Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.



Similar documents
Internet threats: steps to security for your small business

Cybersecurity Best Practices

National Cyber Security Month 2015: Daily Security Awareness Tips

October Is National Cyber Security Awareness Month!

A Case for Managed Security

Common Data Breach Threats Facing Financial Institutions

MONTHLY WEBSITE MAINTENANCE PACKAGES

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

SENIORS ONLINE SECURITY

SIZE DOESN T MATTER IN CYBERSECURITY

Top tips for improved network security

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

NATIONAL CYBER SECURITY AWARENESS MONTH

Presentation Objectives

10 Smart Ideas for. Keeping Data Safe. From Hackers

and Security. U3A Radlett Computer Group Meeting 6-Oct-2014 V1.1

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

Read this guide and you ll discover:

How to stay safe online

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

Cybersecurity Policies and Best Practices: Protecting small firms, large firms, and professional services from malware and other cyber-threats

SMALL BUSINESS PRESENTATION

Trust the Innovator to Simplify Cloud Security

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

CKAHU Symposium Cyber-Security

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Is your data secure?

Small businesses: What you need to know about cyber security

National Cybersecurity Awareness Campaign

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

Know the Risks. Protect Yourself. Protect Your Business.

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

TMCEC CYBER SECURITY TRAINING

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Are You A Sitting Duck?

Cyber crime. lingua house. 1 Internet crime. Lesson code: 9ZE5-4PDB-KC48 UPPER INTERMEDIATE + Match the following words to their correct definitions:

A6- Sensitive Data Exposure

How-To Guide: Cyber Security. Content Provided by

Disaster Recovery Planning Save Your Business

Information Security. Annual Education Information Security Mission Health System, Inc.

Medical Information Breaches: Are Your Records Safe?

SMALL BUSINESS PRESENTATION

7 Critical Facts Every Business Owner Must Know About Protecting Their Computer Network From Downtime, Data Loss, Viruses, Hackers and Disasters

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Cyber Security. Maintaining Your Identity on the Net

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

Almost 400 million people 1 fall victim to cybercrime every year.

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

KEY STEPS FOLLOWING A DATA BREACH

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

EXIN Information Security Foundation based on ISO/IEC Sample Exam

12 Little-Known Facts and Insider Secrets Every Business Owner Should Know About Backing Up Their Data and Choosing a Remote Backup Service

ICTN Enterprise Database Security Issues and Solutions

Cybersecurity: Safeguarding Your Business in the Digital Age

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Cyber Security Education & Awareness. Guide for User s

GUIDE TO PROTECTING YOUR BUSINESS

Building a Business Case:

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Stay ahead of insiderthreats with predictive,intelligent security

Impact of Data Breaches

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Certified Secure Computer User

Security Fort Mac

Remote Access Securing Your Employees Out of the Office

Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour

High Speed Internet - User Guide. Welcome to. your world.

Statistical Analysis of Internet Security Threats. Daniel G. James

Small businesses: What you need to know about cyber security

CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October Sponsored by:

Cybersecurity Tips for Startups and Small Businesses

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY

Cyber Security: Beginners Guide to Firewalls

Desktop and Laptop Security Policy

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

PCI Compliance for Healthcare

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Defining the Value of Managed Security Services

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

DISCLAIMER AND NOTICES

Welcome to the Protecting Your Identity. Training Module

12 Security Camera System Best Practices - Cyber Safe

Transcription:

Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.

Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system 4 3. Danger: Cybercrime in progress 6 4. Complexity doesn t have to be complicated 7 5. Security Essentials 9 Computerbilities, Inc. 2

Introduction It s not a matter of if someone will attempt to breach your network, but when an attempt will occur. While technology may be developing at an incredible rate, the development of data security is usually slower, and many times only happens after we experience a disastrous data breach (such as with Target, Michael s and Neiman Marcus), or after we learn about a system bug (such as Heartbleed). But this isn t good enough anymore. Most of the world s financial and personal information is digitized, so any breach in data security is 21 st Century robbery, and any loss of data from mishandling or natural disasters is often catastrophic. We often think that these things will not happen to us. We will not experience a breach as destructive as Target and Neiman Marcus experienced, or be effected by a bug like Heartbleed. We reason that the smaller businesses are not as desirable to cybercriminals, but the fact is if you do not have any security measures in place, then your data may already be compromised. In 2013, Norton 1 reported that globally more than 1 million people were victims to cybercrime daily, which means that there are about 12 victims every second. This usually happens because network security is lax or nonexistent. Do not be like Target, Neiman Marcus and OpenSourceSSL and wait for a data security disaster to occur before you take action to protect your information; by then it will be too late. Learn from the mistakes of these large players and protect your data before a security breach or loss occurs. With this report, we will help you prepare by making you aware of the potential risks and how you can protect your data from them. 1 http://www.symantec.com/content/en/us/about/presskits/b-norton-report-2013.pptx Computerbilities, Inc. 3

Cybersecurity: The loopholes in the system The past two years have seen significant breaches in cybersecurity. In 2013, Target and Neiman Marcus became victims to the largest breach yet, exposing over 110 million 2 customer s financial and personal data. This happened because of vulnerabilities in Target and Neiman Marcus cyber security. This was predicted in 2012 by Darryl Plummer 3, the Managing Vice President and Gartner fellow: He said that through 2016, the financial impact of cybercrime will grow 10% per year, due to the continuing discovery of new vulnerabilities. While Plummer didn t predict these specific events, he was dead right when he predicted that there would be an increase in the cost of cybercrime as we discovered vulnerabilities in our security systems. But what were the vulnerabilities at Target and Neiman Marcus? It is suggested that about two months prior to what would become known as the largest security breach to date, cyber criminals began sending out troves of phishing emails. Later, they sifted through the collected information to find promising potential victims. One of these emails made it to an HVAC firm connected to Target, where an unsuspecting employee opened the malicious email allowing malware to infect the system. The malware eventually allowed the hackers to gain access to the Point-of-Sale devices and made off with the financial information and personal data of millions of unsuspecting shoppers. In July of 2013, Neiman Marcus 4 was similarly breached. Hackers gained access to their systems and continued to steal card information from customers until October 2013, when the breach finally came to light. 2 http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/ 3 http://www.gartner.com/it/content/1842100/1842125/december_21_top_predictions_2012dplummer.pdf?userid=35 627490 4 http://www.neimanmarcus.com/nm/security- Info/cat49570732/c.cat?icid=topPromo_hmpg_ticker_SecurityInfo_0114 Computerbilities, Inc. 4

Although hackers are responsible for these attacks, the attacks were also made possible by vulnerabilities in Target and Neiman Marcus cyber security. One report 5 stated that Target may have inadvertently made it easier for attackers by leaving massive amounts of internal documentation for vendors on its various public-facing Web properties that do not require a login. This means that Target allowed large amounts of sensitive information to remain on their public facing systems for significant amounts of time, without requiring users to log back in. This leaves data vulnerable and easy to access because the data is not encrypted during that time. So what were the vulnerabilities in Target and Neiman Marcus cyber security? It all comes down to negligence to their cyber security system. One of the first steps to having strong cyber security is being educated about the potential dangers to your data and knowing best steps for avoiding those dangers. It s impossible to know if the HVAC firm educated their employees on how to identify questionable emails and links, but if you do take the time to educate your employees than you will decrease the risk of having your network compromised the same way Target s was. You have probably heard the saying Time is money, well, in this day and age, so is information. The breach cost Target $17 million 6 in expenses and caused their profits to fall by 46%, but it also cost many of their customers to lose money as well, which isn t good for customer loyalty. This is why it is critical for your business that you plan ahead by having strong data security measures in place. The time and money that you will put into data security will be far less than the time and money you could lose if your data is stolen or lost. Making sure you have excellent network security can seem daunting, because there are so many different levels to keeping your data secure, but it is quantifiably worth it in the end. 5 http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/ 6 http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-thehits-could-keep-on-coming/ Computerbilities, Inc. 5

