No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Password Protect Customer Data!

secure customer data deep roots analytics voter exposure

The Republican National Committee hired Deep Root Analytics in 2017 to gather political information on US voters but didn’t secure the data. They had personal information on about 61% of the US population stored on an Amazon cloud server – with no password protection. It was exposed there, open for anyone to access, for about two weeks before a security researcher discovered it. A class action lawsuit, and a media storm of negative publicity immediately followed.

A company that acquires and manages personal information should know how to secure data. They were entrusted with sensitive information such as names, birthdates, home address, phone numbers, regions, ethnicities, and voter registration information, and carelessly stored them without password protection. A class action lawsuit immediately followed.

Your business may not have millions of personal records, but you need to secure data for your own customers, because their trust is important to you. And their information is gold to hackers.

How Your Business Could Avoid a Deep Roots-type Error 

  • Recognize What Data is Sensitive: While you don’t want any company data to become public, you do need to recognize that your customer data should be considered sensitive. Names, addresses, phone numbers, email address should always be kept secure. The mere fact that these people are your customers is a major piece of information for hackers, and they can sell that data to your competitors. If you have your customers’ annual income, social security numbers, date of birth, etc., you have to be even more careful about protecting them.
  • Password Protect Your Customer Database. Your customer data should never be accessible to anyone without a password.
  • Limit Access to Your Customer Database. Only the people in your company who absolutely need to access your database to perform their jobs should have access. Limiting access will reduce both unintentional and intentional data breaches by employees.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

Oops! Your private data is showing.

data security best practices

Do you know how easy it is for a competitor to gain access to your customer list?
Or how easily one employee can accidentally make your company files publicly accessible?
Or how anyone who really wants to can read all those “private” emails you send?

 Learn Data Security Best Practices to Keep Your Company Data Secure

Your company data is a major asset, so keeping it secure should be a top priority. Most small businesses do not have data security best practices in place for keeping their data safe, which makes them vulnerable to accidental release of data and purposeful hacking.

Download a FREE copy of Data Best Practices from mPowered IT to learn how to keep your info safe!

Company data you really don’t want made public

  • Employee records
  • Payroll records
  • Proprietary product info
  • Customer lists
  • Projects in progress
  • Client emails
  • Personal emails

Whether you transact online with customer credit cards or not, you are especially vulnerable to exposing your private data. Most small businesses are easy targets because they’re not putting reliable data security measures in place. And not all data security breaches come from an outside hacker – sometimes they come from a disgruntled employee. Or, more likely, they happen because employees do something innocent not realizing they’ve created a vulnerability. Or, management has provided too much access to too many employees.

If you don’t want your business to become anyone else’s business, download your free copy of Data Security Best Practices or call mPowered IT at 678-389-6200.

 

 

Keep Your Systems Updated and Patched

What some have called “the worse ransomware attack ever” struck in May 2017, infecting an estimated 300,000 computer systems in just four days. WannaCry was similar to many ransomware attacks, i.e. it encrypted files and demanded a Bitcoin payment to decrypt them.

However, it differed in one major way: worm tactics.

Once WannaCry infected a machine, it scanned the connected LANs and WANs to find and attack other vulnerable hosts. The subsequent infections occurred automatically without user interaction.

This allowed WannaCry to seize entire networks and even hop to others, rapidly sparking a flash epidemic worldwide.

The National Health Service in the U.K. was hit particularly hard, with at least one-third of health trusts (i.e. healthcare offices and services) disrupted and over 19,000 appointments canceled, including surgeries.

Stolen NSA Cyber Weapons

WannaCry spread via EternalBlue, an exploit for Windows Server Message Block version 1 (SMBv1), a legacy network file-sharing protocol present in every version of Windows released in the last 15 years (and maybe more).

The exploit is allegedly from a cache of cyber weapons stolen from the U.S. National Security Administration (NSA) and released publicly on April 14, 2017.

Microsoft issued a patch for the vulnerability on March 14, 2017. When the attack began, every Windows system that had not been patched within eight weeks was vulnerable.

How Your Business Can Avoid a WannaCry 

  • Patch Vulnerabilities: The importance of patching cannot be overstated. When WannaCry struck, administrators with freshly patched Windows machines were safe.
  • Plan for Disaster: This attack targeted a vulnerability in millions of Windows systems. A patch had been available for only about two months. Another attack of this scale is always possible. If your systems are compromised, what will you do? If you don’t already have one, get a backup and disaster recovery plan in place.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Never Hide a Data Security Breach from Your Customers

Uber’s CEO revealed on Nov. 21, 2017, that the ride-hailing service failed to disclose a massive data breach last year. In Oct. 2016, hackers accessed a server containing personal information for more than 57 million Uber drivers and riders. They demanded a $100,000 ransom to delete their copy of the data, which Uber paid.

The attackers allegedly first accessed a private GitHub repository used by Uber’s developers. The repository contained code with login credentials for other Uber systems, which ultimately provided access to the stolen data.

