Category: IT Security

As more digital technologies are released into the mainstream, it is becoming increasingly complex to do business, and more specifically to manage the data that new technologies generate. In the security realm, it is no longer a case of safeguarding your physical premises and assets; you need to ensure your digital assets are secure too.

The threats to your data are real. According to the latest data breach statistics, 3543 data records are lost and stolen every minute. For businesses that collect and store personal data from their customers, there are even more risks to consider. Data such as social security numbers, credit card details and bank account information can prove invaluable to criminals, and they will stop at nothing to get their hands on this information. If they succeed in their mission, your customers could bring about liability proceedings, putting your reputation and your business in serious jeopardy.

Protecting It All With Data Breach Insurance

Data breach insurance, otherwise known as cyber liability insurance, is designed to protect against data security risks and the damage that can be associated with them, be it to your finances or your stature. Your level of cover will depend on the policy you have in place, but most products offer identity protection solutions, legal fees, public relations solutions and liability. If your business ever falls victim to a data breach, it is vital that you restore the public’s confidence as quickly as possible. Data breach insurance helps you to do that.

What Types of Data Breach Insurance Are Available?

Cyber risks usually fall into two categories; first-party exposure and third party exposure. First party exposure covers those risks that affect a business first-hand, while third-party exposure covers risks that could affect the data of third parties such as customers, clients or employees.

First party exposure insurance can protect against the following:

  • Loss or damage to digital assets – this includes the loss or damage of software or data.
  • Non-physical business interruption – if your business network suffers any interruption or service failure, this insurance will cover associated expenses incurred while investigating the interruption.
  • Cyber extortion – if your organization falls victim to cyber extortion, where you receive threats from criminals to steal or damage data or restrict your network, your insurance company will handle the demand. This may involve payment of the extortion monies or criminal proceedings that bring the perpetrators to justice.
  • Reputational damage – this level of insurance helps to protect you from damage to your reputation following a reported data protection breach. Depending on the level of cover, your organization could be paid for loss of income, loss of customers and the cost of PR exercises to repair your reputation.

Third-party exposure insurance typically protects against the following:

  • Security and privacy liability – if a data security breach results in the theft or loss of third-party data, either client or customer, this insurance will cover defense and investigation costs as well as any civil damages you incur.
  • Privacy regulation defense – if your organization is investigated by a regulator following any data breach, this insurance will cover your defense and investigation costs in addition to any fines where applicable.
  • Customer care expenses – if you have a regulatory requirement to notify third parties about any data breach, this can often run into millions of dollars. This insurance will cover your notification expenses subject to the limit on your policy.

Don’t Leave Your Business or Your Data Exposed

Data breach insurance is designed to protect your data as well as privacy and network exposures. Whether it is a sensitive customer, employee or client data, there are increasing requirements for this data to be secure. By investing in comprehensive data breach insurance that is tailored to your business you can go on protecting what matters and give your customers total peace of mind.

In preparation for Cyber Monday, cyber villains have crafted a virtual onslaught of social engineering scams, and malicious, spoofed websites in order to dupe the droves of people expected to spend nearly $4 billion online this year.

It’s important to know the warning signs. Here’s your guide to safe online shopping on Cyber Monday and beyond.

1. Go directly to a store’s website instead of using search engines to look for deals.

2. Close ALL pop-ups and other digital ads–do not even acknowledge them.
Many pop-ups could contain fake coupons and redirect you to malicious sites.

3. Watch out for social media scams, especially on Facebook.
Cybercriminals are using fake or compromised Facebook accounts in order to post links to deals that don’t actually exist.

4. Do NOT open any Cyber Monday emails with attachments.
Emails with attachments, especially zip files, are likely to contain malware.

5. Make sure you’re on a secure connection.
Look for the padlock icon to the left of the URL in your web browser when you go to check out.

6. Do not use debit cards to shop online.
Cybercriminals will have direct access to your bank account when using a debit card. Using a credit card instead gives you the protection of the bank’s fraud program.

7. Avoid using public wifi to shop.
Try to avoid using coffee shops’ or restaurants’ wireless Internet connection as they may be monitored by cybercriminals looking for easy access to a poorly protected computer. Use personal hot-spots or your protected home or office connections instead.

8. Watch out for malicious QR codes.
QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to phishing or malware sites.

9. Don’t give up any extra personal information.
If a site starts asking for out-of-the-ordinary personal data, like Social Security numbers or password security questions, go no further and end the session.

