Two common, insidious cyber-related crimes — employee fraud and fake email requests for wire transfers — can bleed your SMB’s bottom line over months or years. Learn the five internal cybersecurity controls that accounting experts recommend to prevent these and other losses. Read more
Malware-packed phishing emails to small businesses are increasing — because they flat-out work. And the fallout for you and your customers can be catastrophic. Learn to spot typical phishing ploys, and follow four best practices to protect your business from phishing. Read more
Giant data breaches at giant corporations make headlines just about every month. But small businesses have become the favorite target of hackers. Fight back: Defend your small business’s IT network by following our annual 11-point IT security checklist. Read more
Another large Ransomware attack this month forced an Indiana hospital to pay four Bitcoins, or $55,000. This is unfortunately an increasingly common story, but this one has a twist – they had backups of their data but still chose to pay. Why? Restoring their backups could have taken weeks, and it would have been too expensive to be closed for so long.
This hospital learned two lessons the hard way. They learned not only that employee training is vital to preventing Ransomware and other hacks, but also how critical it is to test your disaster recovery plans. Backups are extremely important, but like any medicine, you want to prevent the illness before you have to use it; and like any treatment, they are of limited value if there is no plan to implement them in a reasonable amount of time.
Business Continuity plans for dealing with common hiccups, and Disaster Recovery plans for major outages are two sides of the same data safety coin, collectively known as “BC/DR.” When a hacker attacks, or the power goes out your employees should know how to respond to minimize negative impact. Backups are one piece of that puzzle, but the written plans are essential to implementation.
We here at TechGen want to help keep your data safe and your business running StressFree. That’s why we do regular testing of your backups. We ensure your backup works, so when the worst happens, your technology will be ready. Because backups are just one piece, we’re helping our clients implement a BC/DR plan or improve their existing one. Please, let us know if you are interested in discussing ways to improve your security. We also encourage you to read through some of the other posts on this blog that offer useful tips to prevent hackers from getting on your network in the first place.
Once again high profile hacking is in the news.
Accounting firm, and security advisor Deloitte was illegally accessed by unnamed hackers last month who had managed to compromise an administrator account and used it to access one of Deloitte’s Microsoft Azure accounts. So far, at least six of their clients have been informed that data including usernames, passwords, IP addresses, architectural diagrams and health information was accessed by the hacker. Deloitte is still reviewing the breach and contacting affected parties.
A question many are asking is “How did such a large company with so much experience in cybersecurity get breached?” and the answer is simple. “They didn’t have two-factor authentication.”
Two-factor authentication is a tool used for added security when it comes to important accounts. The name comes from using two factors to log into an account – your usual password and a separate factor such as a cell phone message, remote FOB, or biometic data like a fingerprint. In general, using multiple steps to log is referred to as “Multi-Factor Authentication” or MFA. With MFA enabled, even when a hacker manages to discover your password, they still can’t access your account without also having your other factor, like your phone. Deloitte didn’t use it on one administrator accounts, and as a result the hacker merely needed to get one password in order to gain the keys to the kingdom.
Increasingly, two-factor authentication is being considered a basic security step, and we here at TechGen highly recommend all of our clients look into MFA solutions.
- Microsoft has step-by-step instructions for setting up MFA for Office 365. You can read those here.
- Another good password solution, LastPass, also supports MFA. Specific instructions are here.
We would be happy to help you set up MFA for your important accounts; if you are interested, please let us know.