Giant data breaches at giant corporations make headlines just about every month. But small businesses have become the favorite target of hackers. Fight back: Defend your small business’s IT network by following our annual 11-point IT security checklist. Read more
Another large Ransomware attack this month forced an Indiana hospital to pay four Bitcoins, or $55,000. This is unfortunately an increasingly common story, but this one has a twist – they had backups of their data but still chose to pay. Why? Restoring their backups could have taken weeks, and it would have been too expensive to be closed for so long.
This hospital learned two lessons the hard way. They learned not only that employee training is vital to preventing Ransomware and other hacks, but also how critical it is to test your disaster recovery plans. Backups are extremely important, but like any medicine, you want to prevent the illness before you have to use it; and like any treatment, they are of limited value if there is no plan to implement them in a reasonable amount of time.
Business Continuity plans for dealing with common hiccups, and Disaster Recovery plans for major outages are two sides of the same data safety coin, collectively known as “BC/DR.” When a hacker attacks, or the power goes out your employees should know how to respond to minimize negative impact. Backups are one piece of that puzzle, but the written plans are essential to implementation.
We here at TechGen want to help keep your data safe and your business running StressFree. That’s why we do regular testing of your backups. We ensure your backup works, so when the worst happens, your technology will be ready. Because backups are just one piece, we’re helping our clients implement a BC/DR plan or improve their existing one. Please, let us know if you are interested in discussing ways to improve your security. We also encourage you to read through some of the other posts on this blog that offer useful tips to prevent hackers from getting on your network in the first place.
Once again high profile hacking is in the news.
Accounting firm, and security advisor Deloitte was illegally accessed by unnamed hackers last month who had managed to compromise an administrator account and used it to access one of Deloitte’s Microsoft Azure accounts. So far, at least six of their clients have been informed that data including usernames, passwords, IP addresses, architectural diagrams and health information was accessed by the hacker. Deloitte is still reviewing the breach and contacting affected parties.
A question many are asking is “How did such a large company with so much experience in cybersecurity get breached?” and the answer is simple. “They didn’t have two-factor authentication.”
Two-factor authentication is a tool used for added security when it comes to important accounts. The name comes from using two factors to log into an account – your usual password and a separate factor such as a cell phone message, remote FOB, or biometic data like a fingerprint. In general, using multiple steps to log is referred to as “Multi-Factor Authentication” or MFA. With MFA enabled, even when a hacker manages to discover your password, they still can’t access your account without also having your other factor, like your phone. Deloitte didn’t use it on one administrator accounts, and as a result the hacker merely needed to get one password in order to gain the keys to the kingdom.
Increasingly, two-factor authentication is being considered a basic security step, and we here at TechGen highly recommend all of our clients look into MFA solutions.
- Microsoft has step-by-step instructions for setting up MFA for Office 365. You can read those here.
- Another good password solution, LastPass, also supports MFA. Specific instructions are here.
We would be happy to help you set up MFA for your important accounts; if you are interested, please let us know.
Its clear that the Equifax breach is a big deal due to the type of information exposed. Here are some simple things you can do to protect yourself, and protect your business at the same time.
Protect Your Email
Your email account is arguably your most important account. If someone gets into your account (due to a weak password, or a password you’re reusing on multiple sites) they can then access sites you use like your bank, social media, Amazon, and others by triggering password resets (which will be sent to your email account they have control of!). What to do: Make sure you have a LONG password on your email account, and turn on Two-Factor Authentication if possible to prevent unauthorized access if your password is compromised. Our team can help ensure your email accounts are protected.
Turn on a Fraud Alert
Each of the credit bureaus have a free process for turning on a fraud alert. If someone tries to apply for credit in your name, the credit issuing company must verify your identity before issuing credit. An initial fraud alert lasts 90 days and can be renewed. I’ve found that Experian has a simple, quick way of turning on a fraud alert. Experian is required to also notify the bureaus on your behalf to turn on fraud alerts for their files also. Click HERE to visit the Experian fraud alert page, and scroll down to the bottom to enroll w/o the need for a credit report #.
Secure Your Cell Phone #
Your cell phone # (and the text messages you receive) are some of the most important “keys” to your digital life. If a hacker takes over your cellular #, that means any security verification messages will go to the hacker, making account takeovers sipmle. Inc.com has a great article that talks about this. What to do: Contact your cellular carrier and request they put a Security PIN on your account that must be used before making any account changes. (Including assigning your phone # to another phone)
Use a Password Management Tool
You’ve got to stop re-using the same password everywhere. The only way to do that is to start using a password management tool like Lastpass.com to securely keep track of them for you. We help our clients implement Lastpass on an individual basis, and company-wide.
If you ever have questions on any of these topics, please feel free to email firstname.lastname@example.org, or call us at 612-279-2400.