10. Tighten up security before you shop on Cyber Monday.
Make sure all software on your computer is up-to-date, including your OS, browser, and other apps. Most importantly, your anti-virus and anti-malware software.

We would like to take this opportunity to wish you and your family a safe and happy Thanksgiving!

We live in a practically wireless world today. In fact, there is a very high chance you are reading this article over a wireless connection right now. Our dependency on wireless technology is certain, but how can we enhance the way we access data, secure our connections and ensure that we are getting the best that wireless has to offer?

Wireless Security 101

Most people access data and internet services over wireless connections without really thinking about it. It’s convenient, fast and connects you to all the services you’ve grown to rely on. However, this convenience can cause complacency and that is when you can be at your most vulnerable.

For example, if you are using an open wireless network with no password security you could be leaving your personal data wide open to being intercepted and stolen. That includes your banking details, your email credentials and your social media passwords. In the wrong hands this data could end up costing you dearly. Identity fraud is on the rise and costs U.S. consumers millions of dollars every year.

Today’s wireless networks typically offer 5 major levels of security:

Type Security Length of Password
Open None – Never Recommended N/A
WEP Basic – Not Recommended 10 to 26 characters
WPA Good – Works well for older devices 8 to 63 characters
WPA2 Better – High level of security 8 to 63 characters
WPA/WPA2 Mixed-Mode Dynamic – Only as good as weakest link 8 to 63 characters

Steer Clear of Open and WEP

You’ll often find open networks freely available in internet cafes and fast food restaurants. However, because open wireless networks use no password security, it makes sense to avoid these networks at all costs. Exchanging secure or personal data over these networks can result in your passwords being cracked and stolen, and your data compromised. While WEP networks offer very basic security, it only takes hackers mere moments to "guess" your password using password cracking software.

Protect Your Connection With WPA and WPA2

Whether you are setting up a wireless router at work or home, or accessing a network on the move, it is always recommended that you configure or choose a network that is using WPA or WPA2 security. However, while these technologies offer more robust security there are still a couple of vulnerabilities you should be aware of.

Both WPA and WPA2 networks require password authentication before access is granted. However, the security on these networks is only ever as robust as the password used to control entry. While a strong password that contains 20 characters and is made up of letters, numbers and symbols would be practically impossible to crack, it is human nature to choose a password that is easier to remember. Unfortunately, passwords that are easily remembered are also easy to crack, especially if they use words you can find in the dictionary.

How to Further Secure Your Network

There are still a number of ways you can secure your wireless network. A hidden SSID and MAC address filter will mean users must not only know the name of the network they are connecting to, but they must also be accessing the network using a device whose MAC address has been included in the filter. Add to this a robust password and you have a very secure wireless network. You could also create a separate guest network that segregates guest traffic from the rest of the network and any classified or sensitive data that could be vulnerable.

On Friday and over the weekend, a major piece of malware infected hundreds of thousands of computers, taking down everything from businesses to the U.K.’s National Health Service. The malware was called WannaCry 2.0.

Ransomware is malicious software that burrows into your computer and encrypts the files on your machine, keeping you from being able to access them. The malware’s creator then asks that you to pay a fee to unlock your data. WannaCry 2.0 uses a vulnerability in Microsoft’s (MSFT) Windows operating system to attack users’ computers.

The first wave of the WannaCry 2.0 attacks seems to have passed. But chances some hacker will repurpose the malware and send it back into the wild again. There has been some talk that the next wave could specifically target businesses, both large and small, in the United States.

Ransomware doesn’t just appear on your computer. It has to be downloaded. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that. This typically happens by opening and clicking on links or attachments in an infected email.

That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages. For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

It’s not just email, though. An attack known as a drive-by can affect you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware.

How to protect yourself:

Software and OS Updates

The very best way to protect yourself from these types of attacks is to constantly update your operating system’s software and apps like Microsoft Office and Adobe Flash Player. For businesses, there are patch management systems that can monitor all of your business computers for outdated versions, automatically download the updates needed and then push them out from a central repository. No business owner has the time to constantly stay on top of the amount of updates needed to truly be protected. A software system designed to do this heavy lifting for you is the way to go.

Data backups

Always maintain and test a reliable system to back up your files. You can either do that by backing them up to an offsite data backup service or by backing up to a near line storage or external drive. Some ransomware can infect your backups however so you will want to choose a business option rather relying on a Google Drive or other “retail” level system. If you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished.

