alt tag

Posts Tagged ‘cyber security’


Unique IT Challenges Financial Services Providers Face Today

Tuesday, June 19th, 2018

Financial services providers find their IT challenges list is always growing because of security issues, employee needs, customer protection, regulatory laws and business requirements. Keeping up with IT concerns is important not just because failing to do so means lost business opportunities — but also, the financial services industry can incur substantial penalties over failure.

Performance Challenges

The large amount of data and secure nature of that data create a heap of unique challenges for the financial services industry. While the “if it ain’t broke, don’t fix it” philosophy is a best practice, relying on it for too long creates situations in which older hardware and software can’t perform fast enough or are incompatible with newer platforms. Aging infrastructure can cause performance and compatibility issues.

Financial services providers often rely on high-capacity internet and network infrastructure to move large amounts of data quickly and securely. When that infrastructure no longer performs it’s time to migrate to something that does. IT services can be an invaluable asset when migrating, implementing and performance-tuning new hardware and software.

Compliance Challenges

IT in the financial services industry faces unique challenges from regulation and technology; the challenges are so great that a substantial share of the IT budget can go toward meeting government mandates.

On the technology side, many businesses rely on legacy systems that either need to be better protected because of known vulnerabilities or migrated to newer and more secure platforms.

Businesses often learn about issues and challenges from a Securities and Exchange Commission audit. It is crucial to comply with making changes in order to address identified concerns from the audit. IT addresses much of the regulatory compliance challenges through technology. An IT services provider can help a financial services provider address compliance issues, with solutions for everything from backup practices to email security.

Security Challenges

The financial services industry works with both confidential information and finances, which offers a very desirable target for hackers. Security challenges are the biggest and most important issue facing financial services providers in the IT realm. In particular, the financial industry is the top target for Distributed Denial of Service (DDoS) attacks, which aim to disable online services for customers and staff alike. Businesses need to implement defensive technology that mitigates these attacks when they happen (as opposed to if they happen).

Additionally, the industry needs to protect customer data and avoid breaches, as there are always new security concerns to address. That means IT staff must keep up with software patches on all levels while also avoiding breaking features from updates with the goal of preventing attacks. Aging infrastructure is often the root of cyber-attack vulnerabilities and may need to be replaced for data protection.

Financial providers need to watch out for phishing and ransomware attacks on employees. The financial industry is on the receiving end of 8.5 percent of all phishing attacks, so IT staff must address these concerns on the technical and personal levels to avoid allowing impersonators to access private information. Ransomware is also a major concern in the industry. This increases the emphasis on keeping software patched to avoid attacks and maintaining reliable backups to minimize data loss if any attacks succeed.

If your Bay-area financial services provider business is looking to streamline its integrations with expert help, MPA Networks is here to help put years of professional expertise to use. Contact us today to learn more.

Which Industries Are Most Likely to be Targeted with Cyber Security Threats?

Monday, May 21st, 2018

To understand why some industries are targeted in cyber attacks more often than others, it’s important to understand what drives hackers and what makes a target appealing. Of the two, hackers are easier to understand:

According to a Verizon data security report, roughly 70 percent of attacks are financially motivated, and around a quarter of attacks are for espionage purposes. The rest tend to fall under the categories of personal grudges, ideological attacks, and “just for fun.”

A prime target for an attack will have some of, if not all of, the following qualities:

  • Works with important, confidential data
  • Possesses valuable information (not just financially)
  • Service disruptions require urgent action to restore access or information security
  • Target has substantial financial assets
  • Target has the financial means to pay a ransom

Businesses in the following industries often find themselves on the receiving end of a security attack because they are considered high-value targets.

1. Finance

As the financial industry works with money, it should come as no surprise that it is the most popular target for hackers. This industry is the target in 24 percent of all attacks, which are almost exclusively financially motivated. These attacks often try to compromise credentials so hackers can steal money through a second-step. Businesses in the finance space should make IT security a priority because attacks are less a matter of if and more a matter of when.

2. Healthcare

Hackers often look to exploit the urgency in the healthcare industry for a financial payout: This industry receives 15 percent of all attacks. In particular, ransomware accounts for 72 percent of all malware attacks on hospitals. The healthcare industry is singled out because disruptions to data access could put patient lives at risk, and hackers could be looking to exploit legal penalties for underprepared businesses losing data.

