When it comes to technology, there’s no doubt that mobile devices have made both our personal and professional lives way easier. Because of smartphones, tablets, and other kinds of mobile devices, we can take our work with us anywhere and get things done on the go. We can be in constant communication with our employees, executives, IT management, and our customers.
But, while our phones help us in tons of ways, they can also hinder us in others. Conducting certain aspects of business on your mobile device can put you at a huge cyber security risk. Before you conduct any more business on your phone, read up on this.
Smart devices give us the incredible ability to manage money from anywhere. Whether it’s accepting money on Paypal, sending money on Venmo, depositing a check via your online banking app, or making an order on a website, there’s really no limit as to what you can do.
Unfortunately, sometimes convenience comes with a catch. The ability to do many transactions from a single device, a device that’s most likely not protected, can lead to attacks from all sides. Therefore, using your phone to handle any type of transaction can make you more susceptible to hackers and other cybersecurity dangers.
Nowadays, many companies are implementing BYOD, or a Bring Your Own Device policy. It’s a way for employees to have more flexibility with their work, as they won’t be limited to what they can do, how they can do it, and when and where they can do it.
While there are many great benefits to BYOD, there are also, of course, security risks. In fact, even though company executives certainly don’t want their employees to be distracted by their mobile devices, the primary reason companies are skeptical about BYOD is because of the risk associated with it. Someone who brings their phone to work can easily connect to a network anywhere they go afterwards. And, if one of those networks isn’t secure, a hacker can get in and access anything that the employee has access too. Most of the time, without the employee even knowing about it.
If there was something infecting your phone or mobile device, would you know it was there? Probably not. Detecting malware on a phone might not be easy for the ordinary user. But, it’s great for hackers who want a simple job. In general, most malware types that infect phones comes from suspicious apps. Hackers can get into the phone and easily take any sensitive information you have tied to your business. Again, this can be done without you even realizing it.
We’re not saying don’t download apps. But, if you’re using the same mobile device that you’re downloading apps on as you do for your business, you’re putting your company at risk. Additionally, if you have malware on your phone unbeknownst to you, and then you go and reconnect that phone to your company’s main network, you can infect others in your office as well.
Using your mobile device for business can put you at risk. Even if you’re trying to be proactive, at the end of the day, it’s more work for IT. And, that’s if you’re even running security measures on your phone in the first place. (Most companies don’t.) Your IT team or your security vendor is already doing all it can to protect your network and, most of all, the computers hooked up to that network. While adding on a couple of phones shouldn’t be too difficult, you don’t want to have IT lose their focus on the main action, just so you can bring work around with you (probably to somewhere you shouldn’t be bringing it, anyway.)
That old saying, “Don’t mix business and pleasure,” can be interpreted many different ways. But, in this case, it can’t be any more clear. Your phone may make business run smoother, but it may be only a matter of time before that changes. Sometimes, leaving your phone at home isn’t such a bad thing.
Smeester & Associates can provide you with everything you need to know in making important security decisions for your company. Like, whether or not you should run business on your mobile device.
Nowadays, people find it a lot easier to do their shopping, especially their holiday shopping, online. But, when customers from all over the world are using their sensitive information to make purchases, there is always the risk that a security breach could occur. And, that that security breach could put you at a serious risk.
Black Friday is over, and so far, there haven’t been any major incidences. (At least compared to previous years.) While that’s all great to hear, that doesn’t mean it’s time to let our guard down just yet. The cyber threat is still prevalent and we need to be on guard.
If you plan on participating in Cyber Monday or any other kind of online shopping this holiday season, here are a few tips on keeping yourself safe behind the screen.
Though using your mobile device to make a purchase is definitely time-efficient, it’s not always safe. There are a lot of companies that use mobile apps to cater to their users. While this is a nice thing for both the company and the user, it can also be a nice thing for any hacker who won’t even need to lift a finger to take your information. Stick to a computer that you’re familiar with.
