Malicious Software, commonly known as Malware is software that negatively impacts your PC. Malware has been around as long as computers have, while the majority of programs you download or install on your PC are safe, some softwares were created to cause harm to you and your PC. One may ask how can a program cause me harm? Well the malware of itself cannot physically harm you but the design can cause you a lot more harm than just physical.
For instance, there is malware that was designed to steal your information, destroy your files or even worst extract payment from your bank account. Whatever the intent of the Malware’s creator that’s what the effect will be on your or your PC. Persons place malware on people’s PC for many reasons, some do it for fame, others to act as a ransom, and others just to simply cause damage to their target. Much like someone who does vandalism or arson.
Malware comes in many forms, like viruses, spyware, rootkits, ransomware, etc. It is common practice to use viruses and malware interchangeably but a virus is a type of malware. In this article, we will be talking about, how does your PC get malware, what happens when your PC is infected with malicious software, ways not to get it, and how to eliminate it.
Unfortunately, Malware is often identified when your PC has already gotten infected. Most times with malicious software, a good question to ask is “What has changed on your PC”. Is there a software you have downloaded or a particular site you have been to that asked you to accept a pop-up?
One might say that they haven’t been on any strange website, and most of the websites that they’ve been to is safe. Whereas that might be the case on the face of it. There are many websites that you click on, maybe just to check out some quick information from Google. But that site you go to just for a few seconds might have malware embedded in it. Your computer might not change in any way but the malware is being installed and running all in the background.
Another one that scammers love to use is a fake warning that comes up on your screen saying ”WARNING - Your Computer is Infected With a Virus, click here, install our software to help you clean it.” What you’re doing at this point is installing the malware on your PC. The scammers are tricking you to install malware, that type of manipulation is called social engineering. Where criminals exploit your natural inclination to trust.
Yet another way one PC can get infected with malware is by opening a file that is infected. It could occur by placing that malware on a USB drive and by using this USB drive you get malware on your PC. This could also be transferred through Emails email is the number one way of getting infected by malicious software. You open up a file sent to you via email and by just accessing that file your PC gets infected by malware. This situation is even more tricky because what if your job requires you to open up files sent to you by strangers? Like an HR department. Where individuals send you their resumes daily. Your responsibility would be to open these files to read their information. All these are ways that one can get infected by malicious software.
There are several effects that your PC will experience when you are infected. Some malware is so minor and so barely noticeable that you could be infected for years and not even realize it’s there. There are some variants of malware that are an extra advertisement that shows up at the bottom of your computer screen. You simply close the advert and it stops that program until a later time. That type of malware may not be intrusive but it is consuming ram on your PC it may pop up an advertisement that does not work appropriately or might simply just be bothersome to be closing that advert every once and a while.
Other Malware can delete your documents. For instance, you might have photos you have stored on your PC and then malware get’s installed and deletes all your photos. So you are going on your PC where you normally store photos and when you check there are no photos in that file. So much so that when you do upload photos, after a day or two they simply disappear. That is the sign of malicious software on your PC.
Some malware will start doing what is called ”thrashing the hard drive”. This is done by the program reading your hard drive as hard and fast as it can over and over and over again, reading the same sector over and over again trying to cause a failure on your hard drive. This attack can cause your hard drive to fail or your CPU to burn up. These are the software that was designed to burn up components on your computer, a very aggressive malware.
There is yet another type of malware called “Keyloggers” these are the silent type of malware. They run in the background and record every keystroke, record every key you press on the keyboard, and sends it to a server. Whoever has access to that info can now see when you log in to a particular site and sues that record username and password to enter into your various accounts. Malware can make it seem like you are seeing a fake web page instead of the real one manipulate you to put some information there.
One of the main things that happen when your PC is infected with malware is that your Pc becomes a transmitter. So if you are on a corporate network and that network host 500 PC, it only takes one PC to get corrupted and then every PC on that network can potentially get corrupted because of that one PC.
