As part of Cyber Security Awareness Month, RBC Bank surveyed 2,000 Canadianson their understanding of how to be secure. Many of you would fail if the survey is accurate. While 77 per cent of those questioned believe they are knowledgeable about cyber security, only 16 per cent could identify the majority of six cyber terms correctly. Nearly two-thirds could not identify the term “phishing”, which is an email designed to trick a person into clicking a link or opening an attachment in order to steal information or install malicious software. Similarly, two-thirds couldn’t identify the term “pharming,” the fraudulent practice of directing you to a bogus website that looks like a real one.
OK, knowing the slang name of a con may not be important, but knowing the signs of fraud is. Here are tips from the bank:
- Know your contacts: Remember that the government, your bank, or other businesses will never ask you for your password or PIN. And your uncle, co-worker or best friend likely isn’t asking for confidential details from you either.
- Look closely: Are there spelling and formatting errors in the email? When you hover your mouse over the link that’s included in the email, does it look valid? Are they addressing you by name, or simply “Dear Customer?” These are some tell-tale signs an email is fake.
- When in doubt, phone: If you’re not sure if an email, text or phone call is legit, call the company directly – using a number you trust — and ask if they’ve been trying to reach you.
Speaking of phishing, Trend Micro issued a warning this week about a sophisticated two-step campaign it’s seen in Canada: After hijacking an email account, the attacker looks for a conversation between the victim and another person. Then the attacker sends an email looking like it came from the second person with a malicious link as part of that message stream. In other words, the email with the malicious link doesn’t come out of the blue. Rather, it looks like it’s coming from the person in the message thread. That way the victim may be more likely to click on the link. This is why it’s so important to do everything slowly when you’re online, including reading every email, text message and social media post you get carefully.
Watch for little things like spelling mistakes, differences in the signatures, differences in email addresses. Why should one email from your friend or cousin come from “oxnard.com” and another a few minutes later from “ladyfinger.org?” In the Canadian attack, one message mixed French and English. Attackers are also getting smarter. It used to be a suspicious attachment file name was a garbled mix of letters or nonsense name like “ladyfinger.doc”. That’s a giveaway. But in this campaign the attachment file name may include your company’s name, to look authentic. Don’t be fooled.
Finally, this week Microsoft issued its monthly patches for Windows. Make sure you’ve got the latest updates. And, if you use What’sApp on a smartphone, make sure it’s the latest version. A vulnerability in older versions of the app could be used by an attacker to hijack the app by getting the user to answer a video call. This bug has been fixed in the latest Android and iOS versions.
Thank you, itworldcanada.com for the cyber security safety measures.
Cyber Security Awareness is the first step in defending your business and its data. Make sure you have the tools as well as the knowledge to successfully fend off the cyber threats. Call CITON to help you create a defense plan.
A backup is a copy of your data; a disaster recovery plan is insurance that guarantees its recovery.
HOW DOES THIS IMPACT YOUR BUSINESS?
1.) Data retention requirements
Backups are typically performed on a daily basis to ensure necessary data retention at a single location, for the single purpose of copying data.
Disaster recovery requires the determination of the RTO (recovery time objective) in order to designate the maximum amount of time the business can be without IT systems post-disaster. Traditionally, the ability to meet a given RTO requires at least one duplicate of the IT infrastructure in a secondary location to allow for replication between the production and DR site.
2.) Recovery ability
Disaster recovery is the process of failing over your primary environment to an alternate environment that is capable of sustaining your business continuity.
Backups are useful for immediate access in the event of the need to restore a document, but does not facilitate the failover of your total environment should your infrastructure become compromised. They also do not include the physical resources required to bring them online.
3.) Additional resource needs
A backup is simply a copy of data intended to be restored to the original source.
DR requires a separate production environment where the data can live. All aspects of the current environment should be considered, including physical resources, software, connectivity and security.
4.) Planning process
Planning a backup routine is relatively simple, since typically the only goals are to meet the RPO (recovery point objective) and data retention requirements.
A complete disaster recovery strategy requires additional planning, including determining which systems are considered mission critical, creating a recovery order and communication process, and most importantly, a way to perform a valid test.
The overall benefits and importance of a DR plan are to mitigate risk and downtime, maintain compliance and avoid outages. Backups serve a simpler purpose. Make sure you know which solution makes sense for your business needs. (Expedient.com)
Your business’ information is valuable. Make sure it is backed up and have a disaster recovery plan to protect it. Call CITON to formulate precautionary measures for your business.
TECHNOLOGY SHOULD HELP YOU WORK SMARTER NOT HARDER.
HERE ARE A FEW TIPS TO HELP:
Sometimes it may seem like technology can be more problematic than beneficial. Knowing how to make technology work for your business’ needs is the first step to being more productive, secure, and accessible. Here are a few tips to assist you to success:
Put it in the owner’s name.
Here’s one thing you’re almost certainly doing wrong: You probably have other employees listed as owner or administrator of your technology. Stop that! Now! Employees come and go. Even long-time, trusted employees come and go, and certainly the tech contractor will go. When they go, they may control your technology or even take it hostage.
