by Felicien | Jul 24, 2019 | Education
Keeping An Eye On The Dark Web?
Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc. – could be for sale right now. Do you know how to check if they are?
The Internet isn’t all funny videos and social media.
Between phishing, malware, and a seemingly never-ending list of scams, there are a number of serious dangers that are important to be aware of.
But there’s an even a darker corner of the web where few people dare to venture that can have a wide-reaching and severely damaging effect on your business: the Dark Web.
Recently, cyber thieves released a huge list of compromised emails and passwords known as Collection #1. It contains 773 million records, making it one of the largest data breaches to date. If your information has ever been breached, it’s most likely on this new list – and that list is on the Dark Web.
Even the federal government has had a hard time locating those responsible and stopping them. The Department of Homeland Security made their first bust involving criminals selling illegal goods on the Dark Web just last year. The arrests were made after a year-long investigation. Though this is good news, it doesn’t even scratch the surface of all the criminal activities taking place on the Dark Web.
The bottom line is that you can’t wait around for the government or anyone else to protect your business from cyber thieves. You have to be proactive about securing your database. Your personal and business information should not be for sale on the Dark Web, but how can you stop this?
What Is The Dark Web?
The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.
They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.
This unseen part of the Internet is a perfect place for less than scrupulous individuals to connect, network, and share tools, tips, and information. And it should go without saying that whatever their up to on these sites is nothing good.
Personal information such as school and medical records, bank statements, and private emails are all part of the immense Deep Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.
Why Is The Dark Web Used To Sell Private Information?
The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.
The Dark Web is like “The Wild West” of the Internet. It’s an area beyond the reach of law enforcement, hence the complete lack of regulations or protection. Although not everyone who uses the Dark Web engages in illicit activities — it has a history of being a platform for political dissidents and corporate whistleblowers — many visitors are there for less than upstanding reasons.
Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.
But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cyber criminals to share techniques and assist one another.
It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.
While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.
How can you protect yourself?
When a news story comes out about a large corporate hack, businesses often scramble to learn how they can better protect their businesses – but that’s the wrong time to start thinking about it.
Don’t wait until a breach occurs – start protecting yourself now. The advice you should follow centers around educating your employees about the dangers of online crime and developing company procedures to prevent it from happening.
The first step is to make sure you (and your staff) use stronger passwords…
Top 4 Password Mistakes To Avoid
Length and Complexity
Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
Numbers, Case, and Symbols
Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
Personal Information
Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.
However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
Pattern and Sequences
Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
Maybe you think your passwords are fine.
It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.
Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?
If you’re so confident, then why not put it to the test?
Click here to test how secure your password is – take a few minutes and try a few.
…
How’d you do?
Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.
Top 3 Tips To Keep Your Data Off The Dark Web
Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.
Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.
Require the use of strong passwords and two-factor authorization.
It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.
Consider investing in hacking insurance and conduct penetration testing.
The cost of cybercrime will exceed 6 billion dollars by 2021. That’s a lot of money. Investing in cyber attack insurance is a good idea for businesses with a great deal of exposure.
Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cybercriminals taking your data in the first place. But what if you’ve already experienced a breach?
Even worse, what if you’ve experienced a data breach, but you don’t even know it? Case in point: it takes most businesses up to 6 months to find out that they’ve experienced a data breach.
What if you’re one of them?
How can you find out if your data is already up for sale?
What About Dark Web Scanning?
There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.
One of the most popular of these solutions is Dark Web ID, which is designed to detect compromised credentials that surface on the Dark Web in real-time, offering you a comprehensive level of data theft protection – it’s an enterprise-level service tailored to businesses like yours.
This Dark Web monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week – no exceptions.
Features include:
Security Awareness to keep your staff prepared to spot and stop hackers from harming your business
Password Manager to help you and your staff maintain complex, hard to crack passwords
Multifactor Authentication to prevent external parties from accessing your systems with stolen passwords
Data Leak Prevention to make sure the integrity of your business data
Vulnerability and Patch Management to make sure no weakness in your cybersecurity is overlooked.
This isn’t a matter of “what you don’t know won’t hurt you”. In fact, it’s the opposite. You can’t afford to ignore the dark web.
by Felicien | Jul 23, 2019 | Education
Organization Shouldn’t Be Complicated
Out of all of Microsoft’s Office programs, Excel is one of the most universally used. What started out as a fairly basic spreadsheet program has evolved into a must-have business tool. However, the more you use Excel, the more data your workbooks will accumulate.