A popular type of malware these days is called ransomware. When this type of malware affects your PC it takes the form of a ransom. So the program does not delete your files, instead, it encrypts all your data. Now once encrypted you can no longer get access to your data, your data is still there however but to decrypt your data the attacker says to pay them a certain amount to decrypt your files. The reason why this type of Malware is so popular is that attackers can now monetize their malware. All of the other malware and its effects on your PC doesn’t necessarily bring a direct monetary value to them but this one does.
To eliminate malware revolve around utilizing software with the capability to identify, quarantine, and delete malware. Most times it revolves around an antivirus tool.
Antivirus Software - There are a lot of antivirus softwares out there that do an amazing job in eliminating malware on your PC. According to USNEWS, the best Antivirus software for 2021:
Antivirus software protects against these types of threats by performing key tasks like:
A good antivirus is truly your go-to tool for eliminating malware.
In conclusion, malware has been there for a long time and will continue to be present as long as computers exist. So let’s do all we can to be mindful of what malware is, how we get infected by them, and how to eliminate them.
In a previous article, we spoke about having your password safe and what makes up a good password. We discussed what makes up an Ugly Password, Bad Password, and a Good Password. In this article, we will be looking at the holistic approach to password protection, not just the specific characters that should be utilized when protecting your password but the mindset and philosophy behind creating a secure password. By the end of this article, you should have a better appreciation for keeping all your systems secure where a password is required.
In our previous article, we spoke about how a 10 character password can be cracked in 31.17 days. Having a password that is 12 characters or more ensures that password crackers cannot brute force into your system. Those characters should have at least 1 capitalized letter, 2 digits, and 1 special character like an exclamation mark or an “at” symbol. Special characters are the keys that you have to press shift for access.
If a website has a maximum password length of 12 characters, then that is definitely something for you to be cautious of. You should contact that website and query why that is the case. If they are telling you something along the lines of, a password less than 12 characters is enough security then you should be very cautious about the information you place on such a website.
It is very tempting, once you have attained a strong enough password, that you simply use that password throughout your log-ins. This is a mistake that should be avoided by the end-user. When a password breach occurs and your password is compromised, the hacker now has full access to what could potentially be the master key to all your website log-ins and more.
According to CRN.com in their article “The 10 Biggest Data Breaches Of 2021 (So Far)” stated that More than 98.2 million individuals were impacted by the 10 biggest data breaches in the first half of 2021, with three of the 10 largest breaches occurring at technology companies. One of those companies, for instance, had a data breach where 15.7 million people were affected. The unauthorized user posted the database online which consisted of personal contact information, passwords, and responses to questions users answered about health conditions, political affiliation, and ethnicity.
Now imagine that your password was one of those passwords made available to the World Wide Web. And that same password is what you used for ALL your other accounts. Can you imagine the devastation that can happen with just one data breach on a website that you are signed up to?
Let’s not find ourselves as one of these persons. Don’t use one password for all your log-ins, mix it up a bit so that if one password is compromised then there isn’t access to all your information.
Writing down passwords is a habitual practice done by office workers the world over. Persons would write down passwords and stick them on their laptop screen or place it on a page right in front of them. Though it may seem convenient to you as the user, it is a very dangerous practice that could potentially get your system compromised.
If you write your password on your screen, for instance, any passerby can look at your screen and see your system. Putting them in your drawer or under your keyboard is also not safe. There are many times when hackers and persons with malicious intent go through the trash and get passwords, known as dumpster diving, these stories are very real.
Instead of writing down your passwords on paper, you can utilize password managers. Password managers are softwares that stores your username and passwords in an encrypted format. This information is then generated when you are on the URL associated with that username and password and fills these fields on your behalf. When you are signing up to any new website these password managers also generate passwords so you don’t have to guess them.