3. Public Sector

The public sector is a popular target because of the information it stores: Around 12 percent of all attacks are on this industry. Financial motivation only accounts for 20 percent of attacks on the public administration segment of the industry; instead, espionage is the motive in 64 percent of cases. Hackers are often trying to steal confidential information from government operations, but they still may try to go after schools with ransomware to earn a quick payout. Criminals may also target public sector operations because they believe the organization is under-resourced in IT security.

4. Retail and Accommodations

When combined, the retail and accommodations industries comprise another 15 percent of cyber attacks. In particular, 96 percent of retail attacks are financially motivated. These attacks often target payment and personal information that can be used to either directly steal money or play a role in identity theft.

5. Everyone Else

Just because your business isn’t in the four largest targeted industries, you shouldn’t fall victim to a false sense of security. Other businesses still account for 34 percent of attacks. In fact, overconfidence in existing security practices can make the difference between a failed or successful breach.

The IT experts at MPA Networks can help your Bay-Area business secure its internet-facing operations to help keep your information safe. Whether you’re in finance, healthcare, or another industry, MPA’s experience can improve your defenses. Contact us today to learn more.

Training Employees in Data Security Practices: Tips and Topics

Tuesday, April 3rd, 2018

While there’s plenty of technology available to keep your business’s data protected, the human element is still the most important piece to consider in safeguarding your company’s data. Properly training employees to understand and implement data security best practices works best when your business makes a cultural shift toward prioritizing IT security. Successfully training your staff is half about knowing how to train them and half about knowing which topics to train them on. Businesses that embrace a proactive approach to training employees on data security will have a much better track record than those that take a reactive approach.

Training Tips

Don’t just make a plan: Implement a program that focuses on training all employees. Have your business take an active role in implementing a data security program. This ensures training is far more effective than simply creating security practices, offering one-time training and hoping it works.

By implementing regular security training meetings on changing topics, your business can train your staff on a wide range of concerns.

In addition, your company can benefit from focused training while constantly reinforcing security as a priority. Hold multiple sessions that get into each topic in depth to help your employees better understand data security.

Training doesn’t end when the session ends — it’s an ongoing process. As an extension of training, your security staff should frequently send out reminders about security concerns to help employees remember what they’ve learned. Make your data security training materials easily accessible in the event staff members see a reminder and realize they should read up on a topic if they’re unclear of what the reminder is about. Additionally, C-level staff, IT and supervisors should lead by example.

Training Topics

The bad news is hackers will always create new threats for your staff to worry about — but the silver lining is that you’ll never run out of fresh topics to cover. Because of the fluidity of data security, your program will need to change which topics are covered in training and continually adjust strategy to address new threats. The following list covers just some of the many topics training sessions can cover:

  • Strong passwords and more secure authentication practices: This includes covering two-step authentication when applicable.
  • Secure Wi-Fi best practices: Explore red flags to look for when using public Wi-Fi and discuss whether public Wi-Fi should be used at all.
  • Physical device security: Cover topics such as encryption and disabling devices remotely to minimize data leaks for stolen/lost devices.
  • Use policy: Reaffirm that non-employees shouldn’t be using employee hardware.
  • Device security: Discuss the importance of keeping software patched and running security software on devices.
  • Popular methods of attack: Cover security best practices for avoiding popular phishing, man-in-the-middle and ransomware attacks.
  • Social engineering threats: Discuss the importance of the user as an essential line of defense when software can’t protect from threats.
  • Three-copy backup strategy: Explain that data is also at risk of being lost rather than stolen, and explore key backups to minimize these losses.

Hackers and thieves are known to exploit human complacency in security practices — and frequent training sessions will help employees stay aware. Is your business looking to improve its security practices? The IT consulting experts at MPA can help; contact us today to learn more.

10 Cyberattacks Your Business Should Defend Against

Thursday, March 29th, 2018

Cyberattacks are a major security concern for any business that uses the Internet. Even if your company doesn’t have a website, hackers can go after your email address and business service accounts.

Though they represent one of the more severe risks of a cyberattack, a data breach costs an enterprise $1.3 million and an SMB $117,000 on average.

Cyberattacks take many forms; your business should plan to protect itself from the following common types of cyberattacks:

1. Phishing: In phishing attacks, hackers impersonate a business in an email to persuade recipients to hand over personal information via a reply or to install malware. The email may also contain a fraudulent link to a fake version of a trusted website’s login page. Whaling and spearphishing are specific types of phishing that refer to attacks that single out a specific person or group.

