Top 5 Security Cyber Security Threats to Your Small Business

I hate to say it, but the bad guys are getting really good at taking advantage of businesses, and they’re making a mind-boggling amount of money off it. So, it’s not going to slow down, it’s just going to escalate. I want to let you know what the biggest cyber threats are, according to Webroot’s 2018 Cyber Threat Report, so you can make sure you’re not one of their statistics.

1. Phishing – Employees are taking the bait!

Phishing scams used to be almost laughably obvious – a Nigerian prince wanted to send you money! But now these scams are so cleverly disguised, it takes an eagle eye to spot one. It’s very easy for your employees to innocently click on what appears to be a legitimate link and open your business to thieves. Today’s phishing scams are more likely to be via email from what appears to be a company you already do business with. Employees need to be trained to never provide info or click links unless they’re absolutely sure they’re from a legitimate source. Talk to us about our Security Awareness Training.

2. Static Malware is history. Polymorphism is the new threat. 

Static lists were once the preferred method of keeping known malicious files from being downloaded onto machines. However, polymorphism’s popularity means static lists are useless in defending against malware. Tiny variations in malware binaries, ones that otherwise do not change their core functions, now prevent these lists from reliably filtering out threats. Of the hundreds of millions of executable files Webroot analyzes each year, 94% percent were polymorphic. We provide the latest in endpoint protection through our Enable program.

3. Cryptojacking uses your computers without your knowledge.

The best cons are the ones you never even know about. Cryptojacking involves hijacking the computing power of a machine and reassigning it to the task of cryptomining, the process of adding transactions to a blockchain leger in exchange for a small transaction fee. Over time, these efforts can lead to steady returns on little effort for cryptojacking operations. We have advanced security services that watch for unusual behavior on your systems.

4. Ransomware – Extremely quick and profitable!

This is one of the most frustrating and costly cybercrimes. Thieves take over your computer systems and hold your files ransom until you pay up. The worst part of it is, even if you go ahead and pay the ransom, there’s no guaranteed that you’ll actually get your files back, and if you do, they could be damaged or corrupted. Two major ransomware attacks in 2017 caused over $4 billion in losses in just 24 hours. Those grabbed headlines, but the truth is, ransomware happens on a smaller scale to small business every day. A layered security approach coupled with comprehensive backup systems is the best approach to thwarting Ransomware.

5. Malicious mobile apps

With nearly two billion smartphone users, and the enormous popularity of mobile apps, this is now a sweet spot for cyber criminals. Webroot found that one third of mobile apps are now built with malicious intent. In other words, they appear to be something fun or useful, but their actual purpose is to hack your phone.Be wary of applications you install on your phone and be sure to read what access they need to the data stored there.

What can you do about it?

The first line of defense is to make sure you train your employees and keep all systems updated. Those pesky reminders that you need to update your software should never be ignored. Updates are not just improvements in function or design, they also contain fixes of known vulnerabilities.

The next line of defense is to have a great IT partner who will focus on your security. We make it our priority to keep our clients’ networks secure against all known threats, and be informed of potential future threats. It costs so little to protect your business from cyber threats, especially when you consider how much even one small attack can cost in terms of lost revenue and reputation.

Give us a call and we can help you assess your vulnerability to cybercrime and show you how to avoid it.

Call 678-389-6200.

Employee Training Can Prevent HIPAA Violations

HIPAA Compliance, HIPAA Audit

Human error is one of the primary causes of HIPAA violations. Even your best employees can make mistakes, or inadvertently create a situation that leads to a violation. All employees need HIPAA training, so that they understand what would constitute a violation, and what they should do if they see other employees mishandling information.

Fortunately, the software solution I’m now offering my medical and dental practices also covers HIPAA training. Compliance Guard is an end-to-end solution to help busy practices simplify compliance and provides the staff training necessary to ensure the whole team is on board.

The training, and tracking who has been trained in what areas, will be helpful during a HIPAA audit. The Compliance Guard software handles all the tracking and reporting. Because the software was developed by auditors, you can be assured that it covers everything that would be assessed during an audit. You’re never alone with Compliance Guard – our Compliance Coaches will answer questions and guide you. No practice that uses Compliance Guard has ever failed an audit! 

Contact us for more information. Call 389-678-6200 or email jmamon@mpoweredit.com.

Ready for GDPR? What you need to know about new privacy regulations.

GDPR Compliance

If your company collects data on customers, you need to be GDPR compliant by May 25. Even though this is a European privacy law, it affects businesses here in the US. GDPR (General Data Protection Regulation) has new, more transparent regulations for how all companies collect and analyze data tied to EU residents.

Your company will be required to provide a clear notice when you’re collecting data, and let your customers know why you’re collecting it, how long you’ll retain it, and your deletion policies. You’ll need to ensure your employees understand the new policies, and that all your vendors are also compliant.

Your customers will now have the right to access their personal data, and correct or remove it from your database. They can also object to your processing their personal data.

For complete unbiased information on GDPR visit the European Commission.  For network security, penetration testing and all other compliance issues contact mPowered IT at 678-389-6200.

Why Bear the Outrageous Cost of Downtime?

Cloud Backup

Most SMBs don’t have a realistic idea of what it would cost if their computer network were to go down or be inaccessible for any reason. Businesses that do estimate the cost figure around $5000 per hour – but that’s actually low. The cost is actually around $18,000 per hour. Considering how much of your business is tied to your network, you have to figure not only the hard costs of recovery, lost productivity and sales, but also lost opportunity costs – the potential customers who attempted to access your business and couldn’t.

