by Felicien | Jun 28, 2017 | Education
Don’t let a phishing spear take your automotive dealership down. Make sure your employees know that cyber attacks lurk in email and social media, too.
Back when cyber security was in its infancy, IT departments regularly warned employees against the dangers of clicking on links in an email address from an unknown sender. While most people can now spot a phishing email with ease, the focus from hackers is shifting to social media. Think about it, where else do you store a mass quantity of personal information with relatively minimal security? Many social media users don’t realize exactly how much information they are sharing with individuals who may mean them harm. Today, cyber security professionals agree that the biggest threat to your organization’s security may be an employee or a vendor who is “harmlessly” browsing social media at work.
Spear Phishing Attacks
With the rise of social media comes a new form of attack, called spear phishing. This attack is a play on the original phishing attacks that spread a broad net looking for someone to take a nibble — while spear phishing is targeted directly at a person of interest to the hacker. The cyber criminal spends time online getting to know the target — getting details about their posting habits, where they like to visit, where they work, members of their family — before launching a very targeted attack. These incursions are often to someone close to the person of interest, such as a spouse or significant other. The hacker then creates a special offer that may seem too good to be true to encourage the target to click through to get more information, and then use that new relationship to gather personal information such as login names and passwords. These details are then used to break into the auto dealership’s networks to hit the mother lode of personal information found there.
Personally Identifiable Information
The key target for many phishing attacks is personally identifiable information (PII) and bank account numbers. Since auto dealerships have to gather much of this information in order to complete a sale, they are now prime targets for cyber criminals. Once criminal gains access to the organization’s network, they are able to plow through enormous amounts of data in a very short period of time — making it difficult to stop the incursion before the damage is done.
Limitations of Liability
Unfortunately, if an auto dealership or any other organization is infiltrated, that company is potentially liable for damages from the attack. Perhaps the best way to prevent this from happening is to stop the attack in the first place by adequate training of team members and a solid security infrastructure that includes regular testing. Ensuring that all Microsoft and other hardware and software security patches are in place may also help prevent or lessen the damage from attacks. In addition, dealerships and other organizations may purchase cyber liability insurance, to cover the organization’s liability in the event of a widespread cyber attack.
Preventing Cyber Attacks
Aside from mentoring staff members to never click on social media ads while they’re at work or on any machine or device that can connect to the company network, there are several things you can do to limit the possibility of a cyber attack.
Counsel your teams to never respond to requests for their password or user information, regardless of where the question comes from. This includes phone, email, social media and websites.
Institute an aggressive schedule for updating passwords within your network, and add stringent standards around employee password creation.
Keep all firewalls, security patches and updates and network security software up-to-date. While this may not keep spear phishers completely out of your organization, it may slow them down and will stop some of them.
Notify staff members of the dangers of having a public profile on social media. While it may be fun to connect with people from around the world, it’s important to educate your staff about how personally identifiable information is gathered on social media.
Once one individual within your network is compromised, the attack will quickly spread between computers and networks. People tend to trust information that comes from family or a close friend, but it’s important to educate staff that this type of attack is very wily and can fool even the wariest individuals.
Catching Problems Early
Many organizations will suffer some type of cyber attack, but what are the steps that can prevent further damage? Early warning signals are critical to ensuring that the majority of your business stays protected even during an attack and that the duration and extent of the attack is limited as much as possible. Technology firms excel at creating specialized detection and notification systems that, along with user education, can be utilized to help counter the damage caused by spear phishing. Unfortunately, these attacks can happen very quickly, and once you click on an enticing ad within social media, you may have already infected your system. It’s important that auto dealerships and other organizations do not bury their heads in the sand and ignore the problem — because it is only growing in size and scope. Without adequate safeguards in place to detect or deter attacks, businesses of all sizes are vulnerable to these unscrupulous individuals.
After the massive cyber attack on Target’s personal customer information in 2013 that was caused by one of the organization’s refrigeration vendors, cyber security professionals are much more cautious about the possibility of a repeat performance by hackers. While the security attacks that get the majority of the national media attention are the widespread attacks that target anyone who will listen and click, the spear phishing attacks are much more insidious and personalized. By utilizing the personal information of the target, hackers are constantly looking for ways to slide under the defenses of the host organization.
Don’t let these insider threats damage your business and reputation. Instead, work with {company} to fully define a security structure that works for your business. Contact us today by calling {phone} or sending an email to {email}, and our cyber security professionals will work with you to ensure your organization is well-protected from spear phishing and other advanced cyber threats.
by Felicien | Jun 28, 2017 | Education
Work/life balance isn’t just about wellness: Here’s how data systems are an integral part of the puzzle.