Anti-virus software and Internet content filtering

An up-to-date and properly licensed anti-virus software will help prevent malware from becoming present on your machines. Internet content filtering will help block websites that are potential problems in the first place thereby lowering your chances of accidentally visiting one of these sites to begin with.

Find out just where you are with your technology

Technology should never be considered a “set it and forget it” part of your business. It takes constant tweaking, monitoring and maintenance to make your system reliable. You should strongly consider having a formal IT Security Assessment performed on your system no matter how large for small your business is as these formal scans can give you an excellent chance to find out just where you have vulnerabilities.

We can assist you with any of the above protection measures mentioned above. It is far less costly to be proactive than it is to be reactive. NOW is the time to find out, not later or…….after!

information_technology_securityMany people and businesses think their systems and information are protected, but are they really?

In today’s connected environment you need to routinely assess the security risks to your network systems, computers, users and the information stored on your systems to ensure you have sufficient safeguards in place.

Let’s discuss some of the basic safeguards your business should have in place to protect your technology resources, users and information.


Firewalls are designed to protect your network systems and computers by monitoring and controlling inbound and outbound traffic based on predefined rules. They come in a variety forms (appliances, software, etc) and different capabilities. Some firewalls provide content/internet filtering capability designed to restrict or control the content a user is authorized to access. The rules configured on a firewall are generally adjusted to reflect business operation requirements and a business’ philosophy on acceptable content.  Since intrusion and attacks methods are constantly changing you need to make sure you are routinely reviewing and updating your firewall settings, firmware and software.  Failure to regularly review and update this first line of defense could expose your technology resources, users and information to attack or intruders and create an unsolicited security incident that could be damaging to your business and its reputation.

Anti-virus software

Anti-virus software sometimes known as anti-malware software, is computer software designed to prevent, detect and remove malicious software.  Current anti-virus software can protect computers from such things as: trojan horses, worms, adware, spyware, backdoors and browser hijackers.  Some more advanced software and other third party products can detect and remediate ransomware, rootkits and malicious browser helper objects.  Since malicious software and its method of delivery seem to change daily you need to make sure your anti-virus software is constantly being updated to ensure your systems, computers and users are adequately safeguarded.  Failure to constantly update this line of defense could adversely affect your business operations, impact users’ efficiency and productivity and/or unknowingly disclose sensitive information from your systems.   Unsolicited security incidents such as these can be costly to your business.  Locked or deleted information can be difficult to restore or costly to reproduce.  The disclosure of sensitive information can have numerous ramifications ranging from the time and costs involved with analyzing how the disclosure happened and what information was disclosed to possible credit monitoring costs for anyone impacted by the disclosure and costs related to legal representation.

Security Patching

 A security patch is a change applied to a technology asset, albeit hardware or software, to remediate an identified vulnerability or security weakness.  A patch of this type is issued by the hardware or software vendor to prevent the successful exploitation of an identified vulnerability and to remove or mitigate the specific weakness.  Since security patches can be released by hardware and software vendors at any time it is imperative that these be tested and applied as soon as possible after release since once a vulnerability or security weakness is identified hackers attempt to exploit those vulnerabilities to gain access to effected technology resources.  

Human factor

First and foremost, information technology security is everyone’s responsibility.  This includes anyone that has access to your technology resources and information.   It should include not only employees, but contractors, vendors, consultants and cloud providers of services.   Your business should have a written acceptable use policy that clearly defines acceptable and unacceptable use of your technology resources.  It should address areas like password requirements, prohibiting the installation of unauthorized software, accessing personal email, occasional personal use, locking or logging off a computer before leaving an area or leaving for the evening, accessing or using cloud storage services, etc.  It should be routinely reviewed and updated no less then annually.  The policy should be provided to and personally acknowledged by all users of your information technology resources.   An enforcement and sanctions provision should be a part of your policy so users are informed of the ramifications for non-compliance. All users should be routinely educated on the code of conduct they are to follow while using your business’ technology resources.  There should be a designated point of contact for security related questions and the reporting of all security related incidents.  All users of your technology resources should be educated on the process for reporting security incidents however trivial the incident may appear.

The longer you wait to assess your information technology security position and address weaknesses, the more likely it is to become a problem.  If you would like some guidance or assistance with assessing your information technology security position, please contact us.