Tip of the Week: How to Prepare a Data Breach Response
Unfortunately, the more people lean on technology, the more data breaches there are. The correlation makes sense, but with so much innovation in data security and data systems, it’s a shame more can’t be done to keep businesses and individuals from losing data to opportunists and scammers. That’s why knowing how to circumvent these forces is essential to keep your data safe. Let’s take a look at how the people that are best at it keep their data secure.
Best Practices Keep It Simple
To avoid negative data situations like this you will want to ensure that your best practices are being followed. In this particular case, they aren’t very complex. They include:
- Keeping data (particularly sensitive data) organized in secure locations
- Keeping data on a need-to-know basis via access controls
That’s the list. It’s not a lot to consider on the surface, but let’s unpack them a bit. By keeping data in a secure location, it makes it easier for the professionals that manage your data and infrastructure to respond to a breach; and, by controlling who can access what, they can easily identify where the problem comes from and work to remedy it.
Detecting When You’ve Been Breached
Obviously, to remedy against data breaches, you actually have to know that you’ve been breached. Unfortunately, attackers are using more sophisticated methods than ever to hack into your network, making evasion a priority. This means that the speed in which you identify a data breach is taking place is one of the most important factors.
Businesses today are using smart technology to consistently monitor and automate a response. A Netwrix 2020 Data Breach and Security report suggests that organizations using automation were better able to detect data breaches in minutes rather than hours or days. Comparatively, most of those without (56 percent) measured their detection time in days.
Respond Confidently
It can be quite off putting to consider that people are trying to break into your network. This is why you have all those procedures in place, after all. For those that haven’t gotten around to concocting a cyber threat response strategy for their team, it’s important that it is standardized and consistent; it makes it easier to follow should you have to deal with it.
Your business will definitely have to train its staff on what to do if they are confronted with a cyber threat. Training your staff on phishing, password hygiene, and more will put your workforce in a position to help you sustain a record of security, not hinder it. On top of testing, you should consider evaluating each worker individually to better understand who needs more training and who is competent to effectively respond against these threats.
Staying On Your Toes
Having the tools to recover from a data breach is almost as important as thwarting one. Your business may be on solid footing today, but one scam, hack, or situation brought on by outside forces can floor your business. Not only do you need to have the infrastructure and the support team in place to deal with a potential data breach, you have to know that your business can recover from one. This is why you need a business continuity plan with a full data backup and recovery strategy in place. Additionally, the exploit you have dealt with could have come from a vulnerability on your network (not a human). You will need to ensure that your team’s access credentials are updated and all software patched to their most current versions.
This is not a situation you have to handle alone. Call the IT professionals at Point North Networks, Inc., today at 651-234-0895 to learn about how we can help you protect your business against cyber threats, and provide you with the tools and support to handle any situation that comes your way.
If You Haven’t Already, It’s Time to Thoroughly Document Your Business IT
A business’ technology is by all measures a part of its inventory, and as such, it needs to be tracked. Let’s consider why in more detail, and how to do so properly.
Here’s the thing: technology maintenance takes much more than occasionally scanning for a virus or updating a firewall. To truly get the most value out of your IT, you need to have a deeper insight into the role each component plays in your overall strategy and a record to track these insights for later use.
Furthermore, you need to handle your infrastructure as well, tracking everything and how well it functions to ensure your productivity never lags.
Referring back to the record you keep, your documentation should include a few things:
- All network-attached devices you have, from your networking devices to every company-owned endpoint and peripheral that attaches to it.
- The proper configuration for each of these devices.
- The date that each of these devices was installed.
- The licenses that your business needs to maintain, and the status of the ones you have.
- A comprehensive history of any service each of these devices has received.
This kind of documentation gives whoever is in charge of your IT, in-house admin or managed service provider like us, a clearer path to follow in terms of your strategy. That way, time, energy, and capital can all be used to your greatest advantage over time.
We do this for our clients—it helps us keep our costs as low as possible and ensure that the work that we do is efficient and effective.
If you want to find out more about how IT services can bring you considerable benefits, give Point North Networks, Inc., a call at 651-234-0895.
