Top Security Breaches of 2018

Some of the biggest companies in the world were hit by some of the biggest cyber security breaches in 2018. Of the 24 largest breaches of all time on the USA Today list, three of the top 10 occurred last year – Marriott, Under Armour and Quora.

But it’s not just the digital novices who are vulnerable. Cyber breaches were also a problem for tech-giants, like Google, Facebook and Twitter last year. If Google isn’t safe, what chance do small and medium-size business have of keeping their digital infrastructure secure?

A snapshot of the digital security landscape, afforded by a peek at some of the biggest breaches of last year, can at least give us an idea of what private business owners could be up against. That broad look should also provide the ammunition to assess what solutions need to be applied.

The Breaches

  1. Marriott: 500 million customers
    • What was stolen: names, addresses, email addresses, phone numbers, dates of birth, passport numbers, credit card and additional personal information
    • What happened: Reports of the breach alleged the company was hacked by foreign intelligence operatives. The vulnerability came via Marriott’s Starwood booking system, which the company purchased in 2016. Investigation revealed that the Starwood system was compromised since 2014.
  2. Under Armour (MyFitnessPal): 150 million customers
    • What was stolen: names, email addresses, encrypted passwords
    • What happened: The company discovered unauthorized third-party access to some of its customer data, but reported that its security measures kept the intruders from more sensitive information, such as GPS location, eating habits, credit card and Social Security numbers.                                                                     
  3. Google Plus: 52.5 million customers
    • What was stolen: names, email addresses, dates of birth, personal Google + session information
    • What happened: A security audit discovered that outside app developers could have had access to personal information of Google Plus users b/w 2015 and 2018. The company announced a breach affecting 500 thousand users in October (the breach occurred several months earlier). In December, Google revealed a second, bigger breach of 52.5 million users. Google is ending the Google Plus platform, and the breaches have helped to expedite its demise.
  4. Panera Bread: 37 million customers
    • What was stolen: names, addresses, email addresses, dates of birth and last four digits of customer credit cards
    • What happened: Panera was tipped to a database leak in August of 2017, but ignored warnings of security experts. The company failed to take action for eight months.

What Does This Tell Us?

It’s not every day that you’ll find yourself the target of government-sponsored hackers. Or is it? Reports have circulated for years about foreign hacking of corporate, government and infrastructure targets in the US.

Putting aside the fact that Marriott was potentially the target of international espionage, the company acknowledged a sub-optimal investment in cyber security. While internal security protocols did signal an unauthorized access to the system, they were not sufficient enough to detect the vulnerability during the acquisition of the system two years earlier. Marriott has since hired a new chief information security officer and began reporting on cyber risks to the company board.

Marriott, like Under Armour, was at least partially positioned to withstand cyber attacks. Both companies responded by studying their vulnerabilities and applying fixes in short order. Notably, they went to outside experts who could provide an honest, objective assessment of threats and recommend the right fix.

Google decided to keep the initial breach in-house – because they’re Google – and was burned by another, much bigger breach less than 10 months later.

Panera, on the other hand, mishandled everything – from the initial vulnerability, to the flagging of the issue by an outside security researcher. Eight months passed between when Panera was notified to when a fix was applied. And in the process, the company ignored a credible tip and efforts of an informed individual trying to help.

Hubris and presumptive arrogance on one end… insufficient deployment of security resources on the other. Despite the size of these companies, when it comes to cyber security, the execs of international corporations face the same type of problems and decision-making concerns as small business owners.

So, What Can Business Owners Do?

Well, the first thing to do is to acknowledge that cyber security is not your area of expertise. Guard against that hubris and arrogance by staying humble in your attempts to address this need. It’s ok to acknowledge that you’ll need the help of a trusted cyber security expert.

That said, the scale of the threats you’ll face is probably different than that of Marriott and Google. It’s unlikely you’ll face government-sponsored espionage. Small and medium-sized business are more likely to fall victim to ransomware attacks. As such, you’ll need backup and firewall services tailored to exploits favored by ransomware attackers.

At Beacon, we lean on the SonicWall Capture Advanced Threat Protection service to keep our clients free from ransonware and subsequent critical failures. The SonicWall platform is designed to discover and defeat zero-day (brand new) threats, and is set up to provide automated remediation – meaning you don’t have to lift a finger.