Sure, you can get your Office 365 account back from Microsoft, but it can take days. Make sure you are listed as the owner/administrator of your website, accounting system, document storage, email system, contact manager, social media accounts, email newsletter, and any other key business technology.
Learn how to use it.
Yes, you’re the business owner. And yes, you have more important things to do than to understand how the electronic shopping cart works on your website. But take time to learn the most important technology in your company, especially the technology that manages financial and personnel data. Learn how to use your payroll application, access your Quickbooks, use your telephone system, transfer funds in your accounts and block former employees from your document storage.
Keep passwords safe.
Duh. Lock passwords in your office safe or in another place where others can’t access them. Or try a password manager such as LastPass (www.lastpass.com ), Dashlane (www.dashlane.com ), StickyPassword (www.stickypassword.com ) – just make sure they have two-step authentication (so you have to be notified in your email or by text for verification).
Lock ex-employees out.
The day – no, the minute – that you decide to terminate someone, whether an employee or contractor, make sure they no longer have access to your data. Just as you wouldn’t let an ex-employee have keys to your office, don’t let them have keys to your technology.
Make sure you have access to all employees’ data.
If your top salesperson has been hoarding her customers’ and prospects’ info on her phone, you don’t want that company asset walking out the door with her if she leaves the company. Make sure employees store all key data and sources on company-owned technology, that you have access to their files, and that you know – or better yet, can bypass – private passwords.
These helpful tips were from usatoday.com.
It is your business. Take control of it by understanding how every aspect works and how it can work for you.
6 Ways to Protect Your Business’ Data
Having a predetermined plan can be the saving grace of a catastrophic data breach. The article from Bizjournals.com explains the top 6 ways to guard your business’ data. You can also call us for information on how we, at Citon, can design a personalized defense system to protect your data.
Protecting against a data breach:
Know what to look for. One important step in preventing a data breach is knowing what to look for to prevent a third party from intentionally compromising your data. Be on the lookout for these two things:
- Understand ransomware: An increasing number of stories demonstrate the threat of ransomware — the term used to describe malicious software that will lock your business’ data, offering to provide a password to unlock the data in return for payment of a ransom.
- Suspicious or unknown emails: If you receive an email from an unknown address, do not click on any attachments or linked information. Look at the email address of the sender carefully. Scammers can mimic email accounts to look as if you’re receiving email from Google®, Yahoo!®, TurboTax®, PayPal®, or even your business associate.
Backup data regularly. Backing up your customer data will put you ahead of the game when it comes to efforts by third parties to ransom your data back to you.
Encrypt your data. As simple as it sounds, taking efforts to encrypt your data can provide a significant shield from liability in several states.
Create a computer security policy – and enforce it. Require password protection on your business computers and require the password to be re-entered after a period of inactivity. Set up firewalls, install anti-virus software, and draft an employee policy that sets certain security and privacy standards when using company computers or technology. But remember, for these safeguards to be worthwhile, you must regularly update your programs, set up strong passwords and change them regularly, and enforce your company policies.
Keep data only as long as you need it. Small businesses often get into trouble by retaining credit card information and former customers’ information longer than necessary. Maintaining customer information longer than necessary increases your chances of becoming a target for a breach and widens your potential liability.
Prepare an incident response plan. Hackers and scammers are continuously becoming more sophisticated. Even if you take all the suggested precautions, your business could still be the victim of a data breach. An incident response plan is your game plan for dealing with a breach — how the breach should be handled, who will handle it, when counsel needs to be involved, who needs to be notified and what to say about it. Having an incident response plan in place can reduce the stress, and potentially some of the liability, of a data breach.
Contact us for more information on how to protect your business.
If you have had a data breach we have specialized tools to help mitigate the damage, and get your business back up and running fast.
Your next move:
How the Cloud can change your business.
Cloud storage isn’t just for large companies. It’s also not expensive or difficult to set up. The Cloud is low maintenance, secure, and takes up minimal to no space in your office. Curious to learn how it could benefit your business? Call us at (218) 720-4435
Why moving to the cloud makes sense
I’ve written before about how small businesses should think about optimizing cloud storage. For many small business owners, cloud solutions are a sensible and affordable early choice. In fact, many small businesses now opt for cloud storage right out of the gate, since there’s minimal upfront investment and few hardware or licensing costs.
The benefits of the cloud are numerous. For one thing, data storage requires no maintenance on your side, so you don’t need a large IT department. Hardware failure is also no longer a disaster, as the company’s data isn’t isolated to a physical server or scattered across a collection of laptops and hard drives. The cloud generally has built-in redundancy.
When starting out, most businesses make use of public clouds – hosted by a third party on servers that are shared with other clients – and this typically leads to some concerns. Not only do business owners worry about having to rely on a cloud host to keep data safe, but they also fear being at the mercy of service outages and performance degradation during peak hours. While these worries are not unfounded, there’s a tendency to overemphasize them. As long as you use a reputable provider, your data should be safe and accessible. Although there have been public cloud breaches and unexpected downtime, your data’s generally safer than it was sitting on a hard drive in your office. The main reason many businesses actually abandon the public cloud is that it stops meeting their needs in a cost-effective way.