Danger: Cybercrime in progress Protecting your data against cybercrime is only one aspect to data security. Data can also be exposed or lost due to bugs, negligence, because of a lost or stolen device, or even because of a natural disaster. Data loss is data loss, and the cost is just as steep, no matter if it was stolen by cybercriminals, misplaced or destroyed in a disaster. In the 2013 Cost of Data Breach study, it was reported that negligence and system glitches together accounted for 64 percent of data breaches last year. These can include employees mishandling information, violation of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access. Heartbleed, a bug found in OpenSourceSSL in March 2014, is one such system glitch. OpenSourceSSL is a free cryptographic software library. The code in OpenSource is the foundation for about 2/3 of all websites. In 2012, the Heartbleed 7 bug, which is a piece of faulty code, was introduced to the system allowing an unwanted third party to access sensitive information (such as certificates, usernames and passwords, emails and documents) without you ever knowing that your data security had been compromised. This was not an attack. It was not planned by cyber criminals, it was, simply an accident. However, it was an accident that exposed 2/3 of the web to high risk. Picture this: While a bank is being built a tunnel is mistakenly included in the blueprints and added to the building. This tunnel allows direct and unobserved access to the vault. Anyone who knows where to find the entrance to this tunnel can now waltz right into the vault and take whatever they like, without anyone every knowing. Heartbleed was like that tunnel, and while Heartbleed has been patched, it doesn t mean that this cannot or will not happen again. The best thing you can do is stay informed on the latest breaches and bus. That way, you will be able to act quickly when you need to. 7 http://heartbleed.com/ Computerbilities, Inc. 6

What should we learn from Heartbleed? In their annual 2014 security report, Cisco 8 summed it up nicely: There should be an assumption by all users that nothing in the cyberworld can or should be trusted. You should never assume that an application you are using has all of its glitches and vulnerabilities worked out. But you should assume that something will go wrong eventually. So plan for the future. This way, you will be ready and the likely hood of your data being exposed will be exponentially smaller. Sometimes, it is an accident or disaster that exposes your data. It was reported by Aon Benfield 9, that the global cost of natural disasters to businesses totaled $192 billion 10 in 2013. In the US alone, we have seen an incredible amount of natural disasters in 2013-2014, including earthquakes, tornadoes, and massive snowstorms. Chances are that your business will be affected by a natural disaster at some point, and it is best to be prepared. Accidents that leave your data exposed can happen at any time. Work phones or laptops can be stolen, lost or broken, causing exposure of critical data that could be taken advantage of by cybercriminals or a disruption in business continuity costing you time and money. Complexity doesn t have to be Complicated In the past year, reporters have started to use words like cybergeddon or digital apocalypse to describe what the last two years have been like for data security. Sometimes it feels like it is impossible to guarantee the safety of our sensitive and critical data. How can you possibly protect yourself against cybercriminals, system glitches, negligence and natural disasters all at once? In some sense, it is as simple as this: be prepared. Learn about the various risks to your data, and stay current on security risks and best practices. Some people were exposed longer by Heartbleed because they had no idea it existed. For example, about 900 social insurance numbers were accessed from a Heartbleed breach at a Canadian Revenue agency. The hackers had access to the data for six hours before anyone found the breach, which is why they were able to get so many social insurance numbers. 8 https://www.cisco.com/web/offer/gist_ty2_asset/cisco_2014_asr.pdf 9 http://thoughtleadership.aonbenfield.com/documents/20140113_ab_if_annual_climate_catastrophe_report.pdf 10 http://www.ibtimes.com/report-ten-most-expensive-natural-disasters-2013-1540058 Computerbilities, Inc. 7