Securing Utilities Has to Be a Priority
It’s been reported that a hacker virtually broke into a Floridian water treatment facility and briefly increased the levels of sodium hydroxide in the Pinellas County water supply. Fortunately, onsite operators noticed the spike and reduced it right away, keeping the public from risk of increased levels of poison in their water. This is just the latest story in a seemingly never-ending supply of them that have to do with public utilities being at risk from cyberattacks. Today, we will take a look at this issue.
Protecting Online Utilities
Today, most systems are not only run through the use of computers, they are perpetually online so that remote operators have access to manage these systems. This provides hackers a wider-range of opportunities to carry out attacks against public infrastructure. Despite the massive amount of capital invested to ensure that these systems remain secure and reliable, all it takes is one situation to cause a great deal of public harm. The event in Florida just accentuates how important the security protecting these systems is.
The Shifting Utilities Landscape
Over the past year, more people have been asked to work remotely to help keep the COVID-19 pandemic from spreading. This has not only led to more people working remotely at jobs that would typically require on-site staff, it also has helped push a degree of automation (using artificial intelligence and machine learning) to help identify incongruencies and threats to critical IT systems. This means that more people are relying on unfamiliar tools to do their jobs remotely. One can understand how this can lead to some confusion when trying to thwart very specific and targeted attacks.
Threats Against Utilities and Infrastructure Are More Severe
A recent report from the Ponemon Institute suggests that threats against utilities are becoming shockingly more sophisticated. 54 percent of utility managers stated that they expect to have to deal with at least one cyberattack on critical infrastructure in 2021. That means that half of the people that work in electricity, water treatment, solar and wind, and gas think that they will be directly dealing with a major event triggered by a cyberattack this year. That’s completely unsettling considering how important these systems are to the sustainability of our society.
What is Being Done?
This is where it gets a little tricky. Utility companies spend a lot of time and resources securing infrastructure. There’s a reason most of these places are surrounded by razor wire. To secure themselves against cyberattacks, however, they are taking much the same approach that your average enterprise would. They will try to secure systems by learning from past mistakes, innovating the tools they use, and simply being more vigilant.
Some innovations to speak of are similar to the ones you might see at your business. Using the integration of AI to actively search for and identify threats can end up being quite beneficial. AI can go through a lot of data extraordinarily quickly, meaning that it can identify potential problems quicker and thwart bad actors’ attempts at sabotage. Another technology that is being used in energy distribution is the Internet of Things. Utility companies are starting to utilize smart meters that modulate the flow of electricity and water. While you’d think that the integration of IoT devices would actually make the systems less secure, utility companies identified that from the outset and spent time and resources securing those systems before they were ever deployed in the field.
Tip of the Week: The Guide to Optimal Password Efficacy
Your business’ security largely depends on how secure the passwords are that keep your resources from being accessed without authorization. Despite this, many users—perhaps even you—frequently sacrifice sufficient security measures in favor of the simple and convenient route, cutting corners when coming up with their passwords. Let’s try and remedy this by reviewing a few practices that can help make a password more effective.
What Threats are There to Passwords?
A password can be undermined in one of two different ways, generally speaking:
Digging into your online life or resorting to trickery, a “bad actor” (as they are sometimes called) figures out your password or how they can fool you into handing it over. Alternatively, the bad actor might phish you or infect your computer to crack the password.
As a result, you need to figure out how to make your passwords effectively guess-proof, while still being able to recall them as you need them. These principles should ultimately pertain to any passwords associated with your business—including the ones your staff members rely on.
The Balance Between a Strong Password and a Memorable Password
Whether you’re designing a password policy for your company members to follow, or simply creating a new account of your own, there are two important considerations to keep in mind.
- If a hacker can’t guess/crack a password, they will likely resort to a brute force method—simply trying every combination possible until they eventually get a hit.
- The security of a password and its resilience against brute force attacks aren’t the same.
It is important that both of these aspects are taken into serious account as you come up with your passwords.
How to Optimize Your Password Security
There are a few widely accepted best practices when it comes to what makes a good password:
- It is sufficiently long, ideally stretching over 16 characters
- These characters include non-consecutive numbers, letters, and symbols
- The password contains no common words or numbers, private information, or any publicly accessible details
It is also important that your considerations involve the aforementioned tools that cybercriminals use to break password protections. This is where we must account for the complexity of your passwords.