Keeping these workbooks organized and easy to navigate can be a challenge. We can help with that. Check out our short Excel: Tips and Techniques for Managing Workbooks training video, available to you free and on-demand.
Simply Click Here.
Watch at your leisure, and say goodbye to your Excel frustrations.
by Felicien | Jul 23, 2019 | Education
Cloud Storage vs. On-Site Data Housing: Factors for Healthcare Organizations to Consider
Internet technology has opened the way for data storage to be far less cumbersome for modern healthcare organizations. After all, handling all the incoming data in a modern practice is not all that easy. Many organizations have jumped on board and went after a cloud-hosting solution, but is it really necessary if you have room for on-site data storage in your facility? Here are a few factors to consider before making the final decision on cloud storage versus on-site data housing for your healthcare organization.
Compliance is a core concern for many healthcare organizations with cloud-hosted data storage.
Cloud-hosted data is great; it is convenient and does not require investments in expensive hardware. However, in a field where strict adherence to privacy regulations is a top concern, off-site data storage can be something that’s a bit off-putting for some healthcare companies. You lose a certain level of control over the data when it is stored off-site with a cloud-hosting provider. The digital records are not on-site at the facility, so you have to have full trust in the host for the sensitive data, and sometimes that sense of trust is hard to foster to provide you with full confidence.
Of course, on-site data housing comes with its own compliance concerns as well. Proper security measures have to be in place for the data itself, the systems you used to house that data, and the physical location of the data center. The primary difference here is that if you choose to go with an on-site data storage solution, you will know what levels of protection you have specifically because you had a hand in implementing those safeguards. With cloud-hosted data storage for healthcare, you are at the mercy of the provider.
Setting up your own data center can be a lot of work and money.
One of the pitfalls of keeping data on-site is the fact that it can involve a lot of effort and quite an investment. There are several factors to consider before this kind of implement takes place. You will have to look at:
What type of computing hardware your organization is going to need.
If your organization has the electrical infrastructure to offer full reliability and avoid problems with outages.
How you will implement a cooling system to keep the data center cool due to high levels of heat generation in the space.
What type of security you will also implement to keep the physical location secure from outsiders.
If you are capable of utilizing the right operating systems and software to coincide with the on-site data servers.
The bottom line is, you have to consider if building your own on-site data storage in healthcare is worth it or if it would be best to go with the more modern solution. There can be numerous costs involved and a great deal of planning. Some organizations are more equipped to handle these changes than others. For the most part, small and midsize operations simply won’t have the time or funding in most situations.
Don’t forget that hybrid data hosting is also an option.
If you’re not equipped financially to handle a full investment in an on-site data storage system but prefer to keep some legacy applications private in your own data storage systems, you do have the option to go hybrid. According to Forbes, this setup is quickly becoming one of the most popular in healthcare. In general terms, a hybrid model allows you some on-site data storage and some off-site cloud-hosted storage as well. These models are being used quite frequently in smaller operations because they make good sense, allow the operator that sense of control they want, and are financially appealing.
There’s really no one-size-fits-all data storage solution for all healthcare organizations. The important thing to do is to consider all of the pros and cons of each setup and take into consideration the resources and space you have available before settling on a particular data storage solution.
by Felicien | Jul 22, 2019 | Education
Phishing is one of the most commonly-used cyberattacks in Australia. Statistics from the Office of the Australian Information Commissioner show that phishing accounts for 39 percent of all breaches reported. Therefore, it’s important to be aware of how to protect yourself at home and at work from phishing.
How does phishing work?
The victim receives an email that is simple in format and generally personalised and potentially from a known sender. It may look like an official email from a known organisation or company, and it invites the victim to click on an embedded link. Wording varies, but it may say, “click to learn more” or “click to see the image.” After clicking, the victim is redirected to a webpage and asked to enter their user name and password or for other personal information. Once the personal information is filled in the attacker then sends emails to everyone in the victim’s address book and the cycle repeats.
It’s a spam email issue?
It is and it isn’t. While having spam email issued from your own email account is annoying and a problem, the larger issue is that the victim has given the attacker their user name and password. With an email and password, the attacker can easily hack into anything the victim uses that email and password for. Most people repeat email and password data for multiple accounts. In the world of cloud storage, this can be several accounts including email, CRM, file storage, banking, and proprietary applications.