This one may seem obvious, but too many times stories of individuals sharing their passwords to a colleague or close friend to get access to some file were the downfall of multi-million dollar organizations.
The methodology used to gain those passwords might not be as simple as sharing them with a friend or family member, but these hackers use social engineering techniques to make one freely give their password credentials to them.
One occasion speaks of a hacker that called an organization and pozed as their Internet Service Provider. The hacker spoke very confidently to the person on the line and said that they wanted to do a security check on their system. The hacker, posing as the ISP, then went on the ask for the password of the individual’s account to prove that they are said person. Unknowingly the person shared their password and now that hacker had full access to the person’s system.
Cases like this happen all the time and in the most unsuspected places, but the important principle here is to not share your password with anyone.
Most often than not, when you log in to a website for the first time, the website or browser asks to save the password for future use, so that the next time you log in the sign-in process will be easier.
On your personal laptop that feature is all when and good, but on public computers or devices that you do not personally control this is an absolute no-no. It may seem tempting to click on “remember me” especially if it is a device that you are using often, But once you do not have control of said service then it is safer to enter your password manually at every log-in.
The same can be said for the networks that you log in to. If you are on a public network, avoid accessing websites that require you to log in. Hackers could intercept your communication and hijack the data you are inputting on that website. When browsing on public networks it is best to use a VPN, to secure your connection and encrypt any data that might be hijacked on a public network.
As stated earlier, a password with 10 characters can be hacked in 30 days. Most banks and websites that have very sensitive information require that you change your passwords ever so often. The purpose of this is to give no room to any potential hacker to gain access to a user’s information.
The same can be said for your personal website log-ins. Keep changing your password frequently. How frequent? Well, it depends really. Some services like Google Mail give you an alert when they think your password is being compromised and should be changed. It really boils down to personal preference really. Some persons change their passwords twice a year, others once every 4 months but in either case, the important thing is to keep your data secure in case of a security breach.
Multi-factor authentication(MFA) is becoming more common when signing up for websites. The most common MFA comes in the form of a code that is sent to your email, phone number, or through a direct call to your mobile phone, along with the password that you’ve entered.
MFA comes in other forms as well like biometrics and security questions but essentially it supplements your password with another method of confirmation before you can access your data.
We discussed 7 tips for keeping your password secure in 2021. We learned to Keep the length no less than 12 characters. Don’t use one password for all your log-ins and Don’t write them down but use password managers instead. We discussed why you should not share your passwords and not save passwords on devices you do not control, finally, we looked at why you should change your passwords frequently and utilize multi-factor authentication
Cyberwarfare, cyber-attacks, and cybercriminals are all buzz words in our media. Nations are attacking nations in what could potentially be a cyber “world war III” as stated in a CNN article. With Cyber Security on a rise, all end users have to be mindful of keeping their data safe and secure from potential cybercriminals.
The most immediate medium of attacks comes from getting their hands on your passwords. Password security is an absolute necessity. Not just for organizations and company secrets but for the end-users own personal devices. Yes, I know, most persons don’t like having to input a password every time they have to get access to some files. It’s even worst for companies, especially when there are policies that say to change your password once every 30 days.
It becomes even more troublesome when we have to consider that there are passwords for just about everything nowadays. Passwords for subscriptions, emails, website access, reading articles, and the like. Just about everything on the web requires some login to gain full access, which interns require a password. Now having to create a password for each of those resources can seem a bit overwhelming. So most end-users use something that they can easily remember, like the high school they went to or the town they live in, or even their favorite sports team. But what consists of a good password? In this article, we will talk about what makes up a good password.
When a hacker hacks a server, the 2 primary ways this is done are by security holes through a web application like an addon/plugin or the hacker has guessed a password of a user on the server. Hence gaining access to that server and performing their malicious deed. When I say that the hacker has “guessed” the password, I do not mean that the hacker seats behind their computer and try to figure out what your password might be on a whim.