2. SQL Injection: SQL injection is a technique cybercriminals use to exploit database-entry forms on a website. Rather than inputting a name, password, address or other information, a hacker will instead enter a code command designed to damage your database. This is typically successful when the website doesn’t properly sanitize and clean user-input data.

3. Cross-Site Scripting: XSS attacks occur when a hacker slips malicious code into your website or application. It’s common for hackers to exploit advertisement networks and user-feedback fields to sneak code onto a business’s public platform.

4. Man in the Middle: An MITM is similar to a phishing scam in that a hacker impersonates an endpoint in communication. For instance, the hacker might pose as a representative for your bank when communicating with you and pose as you when communicating with the bank — and obtain valuable information with this strategy. More sophisticated variations of this attack involve jumping into a legitimate conversation and impersonating a trusted individual.

5. Malware Attacks: Malware refers to malicious programs designed to infiltrate and disrupt user devices. Of all the different types of malware, ransomware is among the most high-profile and dangerous: It disables access to a device until the user pays a ransom. Trojans, worms, and spyware are other notable types of malware.

6. Denial-of-Service Attacks: DoS attacks disrupt networks and online platforms by overwhelming them with incredible amounts of traffic. Hackers can use these attacks to knock your website offline or slow your network to a crawl. Distributed-denial-of-service (DDoS) attacks are a DoS variation that utilize multiple devices to pull off the attack; one such example is the Mirai IoT Botnet, which caused a major internet disruption for the eastern United States.

7. Social Engineering: Social engineering refers to a hacker using psychological manipulation to get an employee to hand over confidential information or install malware.

8. Drive-By: These attacks trick a user into installing malware, usually a Trojan, by clicking a link in a web browser. Drive-bys typically exploit security holes in web browser plug-ins.

9. Unpatched Software: Unpatched software attacks are entirely avoidable: They work by hackers using known exploits in programs that have already been fixed. Hackers rely on the fact that some users neglect to install important updates.

10. Brute Force Password Hacks: Hackers may also seize your company and employee accounts through brute force password hacking. In this scenario, they use a program to continually guess an account’s password at login until the program finds one that works. Secure passwords will take far longer to crack, so hackers tend to target less secure accounts.

IT security is an incomplete process unless your business has the right hardware, software and employees working together to prevent attacks. The IT consulting experts at MPA Networks can help. Contact us today.

5 Commonly Overlooked Workplace IT Disasters

Wednesday, February 28th, 2018

Because IT staff get so invested in making sure software, networking and security elements are working, they sometimes overlook the human, environmental and contingency planning factors that can invite workplace IT disasters. In many cases, preventative work becomes an afterthought for IT staff who are expending all their energy on regular operations. Thankfully, planning ahead can help businesses minimize their chances of dealing with the following commonly overlooked workplace IT disasters. Here are five problems to watch out for:

1. Knowledge Loss

It’s common for an IT staff member to take on project ownership, often resulting in excellent work. However, it’s a problem for your business if the only person who understands how a project or a system operates decides to leave for another position. The rest of the team can have a difficult time picking up where the lost employee left off, especially if something breaks or needs immediate adjustment and they’re under pressure to fix it ASAP. Avert a crisis by cross-training IT staff: At least two people should know how anything works.

2. Insufficient Documentation

Proper documentation can mean the difference between a brief disruption and a catastrophe.

IT staff should prioritize documenting everything from programming code to network infrastructure maps to device use walkthroughs.

This information makes it much easier to understand how something works and how to fix it if something isn’t working. Proper documentation helps staff avoid creating disasters when making changes to something they don’t understand. Additionally, IT staff may forget how something works, and documentation decreases the learning curve.

3. Overheating Computer

Too much heat is bad for computers — it causes unplanned shutdowns and eventual device failure. In addition to making sure computer software is patched, IT staff should periodically make sure computers aren’t being used in high-heat conditions. Computers used in areas that don’t have air conditioning, lack clear airflow passage and pull in dust can all result in overheating.

4. Environmental Problems

Heat isn’t the only elemental factor that can prompt an IT disaster: A leaky pipe, a blocked vent or extreme humidity can also damage hardware. These disasters may require replacing computer hardware or entire devices. Servers and network hardware often get tucked away in closets, basements and spare rooms to stay out of the way of daily operations. Issues like exposed pipes, bad airflow, dust, debris, humidity and poor temperature management create conditions ripe for an IT disaster. For example, a pipe leak can flood a room and destroy a server. IT staff should look for and mitigate environmental factor risks.