Beacon Knows IT Security

If you’re ready to take your IT security to the level it needs to be, give BITS a call. We’ll be happy to talk through the needs of your business.

By | 2019-03-19T11:57:50+00:00 February 26th, 2019|IT Services|

Employee Security Training: Your IT New Year Resolution

Happy New Year! What are you looking to do better in 2019?

The turn of the calendar tends to bring with it thoughts of personal growth and improvement.  But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.

So, let’s restate the above question: What are you looking to do better for your business in 2019?

If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.

The Case for Initiating Security Training for Your Employees

It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).

In most cases, though, you really can’t blame the rank-and-file. Think about this:

  • 65% of companies have over 500 employees who are never prompted to change their passwords
  • 52% of business leaders don’t know what to do if cyber security is breached
  • 45% of employees don’t receive cyber security training at all
  • Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
  • 91% of cyber attacks begin with a phishing email

What are these statistics telling us? First, that workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats, and often has no plan of action.

Let’s take a look at a few more statistics:

  • cyber crime is expected to cause $6 trillion in damages by 2021
  • 61% of breach victims in 2017 were companies with less than 1,000 employees
  • average cost of malware attack is $2.4 million

If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.

What Does Security Training Entail?

Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.

As such, the first part of training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.

The test serves two purposes. First, it exposes people to real life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.

Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.

The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.

At the end of training, be sure to remind your team of how valuable their contributions to network security are.

Beacon Knows Security Training

Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.

By | 2019-03-19T11:58:00+00:00 January 28th, 2019|Computer Related, BITS News, IT Services|

Why Cheap Threat Protection Isn’t Saving You Money

Today’s digital landscape is fraught with security pitfalls. In the pioneer days of the internet, hackers mostly went after digital conquests to gain notoriety or for the thrill of getting past the most advanced security setups of that early digital period. In 2018, however, that hacker mentality has long been replaced by a different ethos.

Cyber criminals now are less likely to take pleasure in simply penetrating your digital security perimeter and taking a look around. If your organization suffers a breach, the consequences are much more dire.

Whether you work for a large, multinational corporation, or run a small business, once a security vulnerability is exploited on your network, all of your data, operations and business processes are at risk for exploitation — be it out-right theft, blackmail, sabotage, etc.

There are some stark numbers out there when it comes to cyber security:

  • 61% of organizations worldwide have been impacted by ransomware
  • 1 in 6 businesses lose more than 25 man hours following a security breach
  • 6 out of 10 small businesses that suffer a cyber attack close their doors within 6 months

Here are a couple more startling statistics: 65% of consumers lose trust in an organization following a security breach, and 31% cut off their relationship with the brand entirely.

Despite the growth in the sophistication and complexity of cyber exploits, and the threat to consumers, many organizations still operate under a “if it ain’t broke…” mentality. If they haven’t been hit with an attack recently, many are happy to roll with the same cyber security protocols they’ve been using for years.

Some may rely on security features embedded in their preferred browsers — Windows Defender, for example — or place their trust in the security features of trusted applications, like WordPress.

To be sure, the less-is-more approach does not work for cyber security. In fact, it’s a good way to lose your customers.

Windows Defender

Microsoft, like a number of other providers, offers a complimentary anti-virus, security software. The free Windows Defender is billed as “comprehensive, built-in and ongoing security protection.” However, Microsoft supplements the free version with the more robust Windows Defender Advanced Threat Protection (ATP) that consumers have to pay for.

On its own, Windows Defender can stop most viruses and digital threats (it does have to be updated fairly regularly). However, ATP offers “a unified platform for preventative protection, post-breach detection, automated investigation, and response.”

The advanced version of the software speaks to a more sophisticated threat landscape and the need for strategic planning and professional protection.

WordPress Vulnerabilities

Many businesses turn to the WordPress platform to build and host their websites — one of the draws being affordability. Of course, the site provides security for their customers, including encryption, firewalls, security monitoring and data backup and recovery. WP also has a team of cyber security professionals on staff “to address potential security risks.”

Nonetheless, the site acknowledges that no means of data exchange is perfectly safe, and that it “can’t guarantee absolute security of your site.”