Most often they use softwares and tools that generate 100s of passwords per minute, what is knows as “Brute Force” hacking. If your system has a locking mechanism after a certain amount of passwords, there are systems that generate a list of most likely passwords based on some pre-determined criteria, like where the person lives, their date of birth, and the like. All of which are the prime starting point to hack your password.
Before we look into a good password, let’s look into what you should never use as a password(The Ugly) and what is typically used as a password(The Bad). Then we will get into what should be used as a good password (The Good).
So let’s start with the Ugly, what you should NEVER use as a password are:
So what are Default passwords? These are the passwords that come readily available on a package or a manufacturer password pre-determined. These kinds of passwords can be easily shared and made available on the web or by the company providing that service. For instance, most routers have a default log-in, that default log-in credential can be placed on a forum for troubleshooting purposes or by simply calling that company and asking for the default. Sometimes the default password is in the manual, readily available for use.
These sorts of passwords should never remain on your device in fact most devices with default passwords would ask you to change the password as soon as you boot up the device. Do NOT leave the default and think your device is safe and do not add a letter or number to the default password either. For instance, some default log-ins are username: admin, password: admin. Do not leave the username and then just change the password to admin1 or admins. These are not secure passwords and should be avoided at all costs.
WORDS ASSOCIATED WITH YOUR PERSON AND/OR ORGANIZATION
As mentioned earlier, when a hacker uses tools that generate passwords, they are typically based on preassumed notions, like where the person lives, the name of the individual, and the name of the individual organization. These passwords are typical in users because they are easy to remember and require little effort to generate on the fly. But these types of passwords are trivial to a hacker and should be avoided at all costs.
Most hackers gain information from unsuspected users by means of social engineering. Social engineering is a term used for a broad range of malicious activities accomplished through human interaction. Imperva.com states that it “uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.” A common social engineering tactic is that of using emails.
An example of such an email might be one that describes a person that needs to send you some money and they are asking you for your address, your bank account number, your spouse’s name, and your date of birth verify that it is you when the money arrives. All of this information at the forefront may seem harmless, especially when the malicious person is offering to send a large sum of money. One might even ask how could it hurt to give them that information.
The fact is it does hurt, and it will hurt you if you do provide such information. What the hacker now has is a list of words associated with you as a person that they can use to try to hack into your system and your organization’s system. It could be your favorite sports team, your favorite show, your mother’s maiden name, or the date your graduated from high school or got married. Do not add any one of those words in your password because if a hacker gets access to that information then they can use it against you.
Most security questions used to recover passwords actually use questions like What is your mother’s maiden name? or What year you graduated from high school? All this information should also not be shared, because a potential hacker could use that information to initiate a password recovery and hijack your account.
Usually, most websites have password difficulty bars that show how difficult your password is and usually require some upper-case, digit, and special character. A special character is an exclamation point, a hast tag, or something like that. But these passwords, though they have varying characters, can be easily cracked by softwares. Here is a list of passwords and the amount of time they can be cracked by an average password cracker.
|Password Difficulty||Time to Crack|
|7 characters password with 1 upper-case, 2 digits, and 1 special character.||00.24 Min|
|8 characters password with 1 upper-case, 2 digits, and 1 special character.||01.11 Hrs|
|10 characters password with 1 upper-case, 2 digits, and 1 special character.||31.17 Days|
The first kind of password with 7 characters can be cracked at 0.24 minutes, which is not very long. When password checkers ask you to enter passwords that is 7 characters in length, it is really the most basic kind of password one can have. The longer your password is, however, with the same 1 upper-case, 2 digits and 1 special character is much harder to crack.
By just adding one more character to your password you are increasing the time to crack to 1.11 Hours, that is a whole lot better than the previous password by just 1 character. But that time is still not that long. By adding 2 more characters making the password length 10 characters with the same criteria you bring the time to crack your password to 31.17 days. Now that’s a strong password!