There are also a few relatively simple things that you can do to make sure your data is secure. First, always use a complex password 11. This means that your passwords should have a combination of upper and lower case letters, numbers, and symbols. By always using a complex password, you will be increasing the complexity of your password when it is stored and encrypted, making it harder for hackers to break your password and gain access to your information. Passwords are the first line of defense, so you need to make sure your defense is strong. The next line of defense is data encryption. One of the reasons hackers were able to steal so much data from Target was because of the lack of encryption. With most business email services, there is a timed log-out setting. This means that if you are inactive in your email for a while, the software will automatically log you out. This is a great security measure because it means your data is encrypted again after a set amount of time. Target didn t have this feature on their public facing web properties, so customer data was left exposed, and could easily be stolen by cyber criminals. It s not only important that you have encryption, but it s important that you determine the level of encryption. 256-AES is currently the highest encryption standard. With 256-AES, it would take a supercomputer longer than the age of the universe to crack the encryption (which is longer than 149 trillion years). Eventually, someone will probably find a way to crack 256-AES encryption, but in the meantime, it will take a cybercriminal an annoyingly long time to break the encryption and steal your data, so they would likely move on to someone else. If a cybercriminal does break your password or gain access to your device through a phishing email or a watering hole website, then they will use viruses or malware to begin siphoning out your data. The best way to protect your data against computer viruses and malware is to install antivirus software, such as 11 http://www.computerbilities.com/password-complexity/ Computerbilities, Inc. 8

Vipre 12, McAfee 13, or Symantec 14. And these companies can secure all of your devices, including your mobile devices, making sure that your data is secure no matter which device you are accessing it from. While these steps can help insure that your data remains secure and exactly where it should be, they will not help maintain business continuity should a breach, disaster, or accident occur. If something should happen and you should lose your data for some reason, having backup redundancy or a Business Continuity Plan may be the only thing that keeps your business going. There are several different kinds of backup: image, tape, hard drive and cloud are a few. They each have their strengths and weaknesses, and they will all fail you eventually. That is why backup redundancy is so important. You should always have both on-site and off-site backup, and several different forms of backup. If one backup fails or is destroyed, you will have other options. Security Essentials No matter what business you are in, you have a network that contains data which is vital to the continuity of your business. This is why it is essential that your data stays secure. You will need to have protection in place in the case of a security breach; negligence or accidents; and natural, or man-made disasters. Many aspects of data security are relatively simple, such as using complex passwords, making sure your cloud service uses AES- 256 bit encryption, having redundant backup, and using antivirus software. But data security also requires that you stay up to date with the latest security breaches, bugs, and best practices so that you will know when you need to update your security system. Do not be like Target or Neiman Marcus and wait for the cybergeddon. Act now so you do not have to spend more money later. 12 http://www.vipreantivirus.com/ 13 http://www.mcafee.com/us/ 14 http://www.symantec.com/index.jsp Computerbilities, Inc. 9

To help make this easier for you, we have come up with 5 Security Essential: 1. Backup Before you do anything, you need to backup your network. If you lose your data for any reason, having backups will allow you to get your business back up and running. 2. Security Audit If your IT support has not done a security audit on you network in a while, this is a good place to start. A Security Audit will let you know exactly where the holes in your data security are. If you don t have IT support but would like to know how secure your network is, we will come and give you a free security audit just call us at (919)469-5060. 3. Antivirus Antivirus software will seek out and remove, or sometimes quarantine, potentially harmful programs on your network. If you don t have antivirus software set up on your computer, set it up now, and if you already have antivirus software, make sure it is kept updated. 4. Firewall A firewall will help prevent unwanted third-parties from getting in. Unlike antivirus, firewalls do not actively seek out and remove harmful programs, instead it filters programs before they enter your network and only let those that you allow or are secure in. 5. Spam Filter A spam filter will check all incoming mail for viruses and spam, keeping both out of your inbox. Make sure that your email has a spam filter because it will help protect you against email attacks, such as phishing scams, and viruses. This list is not exhaustive but it is a good place to start when setting up data security on your computer network. Computerbilities is dedicated to providing accessible, understandable, and, most importantly, preventive IT support. If you have any questions about data security, please do not hesitate to contact us at (919)460-5060, or by visiting our website: www.computerbilities.com. Computerbilities, Inc. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information