Consider Alternative Payments
If your browser asks you if you want it to remember your card information, don’t check off that box. Even if it’s your own personal computer, this kind of thing makes it easier for anyone to take your information. And, even if you opt out of having your credit card memorized, you should consider leaving the credit card or debit card behind altogether. If you have gift cards, Paypal, or a prepaid card, it’ll keep you a little safer.
Go With Companies You Know
Maybe a lot of those third-party, out-of-country eCommerce sites have some really good-looking deals. And, while some of those sites may be very well legitimate, you should never buy from a company that you haven’t heard of. Stick to the places and the names you know and love. There’s a better chance their online shopping platform is just safer, and if a breach were to happen, that they would at least do their best to make sure you’re protected.
Trust Your Gut
Cyber Monday and the holiday season, in general, are pretty overwhelming days to be on the Internet. There are a lot of good deals out there that are really convincing. But, not all deals are what you think they are. Some are really deceiving. It may not be that there is a hacker running a fake website with fake deals directly behind the screen. But, it may mean that the website you see one of these “deals” on may not be one that’s safe to use, for one reason or another. Therefore, just remember the old advice, “If it looks too good to be true…” Trust your gut before trusting these people with your bank information.
And, if you’re a company…
If you’re a company who is selling products online on Cyber Monday, or any other day for that matter, make sure you’re taking every possible cyber security precaution there is to protect you and your users. You should also consider taking out cyber insurance or consulting with your provider about additional measures. Remember, your customers are trusting of you, and they wouldn’t want a little purchase on your website to lead to a complete loss of their identity.
Cyber Monday is just a few days away. Are you prepared? No worries! Smeester & Associates is here to help.
Last month, the whitepaper of the Sixth Annual Survey on the Current State of and Trends in Information Security and Cyber Risk Management was released. As we can see, the survey had a lot of interesting and important information to help small businesses and CIOs make meaningful decisions regarding their approach to cyber security. It discussed key themes, like evolving threats and how companies can build up resilience to those threats. In addition to all the findings and suggestions in the survey, there were also some facts that readers and business owners may find very interesting.
Let us know what you think!
According to the survey, 78 percent of respondents from personal data-driven industries purchased a security & privacy insurance policy, compared with only 59 percent from all other industries. Data-driven industries certainly have more sensitive, customer data to protect, which may be why their number is higher. But, either way you look at it, more than half of the industries surveyed take out cyber insurance. That’s a lot.
The study revealed that approximately 60 percent of pre-breach services are provided by internal resources such as IT, risk management, human resources (HR) and legal. While it’s a good idea to outsource security management, we can see that some companies are still relying on their in-house staff for pre-beach services.
According to the survey, when asked to what extent an internet, cloud or technology disruption would impact their daily business operations, 87 percent said it would have a moderate-to-significant impact. That’s a whole lot of people that feel if a breach were to happen, they would really be in a bad situation.
76 percent of respondents in the communications, healthcare, finance and banking, and retail industries viewed cyber risk as a significant threat compared to only 55 percent of all the other industries. If your industry falls into that 76 percent, then you may want to consider what aspects of your industry make it more vulnerable and assess your company’s cyber security measures based on that.
A question was asked in the survey, “In your experience, are cyber risks viewed as a significant threat by your organization’s leadership?” In response, 83 percent said “yes” for Board of Directors, which is 15 percentage points higher than in 2015. Just a year ago, it seemed as though higher level executives and other leaders simply did not see cyber security as much of a threat that they needed to consider it in their budget. It looks like that’s starting to change.
According to all respondents, “employees unintentionally infecting the company’s network with malware” is the top concern with 50 percent rating it a high or extremely high risk. So, if you’re an employee, your higher-ups may be worried more about you making a mistake than a dangerous hacker.
When asked which services are utilized in response to a cyber-security breach, it’s no longer the IT guy. Based on the survey, for the first time, the general counsel is the department most frequently responsible for assuring compliance with all applicable federal, state or local privacy laws, including state breach notification laws. While the IT person at your company should be fully aware of policies, it may be better to play it safe and go with the general counsel for any of your cyber-security questions, comments, or concerns.
Smeester & Associates understands the questions that arise when it comes to protecting your own company’s cyber-security. We’re here to answer those questions and provide you with the tools and recommendations necessary in order to make the best decisions for your company.