With a password like that you are well on your way to having a secure environment. Now that might just be good enough for your needs. Depending on your environment, the organization/company would give your system administrators more than enough time to find out who or what is trying to get into your computer.
That’s why some companies have policies that require you to change your password every 30 days. It would give a potential hacker a very hard time to get into your system and make it nearly impossible if your password is changed every 30 days with that 10 character password difficulty using the same password scheme.
So if 10 characters make it difficult for your password to be crackers well over 30 days, then adding more characters would bring up that time even more. So let’s look at a good password.
A good password is one that is not easily guessed or cracked. And by simply adding 1 more character to the mix we increase the time it would take to crack the password significantly.
|Password Difficulty||Time to Crack|
|11 characters password with 1 upper-case, 2 digits, and 1 special character.||810.36 Days|
So as we can see, with 11 characters and the same password scheme, the chance of your password being crackers becomes nearly impossible. The first step in a good password is the password length. At least 11 characters long, with 1 upper chase, 2 digits, and 1 special character should be your go-to standard for all your passwords.
But how am I going to remember 11 characters? That’s a very good question. Most people don’t remember words with so many characters, let alone their passwords. So the 2nd step in creating a good password is to use passphrases instead of passwords to create sufficient length.
The passphrase could be a quote that you’ve memorized, or a nursery rhyme, or a phrase from a song you enjoy. Any phrase that you know well can be used for your passphrase, along with the before mention password criteria and you will have a full proof password. An example of this passphrase would be something simple like:
This phrase consists of 19 characters, 1 uppercase, 2 digits, and 1 special character and is fairly easy to remember. It simply reads “Daily events and facts!” But instead of an E, it is replaced with a 3, and an S it is replaced with a 5, along with a ! in the end. A password like that would be virtually impossible to crack. And to add even more security, one could simply exchange another letter with a number or add another special character.
By using phrases you can easily create passwords that are 11 characters and meet all the necessary requirements.
Password Security is of utmost importance in this digital age. We must remember to not leave any of our passwords at default. To not use personal information that is publicly available for our passwords. We should have at least 11 characters, 1 upper care, 2 digits, and 1 special character in our passwords. By following these steps your passwords will always be safe.
An optimized IT infrastructure brings about huge benefits to a business, but a poor IT infrastructure can lead to huge financial loss or worse. Many people think that the only costs to take into consideration for an IT infrastructure are the tangible costs of the infrastructure itself, like the servers, storage, support, power, maintenance, and the like. One of the costs that are hardly considered is that of opportunity cost. The fact that there is proper IT infrastructure then there is a reduction of cost in other places however when there is poor IT infrastructure there is an increase of cost in another place within the business.
For this blog post, we will define Poor IT as the lack of proper IT security, the lack of proper PC maintenance, a “Break, Fix” IT approach, and outdated technology. But all of these stem from simply not being aware of the various IT-related threats and how they truly affect your companies security, productivity, and profitability.
While putting your IT budget together, it might be daunting to think of bearing that extra monthly/yearly or equipment cost for an extra boost in your security. But the fact is, organizations that cut corners in data security will be paying a lot more than that cost of keeping their data secure.
For instance, if there is a security incident where data needs to be recovered that was stolen or deleted by a malicious attacker then your internal IT staff would need to work long hours to recover said data. That cost would include paying the staff for the overtime needed to recover the data and if they are not able to resolve those issues then you would have to hire a cybersecurity specialist which would be an even greater cost.
Moreover, workers that work for long hours to resolve data security issues may suffer from burnout and fatigue which in turn will cause a lack of productivity and higher staff turnover. Adding the cost of training new staff.
As a small business owner, it is common to take up much of the task of your business on your own. One of those tasks is that of upkeeping your organization’s computers. At first glance, this task may appear to be very “doable”, a few updates here and there, you download a PC Cleaner and run it once in a while but basically the work of maintaining your PCs is all on you.