Did you know that about 40 percent of passwords only contain lowercase letters? Well, cybercriminals certainly know, and will certainly try to save time by only trying lowercase letters in their initial brute force attacks. Even one extra variable can significantly increase the password’s security, making it harder and more time-consuming for the hacker, and possibly convincing them that the effort isn’t worth it.
However, you also need a password that is memorable enough for you to be able to use it. The most secure password in the world is no good to you if you can’t commit it to memory, to the letter (or number or symbol).
This has recently led to the idea that a password composed of a few random words, randomized further with alphanumeric substitution and capitalization, padded with repeating symbols on either side, is the most secure option.
Think about it—like we said, each variable makes the hacker’s job that much more challenging and can help slow down any automated attempts long enough for the hacker to abandon them.
With all this in mind, it makes sense to create passwords that ultimately look something like this:
====p33k,,,@ss0c!@t3d,,,p0ck3t====
Not only is this password effectively impossible to guess, but it also has plenty of characters and—while designed to be somewhat simple to memorize, is still plenty resistant to brute force methods. Just make sure you come up with your own, instead of copying this one.
Remembering These Passwords
Admittedly, a password like this is a lot to remember on its own, so the thought of remembering a different one for each account (in keeping with best practices) can be daunting for most. Fortunately, a password manager can simplify this considerably.
A password manager is basically just a piece of software that safely and securely stores your passwords away for you, accessible to you behind a single master password. That way, your passwords could be totally secure and unique without forcing you to remember them all.
From your passwords and access management to every other aspect of your business’ IT security and productivity, Point North Networks, Inc. is here to help. Learn more about what we can offer by calling 651-234-0895 today.
Conduct a Security and Compliance Audit, You Won’t Regret It
If you are an avid reader of our blog, we are constantly saying how there are always a growing number of threats. This is true. Two-in-every-three business owners consider that their cybersecurity risks are increasing each year. The other third must not focus on them, and that is a problem. In fact, many business owners don’t give the proper respect to cyberthreats and many of those businesses pay the price. This is why every business should consider a security and compliance audit a mandatory part of their yearly IT assessment.
Explaining the Security and Compliance Audit
Since there is a constant stream of threats coming at your business from the Internet, it stands to reason that you need to come up with a strategy to reduce or completely eliminate those threats’ path to your business’ IT infrastructure. Traditionally, that means installing security software solutions such as firewalls and antivirus, training your staff on how to navigate potential scams, and doing your best to monitor the threats as they come in. This seems comprehensive, right? Unfortunately, these efforts are unlikely to prevent a breach of your network or a corruption of your IT infrastructure.
The IT infrastructure that continues to grow.
If you consider that every year more and more is added to your IT infrastructure, it’s not a stretch of the imagination to not only gain more to support, but also additional points of potential exploitation. New systems can create new vulnerabilities in your network, and more to support can add even more holes in your existing system. These are the avenues hackers use to access your network and steal your data.
Additionally, the more complicated your IT infrastructure gets, the more difficult it will be to stay in compliance with any regulations your business operates under. As issues with data privacy start to be taken seriously by lawmakers, expect more regulations; and additional focus on compliance.
A security and compliance audit is basically the full assessment of your cybersecurity situation. It goes far beyond your average vulnerability scan as it takes into account how your technology is used and provides you with specific criteria that you need to take into account. This profile will go above and beyond your cursory network and infrastructure scan. COMPANYNAME has the certified technicians on staff to comprehensively conduct such an assessment. We can provide you with information on where your business is weakest and what you can do to bump up your network security to stay in compliance and keep your network resources safe.
Go Even Further
Our security and compliance audit can tell you what you need to know, but once you have taken the steps to patch the potential vulnerabilities in your network and infrastructure, you will need to keep it up. We can conduct penetration testing to ensure that the steps you take work to fix the vulnerabilities in your network. This can function as assurance that your business isn’t caught up in two terrible situations: a data breach or fallout from non-compliance.