When it comes to contracts in the digital world, there are none quite as important as service level agreements, or SLAs. Service level agreements are the agreements outlined between a service provider and the user. It discusses what the user expects to receive from the service provider, and in turn, what the service provider will provide to the user. A strong SLA should erase any gray areas between the user and the service provider, clearly outlining what the relationship entails.
You do have a say in your SLA
Though the service provider should be the one to present the service level agreement, as the user, you do have a say in what you want it to include. If there’s an aspect of the job that you want to be covered but the service provider didn’t mention in the SLA, you can have them add it in. An SLA is certainly not one-sided.
An SLA provides targets for measuring performance
Whichever sector the service provider is in will determine the type of contractual agreements that are laid out in the SLA. Whether a service provider is providing an internet service, managed services, cyber security, of a combination of these services, the service level agreement should have observable and measurable objectives that are obtainable. If you, as the user, want to be clear about what you’re paying your service provider for, take a look at that SLA.
It explicitly outlines the “what happens when…?”
A good SLA should answer all the questions you didn’t know you had or perhaps the ones you don’t want to ask. Even if we trust our service providers to give us what they say they will, we still want to know “what happens when…” The SLA makes things more transparent, so you can be confident in your decision.
An SLA encourages responsibility and protection for both parties
Anytime we invest money as a user, we need to make sure we’re protected. Likewise, a service provider needs to look out for themselves, too. So, while an SLA can protect you from losing any money, it also protects the service provider from being held responsible for something that may not be their fault. Why would either party want to take a risk?
They can be continuously reviewed and updated
As technology continues to grow and more companies are moving over to the cloud, there’s no predicting what the cyber world holds for us in five years, or even one year, from now. The good news is, an SLA isn’t technically set in stone. While nothing should be changed without both parties’ consent, there is always the opportunity to sit down together and adjust the terms as things may change.
Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?
As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.
A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.
Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.
Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.
While cyber attacks can happen to anyone regardless of the size of your company or what sector you’re in, there are some exceptions. Though hackers are good at what they do, you can make it harder for them to target your company. Even if everyone is a potential victim, you can make sure you’re not at the bottom of the totem pole. Don’t be the low hanging fruit for cyber criminals.
Follow these tips to make you less desirable or less obvious to hackers on the prowl.
While you might want an easy way to remember all your passwords, keeping them all the same is essentially asking hackers to come knocking at your door. And, they probably won’t be so polite that they’ll knock first. Your passwords should not only be unique and very difficult to figure out, but they should be different for each one of your accounts associated with your website or business.
It’s also a good idea to use fake answers for security questions and two-step verifications, as any cyber criminal with a little but of time can figure out your personal answers. If you’re worried about remembering all these passwords, you can use a password manager to help. Additionally, think twice before saving your password on websites (and credit card information) when your browser asks you.
Use a VPN
Using a VPN is a great way to protect your connection, especially if you’re hooking up to a public WiFi network. That’s because a VPN hides your IP address and encrypts all traffic coming in or out over a certain internet connection. This is one of the easiest ways to avoid being the low hanging fruit for cyber criminals.
Don’t make your hard drive an open door. Encrypt it. There are thousands of ways hackers can get into your hard drive, sometimes even physically. Block it off and make sure you’re the only one that can access it.
In addition to encrypting your hard drive, you also shouldn’t keep everything in one place. Sensitive information should be spread out among different places to make it harder for a cyber criminal to really cause damage.
We shouldn’t have to say this, but if you need a reminder, please, oh please, don’t open anything in your email that looks suspicious. A lot of the times, hackers use phishing as an easy way to hack your system. Anything that looks out of the norm probably is. DELETE and notify the company that someone is using their name and logo to try infect you.
An easy way to be the low hanging fruit for cyber criminals is by simply ignoring the issue of cyber security. Even if you’re a small business (actually, especially because you’re a small business), you should really take advice from someone who knows best. Using a managed security service is one way to go about it. Another way is to talk to us at Smeester & Associates, because we can steer you in the right direction.