Indeed, security of WordPress sites is a muchdiscussed topic — both because nearly 25% of websites run on the open-source platform and due to the prevalence of attacks. In fact, some of the vulnerability of WP is due to its popularity. While the WP security team does all it can to protect users, users themselves (especially those not well-versed in cyber security protocols) are security vulnerabilities as they can (sometimes easily) be targeted for exploitation. A good chunk of WP vulnerabilities are exploited through third-party plug-ins and themes that customers download themselves, a consequence of open-source coding.

For this reason, Beacon offers SITEXPRESS, our own, closed-source website platform.

BITS: Professional Approach to Data Security

It is certainly possible to create and execute an in-house digital threat prevention program on your own. However, if you are short on time, staff, or the required level of expertise, it’s best to trust your data security to a dedicated and professional team. For guidance on your threat prevention efforts, give the experts at BITS a call at 336.365.7703.

 

By | 2018-09-25T04:57:59+00:00 September 24th, 2018|IT Services|

Managed IT Services

Disaster Response Time

If you’ve ever been in the unfavorable position of seeing your business IT infrastructure compromised, you understand the necessity of an expedient response from your IT vendor. If you haven’t, thank goodness. Unfortunately, the rise in the number of successful web-based attacks increases the odds of you facing this situation sometime in the future.

Successful businesses protect themselves against known risks. So, how do you best prepare for the eventuality of your company network being attacked? Another way to ask this questions is: What are the elements of a good disaster preparedness plan that ensure the fastest response time?

At Beacon, we hang our hat on two essential elements when working with clients to secure their IT infrastructure: experienced live technicians, and a properly-configured remote tool kit.

Live Technicians Make All the Difference

It’s natural and easy to become reliant on technology. Humans have done this at every stage of our evolution. An appropriate present day example is the societal discussion taking place around automation. It’s true – robots and artificial intelligence may very well be the components that someday revolutionize the workplace.

But, even the smartest tech leaders of the most forward-looking companies are re-learning the value of human capital. As Elon Musk, the CEO of the upstart carmaker Tesla, recently acknowledged, there is such a thing as over-automation. It turns out that the key to ramping up the production of Tesla’s highly-anticipated Model 3 is not more robots, but more people.

We’ve always placed a high value on highly personal customer service. In fact, the calling card of Beacon’s IT services is the ability of clients to receive live assistance immediately.

If you’re faced with a cyber attack that took down your network, you don’t want to be reduced to leaving voice mails to your IT vendor. Or worse, relying on a corrupted or compromised network to figure out what’s what. You want to be speaking with a real expert right away, not three hours from now. It is this step that’s going to be the difference between restoring your network in minutes, rather than days.

Remote Tools Help Your Network Recover Quickly

Hopefully, your firewall solution is good enough to keep out any unsavory characters. But, if we’ve learned anything about IT security in the last few years, it’s that breaches can – and do – happen despite the most robust security setups.

If your defenses have been penetrated, what helps you get your systems back online the fastest is a responsive data backup system (that you had the foresight to install prior to the attack). There are two setups that yield the best results: local virtualization and cloud backup. Both can get you back online within hours, if not minutes.

Local virtualization relies upon an on-site device that’s connected to your network. In case of a breach, the device is automatically quarantined. It is then used to restore access to your data by transferring the data to a “clean” server, or by acting as a server itself.

The second method is similar to the first. The difference is in the way the backed up data is stored and accessed. In local virtualization, the backup data can be accessed locally, on the backup device.

With the cloud backup, your data is sent to the cloud at selected time intervals – could be as often as once an hour. The task can be scheduled for non-business hours or overnight, so it does not interrupt normal business operations. If the need arises, you can access the saved data from a cloud portal – a secure, dedicated web page. In this manner, you’re able to restore individual files; or, in a disaster recovery scenario, activate servers in the cloud to replicate the compromised servers on site. In some scenarios, cloud servers can even be set up to mimic the function of your on-site servers, allowing authorized users to access the data the way they normally would.

Is Your Network Protected From Today Exploits? 

If you’re not sure, give BITS a call at 336.546.6660. We’ll be happy to talk to you about your IT security concerns. Our team is experienced in crafting customized solutions for the most stringent requirements.