Now, this may seem more cost-effective for you since you don’t have to pay for additional staff, and there are a number of free tools out there that one can use to keep your PC clean. But the lack of professional servicing on any equipment, though more costly, would cause long-term losses that would oftentimes exceed that of the initial cost.
It is common for a PC to get slower over time despite the free cleaning tools. A slow PC will cause frustration for you and your employees as they try to do there day to day tasks. Not only would it affect your employees but your customers as well. Your customers would expect quick service from you, the worst situation to happen would be to have them waiting for a receipt because your computer is still processing a command. So without proper PC maintenance, you will encounter issues that will affect your bottom line.
A “break/fix IT” approach constitutes the monitoring of your IT operations, and when something is broken, it is then fixed, typically this is done by an outsourced company that works on a need by need basis, bringing you back to your original state before the issue.
The Break, Fix IT approach appears to be cost-effective at first. You only pay for the work done when the need arises and can hold back on certain expenses once it doesn’t appear to meet your needs. As a small business, this may seem to be attractive but there is a cost associated with this approach that you don’t see at the moment.
For instance, there are many unexpected cost that can occur with your IT Infrastructure and to bear the cost for every fault that occur would increase your bill significantly. Since one is trying to save cost then there might be issues that one does not bother to fix since it’s not mission-critical or not appear threatening. But these issues may spiral into much bigger ones that can cause your entire IT infrastructure to crash.
The cost of repairing or building back your infrastructure will cost you a lot more and will be very time-consuming as well. Your best option, in this case, would be to utilize a fully managed IT plan for your business needs.
Many organizations use legacy systems, with hardware that was purchased since the early 2000s. The reality is the cost of upgrading your systems is a big one. It’s one that will take a huge chunk of your capital along with training your staff and the time it would take to implement and transition from the old system to the new one. The very thought of those above items may be daunting for you.
What’s even more daunting, however, is the risk of not having up-to-date technology. A study by Microsoft stated that more than 90% of consumers would rather take their business elsewhere than work with a company that uses outdated technology. Moreover, outdated technology reduces staff morale, a report done by PWC states that 73% of staff surveyed know of systems that would help them produce higher quality work at their workplace. Business owners not embracing these new technologies or considering their staff’s advice on those new technologies would further reduce productivity.
Another hidden cost of outdated technology is that of cost of support. It may seem affordable to keep the system you have had for years but when that system starts malfunctioning the cost of bringing in individuals with the know-how of those systems can be really costly.
The cost of IT is not just the capital expenditure for equipment and upkeep but the opportunity cost realized from making proper IT-based decisions for the furtherance of your company. Because Poor It can be detrimental to your staff productivity and profitability.
Did you know that hackers attack every 39 seconds? That’s an average of 2,244 times a day.
Think it can’t happen to you?
If it can happen to some of the largest, most protected companies in North America, it can happen to anyone.
Just look at what happened to Twitter:
On July 15, 2020, Twitter accounts of high-profile personalities including Elon Musk, Bill Gates and Barack Obama were hacked. Fake tweets were sent offering to double down on every $1k sent to a specific bitcoin address.
Apple, Kim Kardashian, Joe Biden, Jeff Bezos, and Uber also among those attacked.
The cyber criminals responsible for the massive breach managed to scam $180,000 worth of bitcoin through more than 300 transactions. With two accomplices in tow, the mastermind behind it all turned out to be a17-year-old recent high school grad from Tampa, FL.
So there you have it, anyone can be hit at any time. But you'll need a stronger case than that if you want to justify the spend to your CIO.
CIOs (Chief Information Officers) are focused on two things: productivity within the IT department, and how much it will cost to keep data secure.
These stats speak for themselves. Show them to your CIO to justify the need for increased security measures.