The work/life balance used to be primarily about wellness benefits – what sort of health perks to offer at work, how to encourage people to take time off, and more. But now that the concept of a work/life balance has become more integrated into company strategies, we’re seeing that a surprisingly important part of the balance is the data systems that you and your company use: IT is an integral part of your wellness strategy! Here are the top ways that new data solutions and applications can impact your current workspace in stress-reducing ways.
1. Setting Personal Goals
Personal goals are surprisingly important for work/life balance and has become a common piece of advice for busy professionals who are looking at ways to reduce their stress and help clear up their schedules. While it may seem odd to write down more goals as a way of relieving stress, it certainly appears to work: Writing new goals, especially at night, allows you to get rid of worries you’ve accumulated throughout the day, and often leads to be better sleep and more confident morning preparations. Of course taking time to write a few goals every night can get tiresome, which is where technology steps in to help. Why not use an app like Microsoft To-Do that makes goal-creation and lists easy while also tying into Outlook and other common business software? List apps and calendars aren’t just there for organization, they also play an important role in stress relief.
2. Locking Away Distractions
A few years ago a new category of apps gained a lot of popularity – apps that blocked distractions from people who really needed to get work done instead of surfing Facebook for the 15th time or composing the perfect message on Reddit. These anti-distraction apps still have a place, and are now quite versatile, allowing you to add a surprising amount of productive time to your day – and isn’t that what everyone wants? Incorporate smart, selective blocking at work (which most modern companies need to be doing anyway, and not just with the X-rated content), and you can also see productivity rise among your employees. It’s also easy to find more personal, customizable apps for limiting time spent on specific sites based on your own habits.
3. Automating Email Replies to Reduce Stress
Even the simplest email clients available these days offer automation features, from Gmail’s mobile ability to create short automatic responses to categorization options that allow you to apply complex filters based on sender or subject. We highly advise you to take advantage of these tools and make them a common part of the workplace. One of the common work stressors is a long list of unanswered emails: It’s a feeling everyone hates, and it frequently leads to avoiding your inbox or ignoring emails for far too long, both at work and at home. Bringing in some automated tools and voice assistants like Cortana can make a huge difference when dealing with busy email inboxes.
4. Remote Work and Scheduling Options
Remote work and flexible scheduling have been vital parts of work/life strategies, allowing employees to plan their work life around the immovable parts of their personal lives, leading to a lot less worry and a lot more flexible thinking when completing projects. Data systems are one of the most important tools available for making flexible and remote work options available to employees. It just isn’t possible to easily schedule and reschedule or monitor teams no matter where they are working from without modern management software (Microsoft Teams is currently one of the top examples).
5. Digital Spaces for Workplace Fulfillment
It is understandable – and productive – if you block something like Facebook at the workplace. But that doesn’t mean employees cannot benefit from a social space: Indeed, a shared digital space can be very valuable when it comes to quick discussions, feeling like part of the company community, and keeping interested in the latest news and developments. We suggest adopting a company social space like Yammer so that employees understand their connection to the company and adopt better workplace relationships.
6. Reminders for Breaks, Meals, and Healthy Living
Speaking of scheduling and communication systems, it’s also a good idea to update these systems with broad types of company reminders. Those 10-15 minute breaks, lunches, and health benefits work a lot better if you move them from orientation into the workplace itself with a set of wellness alerts to remind employees to, well, take a break. Many of the tools we have already talked about all you to set up these types of alerts.
7. Metrics that Encourage Goal-Oriented Work
What do your current metrics study? If they focus primarily on hours and overtime worked, then you may want to rethink your goals. A number of companies are beginning to move more to a results-focused model that seeks to measure how much work employees are actually accomplishing rather than how much time they are spending at work – time that may or may not be spent working. The rise of the gig economy has helped this trend a lot, and it’s a great way for companies to check on productivity while also ensuring that employees are rewarded for completing goals and have the flexibility they need at work.
8. Automated Management of Benefits
Wellness perks can provide real help to employees – if employees know they exist, and how they work. If it’s been a while since HR has updated benefit systems, then some of the best wellness benefits may be languishing because people don’t really know how they work, how to sign up, or how it will affect their workflow. Data systems can easily automate and provide quick web forms, alerts, and other features for benefits including maternity leave, childcare, time off, yoga classes, and much more. Take advantage of technology!
