authentication

The Modern Office and Security: What you need to know about protecting your business and its data

April 16, 2019 by securewebsite

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

Email Continuity
IT Asset Tracking and Reporting
High Availability Services
Cloud Solutions
Network Design, Implementation, and Support
Data Assessment, Analysis and Recovery
Security and Monitoring Services
Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.

Personal Identity Management: What You Need to Know About Protecting Yourself Online

November 20, 2018 by securewebsite

We’ve all heard the nightmare stories. Someone had their bank account breached, their social media was spoofed, or, worse, their identity was stolen. Cleanup of such issues can wreak havoc on our credit, personal, and professional lives at a cost of billions of dollars each year in the United States alone. That’s why identity management is so imperative. Here are some facts, stats, and pointers to keep you and your family members better protected online.

Identity Management & Theft
Identity management is the digital security of your identity online. It encompasses your personally identifiable information (PII) such as your birthdate, address, and banking information. Your online identity also encompasses other information found about you online from your social media accounts including Facebook, Twitter, and Instagram to your credit card accounts. Identity management, or IdM as it is known in IT circles, authenticates the identity of a user, information about them online, and who is allowed to access or modify that information.

There are several ways that cybercriminals can steal your identity online with just a bit of your PII. Here’s just a sample of what identity theft can look like:

• Applying for credit cards or loans in your name
• Withdrawing funds from your savings or checking account
• Using health insurance to obtain medical care
• Employing your social security number to steal your tax refund
• Selling your PII on the dark web to other criminals

The Cost of Theft
Time and money are two huge costs affiliated with identity theft. Anyone who has had their identity stolen, their credit card credentials lifted, or their social media breached can tell you how much time it requires to play cleanup. According to a blog by LifeLock, the average time it takes to fix an identity theft issue is seven hours. The same online article reports that in extreme cases, people may spend up to 1,200 hours over the course of a year working to resolve such issues.

The sad truth is you may personally end up investing hundreds or even thousands of dollars to repair your good name and credit. Some of the common costs for repairing identity theft can include:

• Printing fees
• Sending documents by certified mail
• Lost time at work
• Hiring an attorney
• Gas
• Police report fees

The Emotional & Physical Toll
In addition to the time and financial costs of identity theft, there are other costs as well. The Aftermath study by the Identity Theft Resource Center found, “The emotional ramifications of identity crimes continue to leave victims negatively impacted well beyond the initial incident, impacting how they manage their daily lives in perpetuity.”

Identity theft victims interviewed for the study reported long-term feelings of anger and frustration (85.7 percent), and 83.7 percent reported that they felt violated. Another 69.4 percent said they couldn’t trust others and felt unsafe as a result of being victimized online.

The negative emotional impacts left people physically ill as well. According to The Aftermath report, 84 percent of the individuals who participated in the research said they had sleep issues as a result of the identity theft they experienced. More than 77 percent reported an increase in stress levels, 63 percent had problems concentrating, and nearly 57 percent said they experienced persistent aches, pains, headaches, and stomach issues. Another 54.5 percent reported increased fatigue and decreased energy while 50 percent of people lost interest in hobbies and activities.

The Socio-Economic Impact
The Aftermath study also looked at the socio-economic impact of identity theft as well. Nearly 30 percent of victims who participated in the research reported they had to go “to family or friends to ask for financial assistance while remediating their case. For those that could not find a way to get their other needs met, 37 percent went without whatever that need was.”

Respondents in the study reported employment and educational opportunities were also impacted. More than 30 percent of victims in the study said the incident caused problems for them at their place of employment while eight percent reported issues with school as a result of identity theft. Some victims said they lost employment opportunities, benefits, or their jobs because of what happened to them.

To make matters worse, almost 39 percent of respondents said they tapped their savings to address financial needs during remediation of their case. Some even had to dip into their retirement accounts or got into debt they otherwise would not have had.

“An alarming 42.8 percent of respondents noted that as a result of their identity theft incident, they are in debt and 40.5 percent said they could not pay their bills,” reported The Aftermath study.

New Account Fraud
When it comes to identity theft, new account fraud is the most expensive, according to an online piece by LifeLock. This occurs when someone other than you opens a new account, typically a credit card, in your name with stolen PII. The article reported that in 2011, the average cost of resolving this type of theft was $354 and 12 hours of time. Today, the number of fraudulent cases has only increased and the costs have also climbed.