Uber later identified the hackers and pushed them to sign nondisclosure agreements. It also disguised the ransom payment as part of a bug bounty program, according to the New York Times.

The Biggest Mistake was the Cover-up

The Uber data breach may prove to be an example of when the cover-up is worse than the crime. The breach undoubtedly harmed the company’s brand, but the damage caused by hiding the attack has only begun. Lawsuits are now raining down on Uber from attorneys general across the U.S.

How your Business Can Avoid Lawsuits and Customer Distrust from a Security Breach

Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:

  • Know the laws. There are federal, state and local laws on how to handle a data breach and notify customers, and some are industry specific.
  • Err on the side of transparency – Thousands of companies have experienced a data security breach. It’s how you respond to it that matters to your customers. Most will forgive you, especially if you care enough about their information to keep them informed.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Never Overlook Data Security Vulnerabilities!

Credit reporting agency Equifax stores financial data on more than 800 million consumers and 88 million businesses worldwide, so data security is absolutely critical.

On July 29, 2017, the company detected and blocked suspicious network activity associated with a web portal used by U.S. consumers to file disputes. Later analysis revealed the portal’s application framework, Apache Struts, was outdated and had a severe data security vulnerability.

Equifax hired cybersecurity firm Mandiant to conduct a forensic analysis, which revealed a massive data breach affecting 143 million U.S. consumers. Further investigation later increased the number to 145.5 million – or about 45% of the U.S. population.

Severe Data Security Vulnerability Overlooked

Equifax was first alerted to the Apache Struts vulnerability on March 8, 2017, more than two months before the breach started, according to testimony to a U.S. House subcommittee by from former Equifax CEO Richard Smith. Equifax failed to act on the alert and apply the available patch.

Hackers launched the attack exploiting the vulnerability about two months later, on May 13, 2017. By the time the breach was discovered in late July, hackers had accessed dozens of databases and created more than 30 backdoors into Equifax’s systems.

How your Business Can Avoid this Type of Security Breach

Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:

  • Apply Security Patches in a timely manner – Equifax failed to realize an alert for a critical vulnerability applied to one of its web portals. A flaw that should have been patched in a timely manner went unpatched for months.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Share the Risk

Having an in-house IT person or staff seems like the most efficient way to keep your IT network running. After all – you always have someone on-site to take care of issues. But the reality is, their motivations may be counter to your business needs. IT staff are generally not motivated to perform regular maintenance or prevent issues. If everything is consistently running well, they’ll be sitting around most of the time. Their perceived job security depends on fixing what’s broken, so they must justify their existence by continually fixing issues. And when there’s a costly repair, you bear the expense.

Our motivation is completely opposite. We’re paid one low monthly fee to keep your network running, and it’s far easier and more efficient to prevent issues than it is to fix them. And when something does go wrong, we bear expense of fixing it. Most network issues are included in the fee.

Relying on IT staff for service and support means you bear all the risks when something goes wrong – and something will always go wrong! Outsourcing to mPowered IT means you have a managed services provider with business goals that are aligned with your business goals. We both do better when your network is running smoothly with no issues. Occasionally, something may go wrong, but we bear the risk. It’s on us to make it right.

Call mPowered IT at 678-389-6200 to see how much easier and more efficient it is to outsource all your IT service and support.

 

 

Best Practices!

Even the most well-intentioned IT staff is more motivated to use technologies that work best for them, or what they like most, than to use what’s best for your business. The processes and procedures they use may be what they know, but are not necessarily industry best practices. Since your business relies on its network, it’s critical that you have reliable technology and protocols in place to avoid network issues.

mPowered IT is highly motivated to employ the most reliable technologies, and follow industry best practices, because we measure our success by how well your network runs. We know we’ve done our job right when your network doesn’t have issues.

Call mPowered IT at 678-389-6200 to see how much easier and more efficient it is to outsource all your IT service and support.

 

 

More Services!

 

Some IT services you need to run your business effectively, such as data backup, email encryption, or hosting just don’t come with an in-house IT staff. Your IT staff will have to procure these services from outside vendors, so you’re already outsourcing. But how do you know if you have the right services to fit your business needs? Are you locked into services that don’t really do the job but is easy for your IT person to manage?

At mPowered IT, all the IT services you need are effectively set up and managed by one company that acts as your partner. We make sure your services fit your needs and budget, and are performing correctly to optimize your network security.

With mPowered IT, along with stellar IT service and support you can also get:

  • Email Encryption, Archiving, and Anti-SPAM services
  • Anti-Virus, Anti-malware, and Anti-Ransomware services
  • Remote Data Backup and Disaster recovery
  • Managed Network Security
  • Hosting (Cloud Services)
  • Application and web development

Call mPowered IT at 678-389-6200 to see how much easier and more efficient it is to outsource all your IT service and support.

 

 

Web Analytics