5. Use of Improperly Tested Tech

While having confidence that you can plug in technology and it will work is a testament to advancement, it is still a recipe for disaster in the IT world. Just because a device turns on and connects to a service doesn’t mean that it’s ready for use. For example, IT staff need to thoroughly test a new AppleTV in the presentation room before a C-level employee uses it in a presentation for investors. While short-term technical failures aren’t a disaster as far as IT is concerned, they can have far-reaching effects in other areas of the business.

In some cases, not having a disaster recovery plan in place before catastrophe strikes could be considered an overlooked IT disaster in itself. The IT consulting experts at MPA Networks can help your business avoid potential overlooked disasters. Contact us today.

Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A cyberattack crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.

5 Specific IT Considerations for Remote Employees

Monday, February 5th, 2018

Businesses have a lot to gain by hiring remote employees, including the ability to recruit from a larger talent pool and the potential for less expensive workplace accommodations. However, remote employees introduce new challenges in IT security because of the lack of IT centralized IT management. While the majority of security best practices and techniques still apply, your business and its remote employees will need to take a more hands-on approach to properly protect devices and information. Remote workers introduce the following unique IT security challenges:

1. Increased Importance of Human-Based Security Policies

Remote workers need to be more self-directed when it comes to IT security, as there’s no physically centralized IT staff or infrastructure to reinforce safe practices. A business with remote employees should establish a well-developed set of strict security guidelines to protect both devices and online information.

2. Reduced Reliance on Centralized IT to Secure Devices

Any device used for company work needs to be secured with strong passwords, updated operating system software, current antivirus software and regular malware scans. All applications need to be patched to the most recent versions, too.

Hackers take advantage of weak security practices and known vulnerabilities that were patched by attacking unpatched software installations.

Employees will need to make sure all devices they use for work are properly updated and secured.

3. Potential Threats From Personal Devices

Just as with in-office staff, remote employees often use many different devices to do their jobs. They don’t use only the company-provided laptop; they may also use personal smartphones, tablets and computers. While remote IT services can access and update company-owned devices, ensuring personal devices are secured entirely falls on the remote employees.

4. A Lack of Office Network Security

Remote employees do not have the benefit of office network security. Instead, they are likely spending most of their time working on a personal network from their homes. This means employees need to configure their own secure Wi-Fi connection with a strong password and keep both their router and modem updated with the latest firmware. Additionally, remote employees need to change the default password on all networked devices, including the router and IoT devices.

5. Protecting Online Information

While office-based employees transfer a great deal of data over the internet, remote employees do almost all of their work online. If possible, your company can protect this data by configuring a VPN for remote employee use. Businesses should use cloud applications, such as Google’s office suite, whenever possible. These programs are automatically updated and won’t introduce legacy security issues with information exchanged online. Additionally, remote employees are likely to store and share most of their work over cloud-hosted platforms, so your company will also need to consider the security of those platforms.

If your business is considering the addition of remote employees or you want to make existing remote work more secure, the experts at MPA Networks can help. Through IT managed services and desktop management, we can provide your remote employees with security closer to what they’d expect from an office setting. Contact us today to learn more.

Does Fintech Pose a Threat to Cybersecurity at Financial Services Companies?

Monday, January 29th, 2018

Financial services companies should embrace a healthy dose of caution when implementing new fintech in their business. Fintech, or any technological innovation in the financial sector, is not inherently more or less secure than any other new technology, but because it works with substantial sums of money, it is a common target for hackers and would-be criminals. Financial services companies need to keep up with innovations in how people transact business including cryptocurrency, digital cash, blockchain technology, smart contracts and open banking in order to remain competitive. Therefore, it’s vital that companies working with fintech pay close attention to risk mitigation and security.

Fintech Is Growing

Bitcoin is likely the best-known and most publicly discussed story in fintech today. It’s an excellent topic for discussion because it’s well known outside of the financial industry for both its potential and problems. Bitcoin shows its potential with its fluctuating value, starting at just pennies a coin and reaching a peak value of over $15,000 USD as of early 2018. However, Bitcoin also has a high-profile case of the risk associated with new technology: the 2014 MtGox theft, which resulted in more than $800,000 in stolen Bitcoins.