Child Identity Theft
Though your children may not even be old enough to spell their own name, that doesn’t stop criminals from trying to steal their information, too. According to the 2018 Child Identity Fraud Study by Javelin Strategy and Research, more than one million children were the victims of identity fraud in 2017. The fraud of children’s identity led to $2.6 billion in total losses and more than $540 million in out-of-pocket costs to families, according to the same report.

One of the most disturbing trends found in the study by Javelin is that minors who are bullied online are at an even greater risk of identity theft. The research found that victims of online bullying are nine times more likely to be the victims of fraud than those not bullied online.

Here are some great tips to help concerned parents better protect their children’s identity online:

• Train your children to protect their identity in the digital age. For example, teach them not to share login and password information.
• Pay attention to children who may be being bullied online. Children seeking friendship online are more vulnerable to becoming victims of fraud by sharing their personal information.
• Check and freeze their credit. New account fraud is the most pervasive type of fraud against children. This is the most effective method for preventing new accounts from being opened in their name.
• Monitor their accounts. Parents and guardians must actively monitor financial accounts from child savings to credit cards. Review statements online and sign up for account alerts.
• Protect physical documents. Keep sensitive documents such as birth certificates, social security cards, and passports under lock and key.
• Take notifications seriously. If you receive a notification that someone has stolen your child’s identity or that unauthorized activity has taken place on one of their accounts, move quickly to rectify the situation.
• Ask for help. If you find your child’s accounts have been breached or their identity stolen, contact banks and credit bureaus directly. This is the quickest way to close unauthorized accounts and clear their credit history.
• Sign them up for coverage. Just as you can sign yourself and your spouse up for credit monitoring, you can sign your children up for the same protection as well.

More to Chew On
A 2017 study by Javelin Strategy gives us even more information to digest. Here are some more facts and figures from their research:

• There was a 16 percent increase in identity fraud over the previous year; a record high since Javelin began tracking the issue in 2003.
• Identity fraud increased by two million victims in the 2017 study over the 2016 study.
• That increase in identity fraud meant cybercriminals stole roughly $16 billion in 2017.
• Account takeover incidents and losses rose in the 2017 report to $2.3 billion, a 61 percent increase over the previous year.
• People on social media face a 46 percent greater risk in account takeover fraud than those who shun social media.
• Being an American puts you at higher risk. According to a 2018 Internet Security Threat Report by Symantec, more than 791 million identities were stolen in the U.S. in 2016 while France came in at a distant second place with 85 million identities stolen.

What You Can Do
To protect yourself from becoming the victim of identity theft or fraud, the first step is to protect yourself with an identity monitoring program such as ID Agent, which is what we recommend here at Oram. The program monitors the dark web for your information and notifies you if your PII is found there for sale so you can be proactive about blocking thieves. The great thing about ID agent that we love is that it also monitors social media and alerts you if someone is actively targeting you. It also monitors your credit through all three major credit bureaus to let you know of any new accounts or major changes.

Should the worst happen and you do experience an identity theft or fraud, ID Agent has certified restoration specialists that will work on your behalf to completely restore your identity, even if the issue started before you enrolled. When you enroll, you get $1 million in identity insurance to cover related restoration costs.

Here are some other things you can do on your own as well if you are victimized by cybercriminals:

• Review credit card and bank statements for unusual charges. Report any that you didn’t make.
• Notify your bank(s) and creditors. Send them a copy of your ID theft report.
• Place a fraud alert on your credit files and monitor your credit reports regularly. This requires that you contact all three of the major credit reporting firms: Equifax, Experian, and TransUnion.
• Put a credit freeze on your reports.
• Close accounts you know were not opened by you or those that have been tampered with.
• File a complaint with the Federal Trade Commission.
• Contact your local police department or the police in the area where the theft took place and file a report. Make sure you get a copy.
• Change all of your account passwords and PIN numbers. Do not reuse old ones or those from other accounts.
• Contact the social security fraud hotline and request a copy of your personal earnings and benefits statement.
• Check with your local department of motor vehicles to see about getting a new driver’s license number and license.
• Contact your utility companies so thieves can’t open a new account using a utility bill.
• Ensure you are using multifactor authentication on all of your accounts.
• Sign up for credit monitoring if you haven’t already done so.

If you need help securing your personal identity online or remediating an identity theft or fraud, Oram is here to help. Call us now at (617) 933-5060 or visit us online.