But SMBs with a solid backup and disaster recovery plan can continue business as usual, even with a system failure or power outage that lasts for days. With our Ensure program, your system is backed up continuously throughout the day, every day, and should your server fail, your business is not disrupted. Your business continues off the backup system during repairs.

No business should bear the cost of downtime, when the loss of revenue is almost completely avoidable. The Ensure program provides all the backup and disaster recovery you need for a low monthly rate. In fact, you could be on the Ensure program for many years, enjoying the peace of mind knowing your data is safe and accessible to you, and your cost would be nowhere near what you’d pay for even a few hours of downtime. It just makes good business sense to have Ensure in place – because eventually something will go wrong.

Call mPowered IT to Ensure your business continuity through any disaster – 678-389-6200

 

Would your medical practice pass a HIPAA audit?

One thing I’ve noticed as an IT professional  – and occasionally as a patient – is that no matter how brilliant doctors are with medicine and medical technology, their practices usually struggle to stay up to date with computer and network technology. It also almost goes without saying that medical practices are nearly 100% focused on patient care, scheduling, and insurance, leaving little energy to devote to HIPAA compliance. But even an innocent oversight of a detail of HIPAA compliance can be costly, in terms of fines and loss of reputation.

What medical practices really need is a way to put HIPAA compliance on rails – so it’s simple to understand and easy to handle. We’re now offering an easy-to-use software solution, Embrace Compliance Guard. It will help you with risk assessment, train your staff, verify your compliance status, produce the reports you need, and a whole lot more. It also provides Compliancy Coaches for live human help when you need it.

This software is the solution I’ve been wanting to provide to my medical clients for a long time, and now it’s available. mPowered IT, as a provider to medical clients, has been trained on this system, and we have ensured that we are HIPAA compliant too. We can provide Embrace Compliance Guard on its own or as an addition to our Managed IT Support Services for medical practices.

Learn all about it here. Or, give us a call at 678-389-6200.

How’s that phone system working out for you?

IT service issues

That phone system you put in years ago is probably in need of an upgrade, but who wants to deal with that hassle and expense? Yet, it’s hard to grow and move forward with what you have.

We are helping small businesses get a better, more advanced phone system, without the huge cost and drama. The small business phone system of the future is VoIP – a cloud-based system.

With our Embrace Voice cloud-based phone system, you never have to worry about set ups, managing, updating or repairs ever again. For one low monthly fee, you suddenly have the most cutting-edge phone system with the most advanced features.

Why stumble though another awkward conference call or irritate another customer with a less-than-friendly on-hold system, when you can quickly switch to a system that really helps your business and its future growth.

Learn more about VoIP and let’s talk about how we you can use it help your business. Call 678-389-6200.

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Password Protect Customer Data!

secure customer data deep roots analytics voter exposure

The Republican National Committee hired Deep Root Analytics in 2017 to gather political information on US voters but didn’t secure the data. They had personal information on about 61% of the US population stored on an Amazon cloud server – with no password protection. It was exposed there, open for anyone to access, for about two weeks before a security researcher discovered it. A class action lawsuit, and a media storm of negative publicity immediately followed.

A company that acquires and manages personal information should know how to secure data. They were entrusted with sensitive information such as names, birthdates, home address, phone numbers, regions, ethnicities, and voter registration information, and carelessly stored them without password protection. A class action lawsuit immediately followed.

Your business may not have millions of personal records, but you need to secure data for your own customers, because their trust is important to you. And their information is gold to hackers.

How Your Business Could Avoid a Deep Roots-type Error 

  • Recognize What Data is Sensitive: While you don’t want any company data to become public, you do need to recognize that your customer data should be considered sensitive. Names, addresses, phone numbers, email address should always be kept secure. The mere fact that these people are your customers is a major piece of information for hackers, and they can sell that data to your competitors. If you have your customers’ annual income, social security numbers, date of birth, etc., you have to be even more careful about protecting them.
  • Password Protect Your Customer Database. Your customer data should never be accessible to anyone without a password.
  • Limit Access to Your Customer Database. Only the people in your company who absolutely need to access your database to perform their jobs should have access. Limiting access will reduce both unintentional and intentional data breaches by employees.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

Oops! Your private data is showing.

data security best practices

Do you know how easy it is for a competitor to gain access to your customer list?
Or how easily one employee can accidentally make your company files publicly accessible?
Or how anyone who really wants to can read all those “private” emails you send?

 Learn Data Security Best Practices to Keep Your Company Data Secure

Your company data is a major asset, so keeping it secure should be a top priority. Most small businesses do not have data security best practices in place for keeping their data safe, which makes them vulnerable to accidental release of data and purposeful hacking.

Download a FREE copy of Data Best Practices from mPowered IT to learn how to keep your info safe!

Company data you really don’t want made public

  • Employee records
  • Payroll records
  • Proprietary product info
  • Customer lists
  • Projects in progress
  • Client emails
  • Personal emails

Whether you transact online with customer credit cards or not, you are especially vulnerable to exposing your private data. Most small businesses are easy targets because they’re not putting reliable data security measures in place. And not all data security breaches come from an outside hacker – sometimes they come from a disgruntled employee. Or, more likely, they happen because employees do something innocent not realizing they’ve created a vulnerability. Or, management has provided too much access to too many employees.

If you don’t want your business to become anyone else’s business, download your free copy of Data Security Best Practices or call mPowered IT at 678-389-6200.

 

 

Web Analytics