Will changing the password mitigate further damage?
Changing your password is a start. Depending on what each account holds, it may be appropriate to cancel or disable the account and set up a new one. However, an aggressive attacker can get into a lot of personal and/or sensitive information from the original login information. Changing just one email password may not be enough. You may need to change all of your work and personal passwords.
How can I know if changing the password has solved the problem?
Look for history of logging in and out of accounts. Once you change the password, there should be incidents of logging failure (from the attacker). However, there is some lag time, because your login information may access more than one sub-account or cloud account synchronised to the main account.
Once the password is changed, am I clear?
No. Depending on what has been accessed, the breach may fall under the Privacy Act and Data Breach Notification. If you’re at work, discuss your breach with the IT department immediately, so they can take the appropriate action. Within an organisation, it’s possible that you aren’t the only person affected, and other people may have fallen for the same trap. Everyone who received the same email should delete it completely without clicking on it. Communicate with anyone who is involved and determine whether this needs to be reported to the Commissioner.
All accounts are secure and communications sent. What next?
Once the fire has been put out, there still may be lingering security issues to strengthen or counter. These can be talking to IT to double-check everything, blocking email addresses, or improving the filters. Then you’ll have to investigate the compromise to see if it is an “eligible data breach” according to the NDB scheme.
You will have to ask some hard questions such as what information has been sent and received via email, stored in the cloud, or accessible via their login. Ask if that data were to be made public knowledge, what would the consequences be? Is there any kind of financial or personally identifiable information (PII) available? Will anyone come to harm (physical, financial, reputational, or emotional) as a result? In Australia, you have 30 days to conduct an investigation to determine whether it is an eligible data breach. If you’re certified for the European Union (EU) General Data Protection Regulation (GDPR), you have 72 hours to decide. Check with your legal department for further instructions.
Anything else?
For better results in the future, it’s helpful to repeat training with all employees yearly on how to identify phishing and what to do in the case of a cyberattack.
by Felicien | Jul 22, 2019 | Education
Nearly every company must now rely on technology on a daily basis. For most companies, the role of technology will only grow in the future, making it even more important for all companies to have the tech support they need at all times. Depending on the situation, companies may hire employees to handle IT in-house, or they may outsource IT to a third-party provider.
The information below will help you determine whether it is time for your business to consider IT outsourcing.
Benefits of Outsourcing IT
Before you can decide whether outsourcing is right for you, you must first understand the reasons you might choose this path. Below are some of the potential benefits of outsourcing IT:
Fewer headaches – When you outsource IT, you no longer have to worry about maintenance, upgrades, repairs or any other technological problems.
Fewer expenses – Outsourcing IT is cost-effective, as you won’t have to pay for full-time employees to handle IT.
Scalability – Outsourced IT services can be scaled up or down to meet your needs as your company evolves.
No interruptions – When IT is outsourced, you won’t need to deal with downtime or other workflow interruptions related to IT issues.
Better use of in-house resources – Many businesses delegate IT responsibilities to existing employees when they can’t afford to hire full time IT personnel. With outsourcing, you will no longer need to split your employees’ focus in this way.
Downsides of Outsourcing
Although outsourcing IT offers several benefits, there are downsides as well. For example, you won’t have as much control over your operations as you would have if you kept IT in-house. In addition, if your provider is in a different time zone or has a heavy workload, communication can be problematic. Finally, if your business is small, outsourcing may be too expensive.
Should You Outsource?
Deciding whether to outsource IT to a third-party provider can be a challenge for any company, and there are many factors to consider. If you aren’t sure whether outsourcing IT is right for your company, simply compare your options and weigh the pros and cons. Remember to evaluate the potential for cost savings, as well as the impact on your day-to-day operations. It’s also a good idea to learn about the services available to you so you will know what you should expect if you choose to outsource.
If you decide to proceed with outsourcing, it is important to consider multiple providers before making a selection. Choosing the right IT provider can make all the difference in the success of your company. Remember that the cost of outsourced services is not the most important factor. Making sure that you are receiving reliable, high-quality services is essential. Interview each of the providers you are considering and ask them about the services they provide, the fees they charge and the customer support they offer. You should also read reviews from past customers to find out how others have felt about the services they received from the provider in question.