If you would like to talk to one of our IT professionals about getting a security and compliance audit, or if you would like to talk about how our managed IT services can work to thwart all types of negative situations, give us a call at 651-234-0895 today.
Tip of the Week: Browser Best Practices for Boosted Security
Privacy is a sensitive subject nowadays, especially online. Regardless of the browser you have elected to use, properly using it will have a large impact. Let’s review a few ways that you and your team can help secure your business and its resources and go over these settings.
Promoting Privacy Via Your Browser Settings
Here, we’ve assembled a few best practices that you should keep in mind to help reinforce your browser’s security.
Revise Default Permissions, as Necessary
Before a website is able to access some of your data and peripherals, like your location, your camera, and pop-up windows, it needs to ask you for permission to do so. Too many people set these permissions to on—carte blanche—by default, potentially opening themselves to various attacks and threats.
For instance, by accessing the camera and microphone without informing the user, a cybercriminal could invite themselves to a peek into your personal life, listening and watching for personal moments and data to exploit. Pop-up windows could themselves host threats, and automated downloads could install nasty pieces of malware.
Instead, you should make sure that these permissions are set to Ask before allowing them, while also simply turning these permissions Off when you have no reason to enable them.
Block Third-Party Cookies and Trackers
While websites will often use their own cookies to keep track of users to improve their functionality, there are a lot of other cookies present from third parties that are tracking you as well. By blocking cookies that don’t come from the site you’re browsing and leaving the native ones to operate, you can minimize threats against your business from these sources.
As for trackers, you should be able to switch them off entirely. Trackers have begun to replace cookies as a means of, well, tracking a user’s online behaviors. As a plus, blocking a tracker has a decreased probability of breaking a website, as blocking cookies can at times do. If you cannot block trackers via your browser, you may want to reconsider which browser you are using.
Use Smarter Tools and Utilities to Minimize Your Risks
While different browsers offer different security features, there are certain choices that can help you make the most out of any situation. For instance, you should not sign into any of your accounts on more than one browser. If you’ve decided on Firefox for your Facebook use, only sign into Facebook from Firefox and not from Google Chrome or Microsoft Edge. While you may have disparate Google accounts attached to these services (a company one for work and a personal one for your own use), Google understands that they are all you and will take it upon themselves to merge your activities into their own reference files. You should also avoid using your accounts from Google or Facebook as a form of sign-in, as this will give those companies access to your behaviors on those sites as well.
There are, however, some browser extensions and alternative websites that can help you take back some of your privacy. Some add-ons help to shield your activities from this kind of tracking, while some online services are anonymized and therefore more secure. Identifying the most secure options and committing to them will be crucial to your continued success.
The Internet can be a wonderful resource, but it can also be considerably risky to work with if not prepared. Trust Point North Networks, Inc. and our team to help keep you out of trouble. Give us a call at 651-234-0895 to learn about our many services, including those that can improve your security.
3 Tips to Help You Make Better IT Decisions
Making solid business decisions can sometimes be confusing. Not that you try to make anything other than good decisions, but a lot of business is, and has always been, trial and error; and, you may know this from experience, error happens to be a big part of it. Today, we thought we would discuss what goes into good technology decisions and how many times it comes down to the results.
How to Make Good Technology Decisions
Making the right decisions in regards to your business’ technology has to do with multiple factors, but one sticks out: What do we do? It seems simple enough, but when you are choosing technology you are probably going to run into technical people that don’t speak your language or salespeople who speak your language a little too well. This will confuse the vast majority of people. It’s not as if there is a guide that can help you match the specific technology to your business; you will have to rely on people to help you do that.
Our consultants at Point North Networks, Inc., understand that there is a balance that needs to be considered when advising our clients on how to make the right technology decisions for them. The balance is between cost/complexity and effectiveness at meeting the goals you’ve set out for your business. Here are a few tips that can help you make the right technology decision, regardless of the situation.
Start with Security
Like any highly guarded place, all technology that you add to your infrastructure has to pass through security clearance. You should start every IT decision with the notion that you need to have the tools in place to protect it. If you don’t, any decisions you make probably won’t help as much as they will hurt.