By | 2018-05-15T11:49:08+00:00 May 15th, 2018|BITS Team, IT Services|

Lessons in Cyber Security & Threat Prevention

Atlanta Ransomware Attack

The ransomware attack that took hostage a number of vital computer systems in Atlanta last month wreaked havoc on residents and sent the city’s administration scrambling. What can we learn from the situation?

Considering that city officials were aware as early as last summer that “severe and critical vulnerabilities” existed within the municipality’s computer network, the biggest takeaway is: DON’T WAIT to shore up your cyber security.

We’re not in the business of beating dead horses. And, surely, Atlanta officials have their hands full orchestrating the recovery from the attack and trying to return vital operations back to normal. Nonetheless, the fact that a 2017 internal city audit revealed an utter lack of preparedness to manage any sort of cyber threat should not go unmentioned.

What that means is the March 22 attack wasn’t a technology problem. As with most hacking efforts, it’s not the code that sinks you – it’s the human element that’s exploited for criminal gain. In this case, the human element was the inability of city administrators to respond to known threats. Not only was the city not equipped to handle an attack on its networks, it also didn’t have a proper response plan ready.

The number of ransomware attacks spiked sharply in the last year. So, if you don’t have an updated plan for your organization’s network security, you may very well be the next target of SamSam – the group responsible for the Atlanta situation – or another criminal outfit.

The good news is that there’s an army of cyber security professionals who are very skilled at crafting customized solutions. We, at Beacon, have been good at it for quite a while.

Protection Through Prevention

The best way to avoid a ransomware attack is to make sure that your network has a sufficiently strong firewall in place. A firewall identifies incoming web traffic and filters any suspicious or unapproved activity. The effectiveness of any firewall depends on how well it is configured. Typically, large networks require complex firewall configurations and a team of IT specialists for maintenance and monitoring.

Firewalls are great at protecting against known threats. However, new hacking techniques are developed every day. To defend against these zero-day exploits and other sophisticated attacks, IT pros deploy advanced automated audits that boot the threat off the targeted network. About 80% of current Beacon clients rely on this type of advanced protection. And, ideally, that number would be 100%.

Of course, even the most well-designed security setups can be breached. Criminal hackers know that people are the weakest link in network security and design attacks to take advantage of unwitting networks users. (There’s that human element again.) However, the odds of such attacks succeeding are low if your organization takes security awareness training seriously. Security seminars should be made available to every person on staff, and be repeated at least once every three years.

Recovery: It’s Good to Have a Back-Up Plan

Let’s be honest – sometimes hackers succeed even when you’ve done everything right. If that happens, you don’t want to find yourself in the same position as the folks in Atlanta. Backing up your network will protect you in case of a catastrophe.

While the concept is simple, data backup is actually a fairly complex process that takes considerable forethought. You’ll need to decide how often your network needs to be backed up (hourly, daily, weekly, etc). You’ll also have to examine how long your organization can go without access to your data.

A busy medical center, for example, would need to have its data backed up hourly to capture changing patient statuses, doctor’s orders, prescriptions, etc. With lives at stake, it would also be imperative to restore access to that data as quickly as possible.

Organizations that don’t deal with life and death issues would probably have less stringent requirements for their data protection plan.

We’re Here to Help

Have questions about your company’s cyber security? Give BITS a call at 336.546.6660, and we’ll be happy to talk to you about your concerns and data protection needs.

By | 2018-04-12T11:22:11+00:00 April 12th, 2018|IT Services|

What to do if Your Business is Victimized by Ransomware

Your computer is acting funny. You can’t access certain files. Then, you receive a pop-up message. You read the message only to learn that your data has been encrypted and you no longer have access to it – UNLESS you send a large wad of cash to the hijacker in unmarked bit-bills.

Unfortunately, bitcoin payments don’t arrive with dye packs that blow up on delivery. So, how do you get access to your data? What do you do when your business has been attacked by a hacker with ill intent?

Step One: Don’t panic.

First and foremost, remove the infected computer from your network.

Before complying with any demands, you may wish to verify the existence of malware. Hackers have been known to create threats that aren’t really there, all for the express purpose of extorting money from you. The hope is that you never actually check to verify that a threat really exists. Hackers rely on you to panic and pay the fee without thinking. So, take a deep breath and…

Step Two: Run an anti-malware scanner to check for an infection.