Of course, your {city} workplace also has unique work/life balance challenges and goals. To find out more about what services {company} offers and how we can help you, contact us at {phone} or {email} to discuss our services.
by Felicien | Jun 28, 2017 | Education
Discover four tried and proven ways to keep your company’s computer systems and data safe and secure from cyber-criminals
A high standard of cybersecurity can mean the difference between a thriving, successful business and one that is crippled by lost data and/or customer lawsuits stemming from hacked information that is subsequently leaked or misused. Fortunately, securing important data and keeping it out of reach of hackers is not as complicated as it may seem. After working with numerous companies from a large variety of industries, I have come to the conclusion that there are really only four vital things you need to do to protect yourself from a cyber-attack.
Provide Employee Training
Both industry and government reports make it clear that over 90% of all cyber-attacks start with a hacker either successfully stealing access credentials or tricking an employee into providing access to a company computer system. Given this fact, it is clear that providing clear, ongoing cyber security training to employees is a must. Naturally, those who handle sensitive information will likely need more detailed training than those who don’t regularly use the company computer; even so, every single employee should know how to spot phishing attacks such as:
Email requests asking for log-in information, a request to transfer money or any other email that would require one to divulge important information online. Even requests from a boss’ email address are suspect and should be verified in person or over the phone.
Pop-up messages with interesting links that seem too good to be passed up
Emails from an email server asking for log-in information
Each person should have a personal username and password to access the company system. Passwords should never be typed in a text file or written on a piece of paper. Furthermore, employees should not be permitted to access personal email or social media accounts on company computers during work hours.
Continually Update Security Software
New viruses, Trojans, malware, worms and other malicious programs are created and disseminated all the time. Thankfully, a good security software program will keep up with new threats and provide regular software updates to thwart new types of attacks. However, these updates won’t do you any good unless you install them. Have someone in charge of making sure the security system on a company’s computer is always up to date. If there is no one in your company that can handle this task, consider outsourcing it to a reliable third party. At {company}, we have many years of experience with not only updating security software but also providing custom security software solutions to meet your specific needs.
Protect Mobile Devices
Ideally, it is best for employees not to use a personal mobile device for company business. Many personal mobile devices are not fully password protected and hackers can easily steal information by either stealing the phone itself or accessing information when a user is on a public network. Furthermore, many people use a mobile device to check personal emails, increasing the risk of a phishing or Trojan horse attack.
To prevent this problem, provide company employees who need a mobile device to use for company purposes with a company mobile phone. All data on such a device should be encrypted at all times and the device itself should be protected with a unique password that is different from an employee’s company account password. Additionally, employees should never install new apps on a company mobile device without express permission from a superior.
Make it clear to employees using a company mobile phone that the loss or theft of a company mobile device should be reported not only to the police but also your company. If such a device is stolen, immediately secure all information that could be compromised even if the device itself is recovered.
Backup Your Data
Ransomware is fast becoming one of the most common types of cyber-attack. Unlike other cyber attacks that are often conducted in secret, ransomware is in your face and you can’t miss it. All information will be immediately encrypted and you won’t be able to access it unless you pay the cyber criminal the amount of money that he or she is demanding.
To prevent this and other types of data loss stemming from cyber attacks, it is important to back up your data on a regular basis. Even so, be aware that not all data backup plans are equal; some are far better than others. A backup device that is always connected to your computer and regularly backs up data as it changes is convenient and helps you keep your backup system up to date; however, it is also vulnerable to ransomware attacks. Such devices will automatically backup encrypted versions of your files if you are hit with a ransomware attack, leaving you without access to any of your data.
Backing up data onto the cloud can be a good option but only if the cloud service provider offers a secure account that will not only protect your files while on the cloud service provider but also encrypt your files as they are sent to and from your company server. An external backup device that is only plugged in once a day to back up your data is a good option as hackers can’t access the device while it is disconnected.
Naturally, it will take time and money to fully secure your company computers to avoid cyber attacks; however, the effort is more than worth it as even a single serious attack can wipe out years of hard work. If you don’t have the time or feel you are tech-savvy enough to protect your valuable company data from malicious third parties, get in touch with us at {email} or {phone}. Our {company} has all the tools and experience you need to keep your systems secure both now and in the future.
by Felicien | Jun 27, 2017 | Education
Reports have begun to pour in regarding a new ransomware infection currently wreaking havoc in Russia, Ukraine, France, Spain, and several other countries. This highly sophisticated Russian strain is known as Petya or Petrwrap, and it has been advancing on a scale comparable to the recent WannaCry ransomware infection. However, unlike WannaCry, this strain lacks both the errors WannaCry contained as well as lacking a kill-switch.