Be Optimistic, but Prepared
Why else would you make strategic IT investments if not to improve your ability to turn a profit? In that regard, any IT investments you plan should be targeted to solve a problem your business currently faces. That’s not enough, however. To ensure any IT purchase you make works for your business, you need to protect it. That’s why we suggest that if you don’t have a dedicated backup and recovery platform in place, you need to prioritize that before you spend another cent on your business’ IT. A backup system that builds data redundancy and has a cloud-hosted option is the best. Our BDR service utilizes both network-attached backup with a device that uploads your backed up data to an offsite data center. This will help you be prepared for any eventuality and will make any IT investment that much stronger.
Work to Build a Knowledge Base
Another consideration that will help you make the best IT investments is to understand what you are getting into before you get into it. By researching solutions to your business problems you will be able to ensure that any IT decisions you do make are made for the right reasons and that you are getting technology that fits into your business plans. The more knowledge you have about the processes you need technology for, the better and more sound your decisions will be.
Technology can solve a lot of today’s most pressing business problems. If you would like to talk to one of our knowledgeable IT professionals about what technology you should be targeting, how to successfully implement it with the technology you already have in place, or if it’s time to retire a piece of technology, give us a call today at 651-234-0895.
How to Prepare Your Team to Fight Phishing
Phishing Lessons to Pass On
While last year saw a significant decrease in its number of data breaches, the number of records that were leaked doubled… and then some. Part of this can likely be attributed to a spike in the use of ransomware, indicating a resurgence in interest of the mean-spirited malware. This means that your business may very well see more ransomware infection attempts coming its way—the only question is, are your team members prepared for them?
To keep your business and its data sufficiently secured, it will be important to teach your team to effectively identify and avoid phishing. One effective way to do it: try and phish them yourself, via a phishing attack simulation.
How Does a Phishing Attack Work?
Let’s go through the basic process of a phishing attack, just as a quick review:
An attacker, posing as someone else, sends their victim a message making some promise or threat that somehow—either through fear or temptation—coerces their contact into reacting to it, usually by following a link or opening an attachment. This methodology allows such schemes to bypass many restrictions set by security protocols and solutions, as the vulnerability it takes advantage of is the human user.
Therefore, when it comes to defending against the phishing attempts that are virtually guaranteed to target your business at some point, your team members need to be prepared. Let’s discuss what you need to teach them, and how to best prepare them to make sure they’ll overcome any they encounter.
Remind Them How Hackers Think
It’s important that your users are cognizant of how clever hackers and scammers can be when it comes to their ruses, and how they often take advantage of current events and information. Many phishing attacks as of late have been themed around COVID-19, pertaining to updates, warnings, and offers of personal protective equipment.
Hackers will try to capitalize on user panic and knee-jerk reactions whenever they possibly can to keep these users from thinking before they act. Therefore, it makes sense to have users look more critically at their incoming messages to evaluate whether a message seems “phishy” or not.
Provide Signs of Problematic Links
A favorite tool of these hackers is that of the spoofed link—basically, a link to one website disguised as a link to another. Others will just use a URL that is different but looks passable enough to slip by unnoticed.
These domains can be tricky. Let’s look at a few red flags to keep an eye out for (in this case, the attacker using Amazon as a disguise):
If the email is from Amazon, a link should lead back to Amazon.com or accounts.amazon.com. If there is anything strange between “Amazon” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like amazon.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:
- com – Safe
- com/activatecard – Safe
- amazon.com – Safe
- amazon.com/retail – Safe
- com.activatecard.net – Suspicious! (notice the dot immediately after Amazon’s domain name)
- com.activatecard.net/secure – Suspicious!
- com/activatecard/tinyurl.com/retail – Suspicious! Don’t trust dots after the domain!
Some of these things can be challenging to spot, so you and your users need to be extra careful about checking (and double-checking) links.
Give Safe Links to Use
Even better, you could provide your team members with the links they are expected to use when being directed to certain places by their clients, rather than using the links potentially given in an email. These trusted links can be a real lifesaver, particularly when it becomes apparent that an email was an attack that a trusted link has helped your team to avoid.