Reboot your computer and run it in safe mode. This will enable you to run your anti-malware software. If the ransomware is fairly innocuous, your anti-malware software will be able to remove it. Once you know that’s the case, there’s no harm and no reason to pay the hacker. Then, your next step is to…

Step Three: Develop a prevention strategy so that you won’t have to go through this again.

Call the IT experts at Beacon and we’ll check your network for other vulnerabilities. We’ll copy your hard drive, desk top files and applications and install a backup system that protects you from future malware attacks.

If you’re unable to remove the insurgent threat, you should attempt to….

Step Four: Identify the ransomware.

If the anti-malware application will not remove the threat, your next step is to identify the ransomware. You can do this through ID Ransomware. Upload the ransom note, forward a file that cannot be opened or simply input an email address from your network. This free website can often identify the ransomware that has encrypted your data.

If ID Ransomware fails to identify the ransomware type, there are decryption tools that may be able to help you unlock your files. There are decrypters available to combat ransomware such as Locky, HydraCrypt, CryptoLocker, and Petya. You’ll be taking a shot in the dark so to speak, but if you hit on the right one, you’ll be able to unlock your files.

If not, we suggest that you…

Step Five: Go Back to Step Three and Call Beacon

By now, you may have decided to pay the ransom. While we don’t recommend doing so, only you know what this ordeal is costing you in lost revenue and/or reputation. If circumstances dictate it, one cannot be blamed for protecting one’s customers by paying the ransom. However, the IT team at Beacon can put the kind of prevention plan in place that best fits your need and budget, protects you and your customers and prevents the same kind of mishap from every happening again.

Get a free assessment of your network. Contact me directly or speak with a member of our IT team at 336-447-3379. We’ll make sure you’ve got the necessary system in place to protect you from ransomware threats so that you can focus on your core business.

By | 2018-03-13T06:50:05+00:00 March 12th, 2018|IT Services|

North Carolina Experiences Huge Jump in Data Breach in 2017

To say that 2017 was a bad year for cyber security is an understatement. Security breaches were national news this year, with vulnerabilities at Equifax and Uber leading the evening news. And North Carolina businesses were not immune to the problem.

In North Carolina, the Theft Protection Act of 2005 requires that businesses report any known data breach to the Attorney General’s office through this form. Hopefully, you won’t have to use it. However, the state received 1,022 of these reports in 2017. That’s a 3,500% jump in reports from the time of the law’s inception.

According to Attorney General Josh Stein, over half of the breaches are caused by hackers. 47 states are in the process of seeking legal remedy from Equifax, North Carolina among them. They’re suing Uber, too.

Raleigh is Getting Tough with Data Breach

If this is a sign that Raleigh is getting aggressive with its enforcement of information protection (not at all a bad thing), then there are now two extremely good reasons to audit your current network security NOW. Firstly, your business depends on the trust your customers have in you to keep their information secure. Secondly, if you drop the ball, someone from Raleigh is willing and able to run with it – all the way to the courthouse.

Stein strongly suggested that business owners have their network systems analyzed by a reputable IT consultant to identify possible vulnerabilities. With the sky-rocketing rate of data breaches in North Carolina, it’s simply good business to get out ahead of any possible issues.

Do you have any questions about your business and your cyber security? Is there anything you’d like to share about cyber security with other North Carolina businesses? Comment below or feel free to drop me a line regarding your concerns. At Beacon, we have an experienced, expert team of IT consultants ready and able to help you identify any vulnerabilities before they become major headaches.

By | 2018-02-19T08:20:14+00:00 February 6th, 2018|BITS News|

What can we learn about cyber-security from Equifax?

If you haven’t heard the particulars on the Equifax debacle, let me fill you in. There is a lesson to be learned for every business or institution possessing sensitive information.

You may remember that the credit agency had a very serious hack in May or June of 2017. This hack affected over 143 million Americans and was first discovered by Equifax on July 29. It was early September before the company revealed this data breach, one of the worst ever, to its customers.

Here’s where things get really phishy (sorry, couldn’t resist the pun).

