alt tag

Posts Tagged ‘Data breach’


79% of Businesses Were Hacked in 2016. Was Yours One of Them?

Tuesday, June 27th, 2017

broken-business-2237920_640

Getting caught off-guard in a cyber security attack is a disaster for any business, large or small—and the frequency of attacks is only getting worse.

According to the CyberEdge 2017 Cyberthreat Defense Report, hackers successfully compromised security at least once for 79.2 percent of businesses over the last 12 months.

These figures may be alarming, but keep in mind that all businesses can (and should) be taking proactive steps to prevent attacks, and to make a quick recovery from any breaches. Here’s how you can protect yourself, with help from a Managed Service Provider.

Increase in data breaches

Even if your business has not been attacked in the past year, the odds of staying under the radar aren’t in your favor. In 2016, businesses experienced a 40 percent increase in data breaches over 2015. The situation is especially bad for smaller businesses: 60 percent of small companies that suffer a major cyber attack go under within six months.

Less severe incidents are more common, but businesses are typically ill-prepared for them. A staggering 63 percent of small business owners report their websites have come under attack by hackers or spammers; of those attacked, 79 percent say they have no plan for what to do if it happens again. Most businesses find that mobile devices and social media services are the weakest links in their online security.

Protective Measures against Cyber Attack

The best protective measures against digital security threats are to secure networks, websites, applications, and social media platforms, and to implement a reliable backup system. The following tips provide a baseline to help your business minimize its security risks:

  • Use unique, secure passwords for all accounts including internal services, external services, email, and connected social media to prevent data breaches.
  • Activate “2-Step Verification” for applicable services.
  • Use Secure HTTP for websites and applications that pass personal information.
  • Take advantage of desktop management services; make sure computers are running up-to-date software to minimize exposure to known security holes.
  • Keep antivirus and anti-malware software updated; run scans on a frequent basis to protect from malware infections.
  • Program internally developed services to prevent SQL injection.
  • Secure the Wi-Fi/Internet and manage employee credentials.
  • Secure mobile devices, tablets, and laptops so they can be disabled if lost or stolen.

In Case of Emergency: Disaster Recovery

Ransomware is major concern for businesses these days: 61 percent of businesses say they were compromised at least once by malware demanding payment to return data. Unfortunately, some companies that decide to pay the ransom still don’t get their data back. The best thing your company can do to protect itself from ransomware is to limit the amount of damage an attack can do through backup and disaster recovery. Using the “3-2-1 backup rule” and running frequent backups can be the difference between losing all of your data permanently, and losing a single day’s work.

Digital security should never take a break. If your business is looking to build a better defense against cyber threats, the experts at MPA Networks can help with both desktop and server management. Contact us today to learn more.

Where’s Your Company’s WISP? Why You Need One NOW

Tuesday, June 14th, 2016

writing-1149962_640

A WISP is one of the most important documents for any company doing business over the Internet—which, in this day and age, is pretty much everybody. Who’s responsible for drafting and maintaining your company’s WISP? Or are you even sure what a WISP is? If not, your company is already at serious risk for additional legal action—lawsuits and punitive fines—following a data breach, whether the result of external hacking or internal human error.

WISP stands for Written Information Security Programessentially your company’s formal road map for safeguarding the privacy of customers’ Personally Identifiable Information (PII), as well as a response plan after a data breach—including customer notification.

WISPs are already required for companies dealing in financial services (the Gramm–Leach–Bliley Act) or medical health records (HIPAA). Additionally, most states now have their own laws governing data privacy standards for businesses.

Here in California, the California Data Protection Act (Civil Code Section 1798.80-1798.84) requires businesses to “implement and maintain reasonable security procedures” to ensure the electronic privacy of customers’ personal information—their names combined with any of the following:

  • Usernames/passwords for online accounts
  • Social Security/Driver’s License numbers
  • Credit/debit card numbers
  • Medical history/health insurance records

How Much Is “Reasonable”?

The tricky thing here is that the California law doesn’t define what “reasonable security procedures” really are. And if even one of your customers resides out of state, your company is likewise bound by the corresponding data protection laws in that state—such as Massachusetts, where a WISP is a legal business requirement. At a time when new corporate data breaches seem to grab headlines every month, a formal WISP program for any company—large or small—is just good common sense.

Cover All the Bases

What are the elements of a comprehensive, iron-clad WISP? Here are the essential points to cover:

  • The designated person(s) to administrate the WISP
  • An assessment of reasonably foreseeable risks to security/confidentiality of protected PII data
  • Locations where personal information is stored (electronic or hard copies, as well as access from portable devices)
  • Specific measures to safeguard confidential data (encryption, firewalls, security patches, or more)
  • Ongoing employee data security training, with disciplinary policy for WISP violations
  • Monitoring and review of the program’s effectiveness, annually or as necessary
  • Your company’s official breach response plan

The Commonwealth of Massachusetts offers a good WISP template for small businesses here.

Most importantly, if your company is partnered with a managed service provider or other third-party IT services, make sure they’re on board with your WISP program—that they’ll take time to assist in crafting your initial policy in addition to providing regular enforcement and documentation. We certainly will.