should never be a reason for anyone to willingly ignore the risk.

All we ask of you is to be steadfast in doing your part to keep yourself and other users of your system away from suspicious links and intriguing pop-up ads that may have more to offer you than advertised.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

 

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell

ransomeware

Move Over Ransomware – Here Comes Crypto-Jacking

Just when you feel like you’ve heard about all the cyber threats and attacks that can compromise your digital technology, you learn that hackers have discovered new methods of intrusion and infection.

It doesn’t just feel that way. That’s the way it is.

Don’t let our blog title mislead you, the threat, danger, and cost of ransomware still exist. It’s just that when ransomware artists realize that crypto-jacking is much easier and much more lucrative, the scammers are likely to jump on the new wave of tech crime.

The Effect of Ransomware

The average likelihood that a hacker will obtain a ransom via a ransomware attack is about three times out of 100 attacks. The current success rate for crypto-jacking is 100 out of 100.

In fact, crypto-jacking is escalating rapidly and, with the current fascination with the crypto-currency market on the rise, it is likely that the trend in cybercrime will follow. A recent report indicated that there were about 15,000 crypto-jacking alerts in May 2017. By February 2018, that number had risen to 280,000.

By now, you are probably wondering what crypto-jacking is. We certainly hope so. That’s why we are writing this blog. Here’s what you need to know.

  • Crypto-jacking does not attack your system per se. It infiltrates and enlists your devices to attack others. But this is not a case of “no harm, no foul.” Complex codes installed on your digital assets operate in the background, sending results to a server the hacker is using.
  • The codes find their way onto your system devices using tried-and-true phishing and malware techniques, i.e., by getting you to click on links in legitimate-looking emails or on infected pop-up ads on a website you are browsing.

In effect, your computer is being hijacked via old techniques, not to attack you, but to do mine cryptocurrencies from others.

The problem your system is that crypto-jacking is like a debilitating disease on your system’s devices. You can’t see it. It is not eating your lunch, but it is eating your resources. While you are enjoying your pastrami on rye, the codes are eating up your processing resources. Eventually, your digital technology will be working more for the hacker than it is for you. You probably won’t notice a thing until your computer is no longer performing wonders faster than a speeding bullet but acting like it wants to take a nap.

We want you to be informed. But we also want you to know that we’ve got your back. Tech Sentries monitors and protects your systems, even from unseen parasites like the codes running at the behest of crypto-jackers.

All we ask of you is to be steadfast in doing your part to keep yourself and other users of your system away from suspicious links and intriguing pop-up ads that may have more to offer you than advertised.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell
https://www.techsentries.com

What Willie Sutton Can Teach Us About Computer Security

Willie Sutton was arguably one of the most “successful” if not the most infamous bank robbers of the 20th century. Sutton managed to steal close to $2 million during a forty-year career. He passed away in 1980 at the age of 79. He may be long-gone, and it is likely that he never owned a computer, but we can still learn something about computer security from him.

It has been widely reported that someone once asked Sutton why he robbed banks.

He wryly responded, “Because that’s where the money is.”

A 21st century Sutton would probably have told you that your computer was a likely target for cybercriminals, not because of you personally, but “Because that’s where the information is.”

Have you noticed that we don’t hear about many bank robberies anymore? Why do you suppose that is? It’s because the best way to get to the most money is by gathering information that is used to appropriate ill-gotten gain.

Whether the cyber crooks use malware, trojans, ransomware, email scams, worms, or some other misbegotten method, they are coming after any of us who have digital technology. That would be just about all of us.

Why You Need Computer Security

So, here’s another question to which the venerable Mr. Sutton would have likely had a spontaneous answer:

Which computers or computer systems do you think cybercriminals are likely to attack?

Answer: The ones with the least protection and whose owners are not expecting an attack.

Banks today utilize all kinds of security devices to deter and defend against potential intrusions. Why rob a bank that has advanced security when the next one has none?

Cybercriminals are constantly surveilling systems to seek out the most vulnerable. As digital technology advances, so do cybercriminals’ techniques. They are not going to overlook any opportunity, but the presence of top-notch security protecting your data will send them down the road to a more exposed location.

One more piece of advice. Advanced digital technology tools like those available through Tech Sentries protect your data 24/7/365. But we can’t prevent the crime if you open the door and let the villains in. Be extremely cautious – especially as we approach income tax filing time. Willie Sutton once dressed as a mailman to gain easier access to a bank. Be careful not to get caught by a scam disguised as an innocent email.