Enforce Password Practices and Processes
The security of your team’s collective password policies is important for you to address, as these passwords are often the keys to the castle that cybercriminals are phishing for. Therefore, you need to ensure that your team is not only using best practices but are also handling these passwords appropriately, using tools like two-factor authentication wherever applicable and being generally cautious.
Evaluating Their Preparedness
Finally, once you’ve taught them the signs and precautions, you need to make sure that you check their proficiency in following through. To do this, a phishing test is in order.
A phishing test is simply a phishing attack you run against your own business to help identify where your weaknesses are. By showing you which team members are susceptible to an attack, you can correct the vulnerability through training and other assistance.
What Makes a Successful Phishing Test?
To effectively run a phishing test, you should not inform your team that one is incoming. To do so would defeat the purpose of the evaluation. If you do, make sure you keep it vague and never specify when they should expect it. That way, you can avoid skewing your results.
However, you also need to keep basic ethics in mind. Being shady will not help your security. You want to communicate trust with your team, and hope it is reciprocated.
As for your other security needs, lean on Point North Networks, Inc. for assistance. Give us a call at 651-234-0895 to learn more.
Microsoft OneDrive for Business
Secure File Storage in the Cloud
Cloud-based file storage is nothing new, but it has become an important part of cloud service delivery. The world’s most trusted name in consumer and business software, Microsoft, offers a file storage platform, OneDrive for Business, that gives each individual employee using Microsoft Office 365 individual storage for their files.
Point North Networks, Inc. is known for proactive IT management, but what you may not realize is that we are also a one-stop shop for all of your hardware, software, cloud, and support needs. We proudly offer Microsoft products, including OneDrive for Business and Office 365, as we believe that businesses should have access to the very best resources.
About OneDrive for Business
A Strong Cloud-Storage Option with Powerful Integrations
OneDrive for Business may be a separate product than OneDrive, but it functions exactly the same on the surface. The benefit is in the integration that provides enterprise features not found on the free-to-use OneDrive platform. OneDrive for Business is an excellent collaboration tool for business users, providing them the storage and file sharing element necessary to give Office 365 value as a productivity tool.
OneDrive for Business Features
Huge Benefits from Using OneDrive for Business
Microsoft has been developing an enterprise-grade, cloud-hosted file sharing platform for much of the past two decades, and with OneDrive for Business, they’ve succeeded. In fact, OneDrive for Business is constantly adding features to make it as useful as possible for today’s business professional. Some of its features include:
- Plenty of space – OneDrive for Business, even as a stand-alone platform, offers users 1 TB of cloud storage, and the ability to store files as big as 15 GB. This provides users with enough space to store most types of files.
- Office 365 integration – Most OneDrive for Business accounts will be tied to a Microsoft 365 Business account. It provides dedicated cloud storage to store all the files that are made using productivity and collaboration apps like Word, Excel, PowerPoint, SharePoint, Teams, and Outlook.
- Promotes collaboration – By providing a place to quickly store and manage data, it promotes the use of Microsoft applications, which are some of the best on the market for team collaboration.
- Easily share files and manage their security – OneDrive for Business allows users to control levels of file security. Users can share direct access to a file or simply give other users permissions to view files. This integrated security promotes comprehensive project management and collaboration.
- Mobility and flexibility – OneDrive for Business is available on any device either through an Internet browser or via mobile apps. It doesn’t matter if you are using a smartphone, tablet, Mac, or a PC, if you need access, all you need is an Internet connection.
- Teams and SharePoint Integration – Users can share files with two of the most dynamic project management titles on the market today.
- Support for versioning and data backup – Files that are saved from Office apps in the OneDrive for Business platform all support versioning capability, where files are backed up so that users can go back and see periodic edits to the file.
- File sync – When working on a Mac or PC, users can choose to sync OneDrive to the file system of the OS. This is now a default setting in Windows 10.
With all these options, and more, OneDrive for Business is right for any organization looking to utilize cloud-based storage to fuel gains in collaboration and productivity.
If you are looking to make a jump to the cloud, OneDrive for Business is a sound option. Point North Networks Inc.’s consultants have access to attractive packages that are designed to promote business growth while maintaining the security you expect. Call us today at 651-234-0895 for more information.