A wide range of businesses have reported being hit with this infection, with victims receiving the following message: “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.” Sources state that the message appears as red text on a black background, and demands $300 worth of bitcoin in exchange for the decryption key.
While it has not been completely confirmed as of yet, Petya/Petrwrap looks to be taking advantage of the EternalBlue exploit, which was leaked by a group known as The Shadow Brokers. If EternalBlue sounds familiar to you, it should – it’s the same exploit WannaCry took advantage of.
Steps You Need to Take
If you haven’t already, you should be taking steps to protect your business against this exploit by installing the MS17-010 security update from Windows (which you can find here) and checking to see that your systems are fully patched. Like WannaCry, Petya/Petrwrap has the ability to compromise systems that are firewall protected. As this is a true worm, if the infection is able to reach a single computer within your network all of your systems and servers are at risk of becoming infected.
Take a moment to remind your staff that they need to be exercising extreme caution at all times when checking their email. If anything even slightly suspicious finds its way into an employee’s inbox, they need to know how to handle the situation and who to alert. All it takes is one mistake for your business to suffer serious damage, and events like this serve as an ugly reminder that a certain level of vigilance is required at all times to keep your business secure.
If you have concerns or want to find out more about what you can do to protect your business in the wake of this latest ransomware attack, please contact {company} right away at {email} or {phone}. Our team is here to help.
by Felicien | Jun 27, 2017 | Education
This is an article about the recent hack of the popular password manager OneLogin. We will briefly examine the impact this might have had on its users.
In a blog post, the chief security officer of OneLogin Mr. Alvaro Hoyos said that they were aware of unauthorized access to their data in the US data region. Following this, the company had reached out to customers to inform them.
He added that the company had managed to block the unauthorized access after the bleach and was corporating with law enforcers to try to seize the criminals.
Initially, the blog post was very short on details. For instance, the post did not mention that sensitive customer data had been obtained during the hack, which the company had only mentioned in the email they sent to their customers.
The email said that OneLogin believed the breach had affected all of their US customers and that all their sensitive data had been compromised.
In an update, the company said that the hacker had obtained access to Amazon Web Service keys and used the keys to gain access to an AWS API from an intermediate host with a smaller service provider within the US.
OneLogin confirmed that the attack began at 2 am (PT), but staff only realized unusual database activity a few hours later. Within a few minutes of realizing this, they shut down the system as well as all affected AWS keys used to create the hack.
According to the company, the hacker was able to access the database tables that hold all information pertaining to users, the various types of keys, and apps. OneLogin added that although most of their data was encrypted, they could not rule out the fact that the hacker may have obtained a way to decrypt the data. However, the spokesperson did not clarify which type of data is encrypted and which is not.
People Have some Hard Questions
Some people want the question of how hackers had accessed customer data, which could be decrypted. For instance, they wondered how OneLogin could have encrypted data and made the decryption method accessible enough for hackers to gain access to it.
For now, OneLogin is advising customers to change their passwords, create new OAuth tokens, and generate new API keys for their services. Additionally, it is advising customers to create new security certificates. The company added that data used by IT administrators, stored in the Secure Note feature and used in storing important network passwords could be decrypted.
How Many Were Affected
The company did not give figures on how many of its customers the breach affected. However, on its site, it serves some of the largest companies on earth including Dun & Bradstreet, ARM, Conde Nast, and the Carlyle Group. However, Dropbox has denied they are a customer of OneLogin.
How Does OneLogin Work?
OneLogin lets corporate users of its service gain access to multiple sites, web applications, and services using a single password. It is estimated that the company serves millions of users in over 2,000 countries in dozens of countries around the world.
It integrates hundreds of third-party services and apps such as Office 365, LinkedIn, Slack, Twitter, Google, and Amazon Web Services with a single sign-in feature.
This is the second time the company is suffering from a major hack of their system in two years. In August of 2016, it warned users that someone had accessed to its Secure Notes service. However, it denied that it had lost any customer data because of the hack.
How will It Proceed from Here
One Login said that they were working with a security firm to determine how the hack occurred. In addition, they said they wanted to verify how extensive the leak had been. They also added that they were working on a solution on how to prevent a similar hack in future. For now, the company says it cannot divulge much else because law enforcement is still investigating the incident.