We are here to help you Guard Your Technology, but it takes a team to do so effectively. If your digital security needs a review, give us a call for a FREE consultation. We’ll show you how you can protect your system and we’ll even give you a few tips on digital self-defense as well.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell
https://www.techsentries.com

Passwords – The Weakest Link in Computer Security

I recall a morning Pre-PC Era 30-some years ago when no one at my office could log onto their mainframe monitors. It seems that our programmer had worked late into the night. Not only had he changed the system password, he forgot to set his alarm clock. Several attempts to contact him were unsuccessful. This was also the Pre-Cell Phone Era.

Fortunately, we were able to reach him. When we asked him for the new password, he said, “You’ll figure it out. It’s easy.” Without another word, he hung up and, apparently, went back to sleep.

It took us a while, but we finally figured it out when someone suggested that we consider how to properly punctuate what our programmer had said. Turns out he said, “You’ll figure it out. It’s ‘E-A-S-Y’.”

Thirty years later, that’s still a big problem. As advanced as technology has become, passwords are still far too EASY. It’s as if we have a genetic predisposition that precludes us from creating passwords that are impenetrable – or at least difficult. Either that or we don’t have the ability to create and recall complicated passwords. You know the feeling: “How do I make this unique, but still easy to remember?”

123456 and password

Those are the two most popularly-used passwords. They have been for several years. Go figure. Many others are simply variations on these two themes.

When you fail to create passwords that are difficult to discern you might as well paint a target on your back.

As much as we hate to say this, paying for a top-notch digital security service is like spitting into the wind if you don’t use and require strong passwords.

So, here are a few tips to help get you started:

  1. DO NOT use fewer than eight characters. The longer, the better.
  2. DO NOT use logical patterns or letters or numbers.
  3. DO NOT use repetitive or sequential letters or numbers.
  4. DO NOT use names, addresses, or dates.
  5. DO NOT use any words found in the dictionary.

It takes a team to Guard Your Technology, but never forget that it is your technology and they are your passwords. We encourage you to create better passwords. Tech Sentries can take care of the rest.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell
https://www.techsentries.com

Spear Phishing

 

We’ve warned our readers in the past about cyber attacks identified as phishing. Yes, phishing is dangerous for unaware phish. We don’t want that phish to be you. Now the problem is more dangerous. Phishing has escalated to the even more pernicious spear phishing.

Phishing Reviewed

·       You receive a message inviting you to access a website or other online document.

·       You (the phish) bite by clicking on an “Open in Docs” button. Sometimes the message seems to be too good to pass up. Even if it doesn’t appear that good, it just looks so real.

·       Once you bite, the hook is set and the phisher uses your contact list to infect the people and businesses on it.

Digital phishing works randomly, just like regular fishing. The phisher casts his line to where the phish are gathered, hoping that one bites.

Spear Phishing Is Targeted

There’s a reason we call it spear phishing: because it is just like spearfishing. The phisher has a specific phish in his crosshairs. Instead of waiting for a random fish to take the bait, the spear phisher has his eye on you or your business, and he is ready to stick it to you.

The spear-phishing cyber attacker already knows your name and enough readily available information about you to get your attention. The method of attraction is much more subtle and sinister. Using your known information, the attack typically comes cleverly disguised as a message from someone you know or some company you do business with and trust. Only it’s not.

If it weren’t for the phishing phrase already in use, we might be describing these attacks as wolves in sheep’s clothing. Your cyber attacker presents him or herself as innocuous and trustworthy.

Fear the Spear

The best way to avoid being spear phished is by exercising an abundance of caution. Be wary of invitations, offers, and surveys that might even possibly be cyber attacks. Even more important is ensuring that your technology is protected. Caution is good, but it now takes security technology to best guard your technology and to keep your computers free of spyware, malware, phishing, and other attacks.

Tech Sentries works diligently to keep you aware of potential dangers and how to take a few, common-sense steps to Guard Your Technology and to ensure the safety of your data and devices.

We are as concerned about your computer system security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
6251 Lindsey Rd.
Myrtle Beach, SC 29588
843-282-2222 Office/Fax
843-902-6885 Cell
https://www.techsentries.com

1 2