375 new cyber threats per minute seen in Q1 globally (McAfee)
Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
Only 5% of companies’ folders are properly protected, on average. (Varonis)
Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture)
The average time to identify a breach in 2019 was 206 days. (IBM)
That’s terrifying. How much damage can be done in the six months prior to identifying the breach?
62% of businesses experienced phishing and social engineering attacks in 2018. (Cybint Solutions)
56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
In the 2019 Data Breach Investigations Report (DBIR), 94% of malware was delivered by email. (Verizon)
IoT devices experience an average of 5,200 attacks per month. (Symantec)
53% of companies had over 1,000 sensitive files open to every employee. (Varonis)
Equifax was found liable for their 2017 breach and was fined $425 million by the Federal Trade Commission (FTC) in 2019. (FTC)
Think you’re too small to be vulnerable? Think again …
43% of breach victims were small businesses. (Verizon)
Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
Supply chain attacks were up 78% in 2019. (Symantec)
Ransomware attacks on the healthcare industry are expected to quadruple by end of 2020. (CSO Online)
Worse, that prediction was made before the pandemic took hold of the world.
The cost of lost business averaged $1.42 million. (IBM)
The most expensive component of a cyber attack is information loss at $5.9 million. (Accenture)
The average cost per lost or stolen records per individual is $141. In Canada – $190. (Ponemon Institute’s Cost of Data Breach Study)
Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)
Well, if those stats didn’t wake you up to the fact that a) every industry is vulnerable, and b) it doesn’t matter how large or small your business – cyber attacks can happen to anyone at anytime.
Don’t be caught off guard. Protect your data. Protect your business. Ask us about claiming your free risk assessment today. You’ll be glad you did.
B2B companies are urging their technology leaders to re-think their approach to protecting their systems and data, which raises the critical question:
Given limited resources and constantly evolving threats, how should organizations determine where to invest their resources to address their most critical risks?
The answer lies in the cyber security program’s ability to proactively assess and take ownership of risk, as well as the ability to build and maintain a cyber security workforce trained in the most current tools and techniques.
System owners and program managers should approach their cyber security programs with this reality in mind: their systems are vulnerable and cyber threats are continually emerging.
Since security resources are limited, B2Bs must implement proactive plans to identify and prioritize their cyber risks, enabling a clearer picture for how resources should be spent to mitigate them.
While Risk Management Framework (RMF) has undoubtedly introduced a higher level of security control, several factors (ie: more controls to address without more resources to address them) have led, at times, to this implementation becoming another “compliance drill” — often allowing both new and existing system vulnerabilities to remain unmitigated, or worse unidentified, exposing systems to critical risk of intrusion and compromise.
RMF also unintentionally created incentives to shift risk ownership to other organizations (ie: minimizing the number of security controls that must be addressed and tested by the system owner for a perceived, but often unrealized, cost savings).
System owners and their cyber security teams know their systems better than anyone. Therefore, system owners should look to own and manage as many of their system risks as possible, as they are best positioned to understand the impacts of vulnerabilities and develop the most effective mitigation strategies.
The introduction of RMF has also unintentionally created the requirement for unmanageable numbers of policies and processes that are often enforced inconsistently due to lack of oversight resources. Identifying and implementing technologies and automated solutions that implement and enforce such policies and processes will make programs inherently more secure.
A large portion of money allocated for IT in B2B organizations is often spent on operations and maintenance (O&M). Companies also often find themselves in need of substantial security improvements to protect their systems but lack the resources to do so.
While some O&M money is focused on cyber security tools, technologies and resources, much of it is spent on manual system maintenance activities.
As artificial intelligence (AI) continues to emerge, businesses should review manual O&M processes and identify ways to automate such tasks, thereby enabling the re-allocation of resources to focus on mitigating critical cyber security threats.
The view that jobs will be lost as artificial intelligence (AI) expands is a common theme of resistance to implementing automated technologies to complete tasks historically handled by humans.