OneLogin is by no means the only company in the US that offers the single sign-on feature. However, that is not to suggest that other companies have also been hacked. However, it does mean that other companies should take precaution when dealing with customer data. The prospect of getting access to so many high-value accounts with one hit makes them a prime target.
by Felicien | Jun 27, 2017 | Education
Digital transformation – is your business ready? Do you have a solid grasp of the true essence of the process? If not, it’s not too late – learn more here:
Digital transformation, disruption, and digitization. It can seem as though anywhere you look in business, those hot-button terms are at the center of every conversation. New technology, predictive analytics, and business optimization are all the rage. But few businesses have looked beyond the tech to the real-world differences this process will make in our businesses and everyday lives.
Some years ago, I remember reading a summary of Machiavelli’s The Prince to gain a better grasp of what this Renaissance mastermind had to say about the world. One piece, in particular, stood out, that if you can’t win the game using the existing rules, change the game. As digitization and digital transformation change the way we do business and interact your business “game” – the method by which you retain success – may also be changing drastically. If you don’t change your game to keep up with transformation and disruption in your industry, you may find your business left behind. What changes can you expect from the true essence of digital transformation?
How Will the True Essence of Digital Transformation Impact Your Company?
What is it – really?
Digital transformation is the result of combining inexpensive technology, pervasive network availability, supercomputing power, cloud computing and digital security. With these five aspects in place, everyday people expect to be more connected to life through their devices, whether that involves tracking a shipment, video chatting with a customer service rep, having their preferences follow them to your website from social media or expecting that you’ll know when an appliance needs repair instead of having to determine that for themselves.
It’s really easy to get caught up in the technology, but we must remember the human factor. At the start of popular use of the internet, customer interactions were much like ordering from a catalog. You filled in a form in some fashion, then submitted your payment and sometime later, you’d receive your purchase. As time went on, receiving tracking numbers and fulfillment dates became the norm.
With the advent of the digital revolution, business models began to change. Today’s largest taxi service, Uber, owns no taxis. AirBnB doesn’t own any lodgings. Apple, Google, and Amazon don’t own the rights to any music. These new business models require existing businesses to keep up and adapt to these changes or be left behind following the industry disruption.
Where is it taking us?
Tomorrow’s business is a dynamic, agile enterprise that is able to adapt to change in the market while remaining profitable and responsive to client demands. It will be expected to predict failures in machinery, future customer behavior and increasing demands for innovation. Simply opening another online storefront or marketing to a new social media page won’t suffice, you’ll need to set yourself apart through your products, your fan base, your company culture and the difference you make in the world.
How do you get there from here? Maybe you incorporate Facebook or Google+ sign in options for your website and ordering process, allowing you to update customers about their orders through social media. You could use Google Analytics to figure out not just a good advertising campaign but the best possible one. Market research may allow you to better focus on the exact persona of your best customers, helping you focus on only the most profitable sector of your market.
Why does it matter?
There have been many changes in the market as technology has advanced, so why should you worry about this change? IDC Energy predicts that by next year, a full third of the top-20 leading market share businesses will have been disrupted by competitors with new business models. It’s expected that by the end of this year, 45% of the world’s workforce will be contingent labor, many of which prefer to work from home. Deloitte has reduced human review of accounting documents by half using machine learning. Change is here, now. Customers expect to be the center of your business and process, not a simple revenue source.
Early adopters of digital transformation are also seeing increased market shares and revenues while lowering overhead costs. NTT DOCOMO, a telecom company, is already receiving 15% of its revenues from its Smart Life Suite. Early agribusiness adopters are seeing a 9% increase in revenue creation, a 26% improvement in profitability and a 12% increase in their market valuation. The question isn’t why does it matter, it’s can you afford to not care?
How do I get there from here?
Digital transformation can be a complex process, and you need to start with a good grasp of what needs to change in your IT department to make it work. Rather than being a supplier of services, your IT resources will become integrated into every part of your company. Innovation will be driven by a stronger cooperation and cooperative development from all areas of the company. To get there, you’re going to need to change the historical role of IT from being a side department that keeps things running smoothly to facilitating an enterprise-wide approach to digital transformation.
Your IT assets must play a central role in planning where your business will be in a year, five years or a decade. You’ll need visionaries capable of seeing what’s possible today and what innovations can take your company through the next twenty years. To develop solutions that work, you need IT personnel and solutions that focus on creating superior functionality for your employees and customers by breaking down what each person is doing, why they’re doing it and how it can be improved to streamline the process. If you need dynamic solutions in {city}, {company} is here to help. Please feel free to email us (link {email}) or call us at {phone} to get started.