Equifax created equifaxsecurity2017.com, a website designed to address customer questions and concerns over the breach. Nick Sweeting, a software engineer, quickly saw a flaw and exploited it. He created an imitation site that looked nearly identical sans one detail (which we’ll get to in a little bit). This was easily accomplished with the help of a Linux command that enables one to download the contents and copy a website.

Wait. It gets much worse. Posts from Equifax’s twitter account directed people to Sweeting’s version of the site instead of the real one. The look of the site was nearly identical to that of the Equifax page with an identical prompt to enroll for complementary protection.

Fortunately, Sweeting’s page included one addition, a headline pointing out that Equifax used a domain that was easily impersonated. Eventually, the site was blacklisted. However, there were reportedly over 200,000 hits to the fake Equifax landing page before this action was taken.

Where Did Equifax’s Cyber Security Measures Go So Wrong?

The sad truth is that Equifax made a beginner’s mistake. When Equifax created their website, they did not use a sub domain but rather an entirely different URl. This makes their website very easy to impersonate. Only Equifax has access to an equifax.com subdomain. Had they used a subdomain such as security.equifax.com for example, visitors would have easily been able to determine the legitimacy of the web address.

The fact that his could happen to a credit agency is amazing, given the current cyber security threats and trends. You see, this wasn’t only a case of lax cyber security protocol. It’s readily apparent that one part of the organization had no idea what the other part was doing. This sort of thing happens every day in small companies as well as large businesses such as Equifax. If no one entity is responsible for all facets of your internet presence, it opens up additional opportunities for exploitation.

Why Use a Multi-Disciplined IT Firm?

At Beacon, we take your security seriously. But it’s not only what we do. Professionals in IT, web design, social media and digital marketing come together to ensure your site’s safe so you can build your online business. When a single team oversees all of your online activity, one hand knows what the other is doing. These kinds of mistakes simply don’t happen.

Get a free website security assessment or contact us at 336.447.3473 with any questions regarding your businesses’ cyber security needs. I’d like to help you avoid the kind of mistakes that can take down an otherwise sound business such as Equifax.

By | 2018-05-01T10:53:51+00:00 October 12th, 2017|BITS News|

Do Your Employees Hide Cybersecurity Incidents?

While advanced hackers may use malware, they often start by attempting to exploit the easiest point of entry. This typically includes phishing emails similar to the Google Docs email link that had Google on its toes recently.

If your employees leave events such as this unreported, the consequences could be devastating to your cybersecurity. With that in mind, let’s discuss some things you can do to mitigate your company’s exposure. From office culture to properly managed hosting, there are steps you can take to prevent a cybersecurity meltdown.

Is this problem unique to small business?

In fact, businesses of all sizes experience vulnerability from within. A recent report indicates that while roughly 40% of employees working with medium size companies hide incidents, the percentage drops significantly with companies of under 50 employees. This makes a great deal of sense. Here’s why.

Office culture plays a significant role in incident disclosure.

A smaller staff generally means a more easily controlled office culture. There are fewer people to educate or inform. This becomes evident when one looks at businesses of less than 50 employees. Here, the incident rate drops to roughly 30%.

The message one conveys to office staff is of paramount importance. It should be one of education, not punishment. Ask yourself why employees hide a potential breach. The answer is simple. Fear. If an employee is threatened with termination for such a mistake, it is clearly in their best interests to sweep it under the rug.

To summarize, take an educational approach to your cybersecurity office culture. Emphasize responsibility while reducing fear of punitive consequences. You’ll be amazed at the difference it makes.

Take reasonable security measures.

Start with basic password protection. Require that users re-log in after periods of inactivity. Restrict use of the office network for business. File sharing of a personal nature or access to inappropriate content begs for a security breach. When working remotely, employees should be working through a company VPN requiring a robust password.

Make sure your security software is up to date.

Set up appropriate firewalls and make sure that your IT department or hosting partner has an intrusion detection and monitoring system in place. Make sure that they are staying on top of anti-virus updates and installing patches accordingly.

Questions about your company’s cybersecurity?

If cybersecurity is an issue you’re giving thought to, give the folks at Beacon a ring. Call one of our team members at 336.447.3473 or send me an email. Better yet, take our FREE network assessment and let us help you understand your current state of vulnerability and what you can do about it.

By | 2017-08-31T11:45:18+00:00 September 6th, 2017|IT Services|