As of early 2018, fintech startups continue to proliferate and innovate. Fintech startup funding reached $17.4 billion in 2016 and was on track to surpass that for 2017.

According to CB Insights, there were 26 venture-capitalist backed fintech firms with a combined value of $83.8 billion in Q2 of 2017.

Fintech is chipping away at the traditional financial institution, so the traditional businesses need to embrace it in order to remain competitive. Consumer demand drives financial services companies to use these new technologies; however, it’s the businesses that shoulder security risks.

Security Vulnerabilities Thrive in Fast-Growth Environments

Fintech’s incredible level of success is the very reason it’s a cybersecurity threat at financial services companies. With such a large number of innovations being adopted in the financial services industry, it’s inevitable that some technology won’t have sufficient security in place. If the vulnerabilities exist, it’s only a matter of time before hackers will find and exploit them. Because there are so many players with so much money on the line, it could lead innovators to push technology to the market as fast as possible at the expense of proper security development. Enterprise Innovation cites a survey respondent who expresses concern that the financial services industry can’t keep pace with how quickly fintech is evolving.

Unfortunately, there’s no easy way to cover all the possible threats that can come from new fintech — because those threats don’t exist until the technology exists. However, financial services companies must ensure they employ proper security practices. Firms need to use fintech platforms securely and ensure devices are always running the latest versions of software for security purposes. Additionally, businesses should be prepared for problems outside of their control with insurance. The 2017 Equifax hack is a warning sign for any business that wants to skimp on security, because it shows exactly how destructive the financial hacks that exploit poor security can be.

MPA Networks offers extensive experience and incredible expertise in providing IT service and support to financial services. If your business is expanding into fintech use, contact us today to learn more about how we can enhance the safety of your information and your customers.

79% of Businesses Were Hacked in 2016. Was Yours One of Them?

Tuesday, June 27th, 2017

broken-business-2237920_640

Getting caught off-guard in a cyber security attack is a disaster for any business, large or small—and the frequency of attacks is only getting worse.

According to the CyberEdge 2017 Cyberthreat Defense Report, hackers successfully compromised security at least once for 79.2 percent of businesses over the last 12 months.

These figures may be alarming, but keep in mind that all businesses can (and should) be taking proactive steps to prevent attacks, and to make a quick recovery from any breaches. Here’s how you can protect yourself, with help from a Managed Service Provider.

Increase in data breaches

Even if your business has not been attacked in the past year, the odds of staying under the radar aren’t in your favor. In 2016, businesses experienced a 40 percent increase in data breaches over 2015. The situation is especially bad for smaller businesses: 60 percent of small companies that suffer a major cyber attack go under within six months.

Less severe incidents are more common, but businesses are typically ill-prepared for them. A staggering 63 percent of small business owners report their websites have come under attack by hackers or spammers; of those attacked, 79 percent say they have no plan for what to do if it happens again. Most businesses find that mobile devices and social media services are the weakest links in their online security.

Protective Measures against Cyber Attack

The best protective measures against digital security threats are to secure networks, websites, applications, and social media platforms, and to implement a reliable backup system. The following tips provide a baseline to help your business minimize its security risks:

  • Use unique, secure passwords for all accounts including internal services, external services, email, and connected social media to prevent data breaches.
  • Activate “2-Step Verification” for applicable services.
  • Use Secure HTTP for websites and applications that pass personal information.
  • Take advantage of desktop management services; make sure computers are running up-to-date software to minimize exposure to known security holes.
  • Keep antivirus and anti-malware software updated; run scans on a frequent basis to protect from malware infections.
  • Program internally developed services to prevent SQL injection.
  • Secure the Wi-Fi/Internet and manage employee credentials.
  • Secure mobile devices, tablets, and laptops so they can be disabled if lost or stolen.

In Case of Emergency: Disaster Recovery

Ransomware is major concern for businesses these days: 61 percent of businesses say they were compromised at least once by malware demanding payment to return data. Unfortunately, some companies that decide to pay the ransom still don’t get their data back. The best thing your company can do to protect itself from ransomware is to limit the amount of damage an attack can do through backup and disaster recovery. Using the “3-2-1 backup rule” and running frequent backups can be the difference between losing all of your data permanently, and losing a single day’s work.

Digital security should never take a break. If your business is looking to build a better defense against cyber threats, the experts at MPA Networks can help with both desktop and server management. Contact us today to learn more.