Forward-thinking system owners and managers should talk with their employees about cyber security training opportunities and help them understand that as cyber threats continue to evolve, the need for trained cyber security experts who can identify them increases.
This is an opportunity for team members to advance their careers, and many companies have robust, paid training programs in place to support the demand.
Ultimately, it is imperative that businesses re-focus on the human element of cyber security. System users and managers often fall into the trap of complacency, believing their systems are secure and their data hasn’t been, or is unlikely to be, compromised.
The weakest link for system breaches are people who create risk by not following even the most basic security guidelines, such as:
According to an industry study, the average cost of a data breach is $3.9 million, not to mention second- and third-order impacts that can manifest themselves over longer periods of time.
It is critical that system owners implement concise, targeted and current cyber security training programs with the goal of creating and incentivizing a more proactive and vigilant cyber workforce.
Despite these enormous challenges, there are great opportunities for B2B companies with forward-looking attitude and ambition. Cyber strategy that adopts the latest cyber security technologies along with a robust workforce adoption and transformation program are critical starting points.
Learn more about how we help B2Bs mitigate risk through security technologies and processes that extend protection and management controls across the expanding digital environment.
Now, more than ever, cyber criminals are attacking SMBs (small- to medium-sized businesses). With so many workplaces implementing new bring-your-own-device (BYOD) policies, cyber security is paramount. Yes, some companies are more knowledgeable about network security risks than in years past, just as many are oblivious the security vulnerabilities of cell phones and tablets.
Sadly, a data breach can bring an SMB to its knees.
SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. A recent study found that only 16% of SMBs have a mobility policy in place.
Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices.
Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.
Key components of a mobility policy such as personal device use, public WiFi accessibility, and data transmission and storage are often omitted from many policies.
Thankfully, most SMB cyber crimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.
Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.
MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:
It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.
Small businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, modern-day cyber criminals continue to target SMBs simply because they tend to have tighter budgets and less security.
Fortunately, if you're running an SMB, you don't have to leave yourself vulnerable to attacks. There are some things you can do to stretch a modest security budget.
It's important to note that we're not suggesting you cut vital corners. That can wind up costing you more in the long run. Instead, try these five simple ways to safeguard your business without breaking the bank.
There are specific aspects to your business that contribute to core operations more than others. If you don't have the budget to secure every piece of data in the business, take care to protect the high-risk data.
Determine which pieces of data could prove catastrophic if lost or stolen, then increase the level of security in that area.
Think about issues that are high-risk, the "it's likely to happen" issues, then slowly filter down to the "it could happen" risk factors. When budget runs out, at least you can rest easier knowing you've protected your most critical data from potential threats.
Security policies are important in every business, no matter its size. But that's just the first step.
SMBs are then strongly encouraged to educate employees about the policies, ensuring everyone is aware of appropriate and inappropriate workplace behaviours when it comes to systems, network and data security.
If employees fail to follow security policies, they must be held accountable. It's vital to the safety of your business.
Far too many security breaches occur because employees simply aren't aware of the latest malware and phishing schemes.
The simple act of opening an email from an unknown source can put your data in jeopardy. Weak passwords that never change can also put you at risk. And lack of proper security when using public WiFi can be detrimental.
These are the seemingly simple things cyber criminals thrive on. Stay in the know and be sure your employees are aware of potential threats.
Running applications and servers in-house is a costly endeavor. Instead, head for the cloud. Not only will you cut costs, but you'll strengthen security. Cloud tools are typically protected by built-in security features, which takes the onus off you to maintain those security features.
Take it one step further by putting the burden on a Managed Service Provider (MSP) to remotely monitor and maintain your data security.
Try not to fall victim to analysis paralysis. If aiming for perfection is preventing you from taking action to secure your data, your efforts are in vain.
Because security threats are continuously evolving, so too does your security strategy. That means there's no such thing as perfection -- it's a constant work in progress. So just start somewhere.
Need help getting started? Talk to our security experts today, we’re here to help.