Facebook-f Twitter Linkedin-in

cyberattacks

The Necessity of Dark Web Monitoring

by

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

The Modern Office and Security: What you need to know about protecting your business and its data

by

One of the most critical components of the modern office environment for a healthy, scalable business infrastructure is security. It is the cornerstone of your IT for it protects the other components that your company needs to keep thriving and surviving in the modern marketplace. Today’s business security entails much more than just an anti-virus program and requires some pre-planning as well as a regular investment of time.

This blog covers the most important things every business should know about security. Additionally, it includes what business leaders should consider to best protect their organization, data, and clientele. As you will see, having the right security in place can make the difference between growing your business and shutting its doors permanently.

Secured Access

Every business should have secured access in place for both internal and external users on its network. As a modern company, both internal and external users will be accessing your data whether its email or highly-sensitive information not meant for prying eyes. This is important because data falling into the wrong hands can cost your business its reputation, revenue, and even its livelihood.

According to the 2018 Data Breach Investigations Report by Verizon, 73 percent of breaches were perpetrated by outsiders. This means your business data needs to be protected as much as possible and that external access to your network should be limited and monitored at all times. Hackers are always looking for a way to infiltrate networks. Phishing, ransomware, and malware were among the top means used by nefarious outsiders to access business networks in 2018. Of those breaches studied, 90 percent were motivated by monetary gain or strategic advantage (i.e. business espionage).

While you may believe that your business is too small for anyone to care about hacking its data, think again. A report by USA Today shows 61 percent of cyberattacks are aimed at small and medium-sized businesses. The same piece reported that a whopping 60 percent of small businesses close their doors for good within six months of an attack so it’s clear why security is so imperative to business survival in our modern society.

Though most breaches occur due to external sources, insiders can be just as dangerous to your business. Whether due to simple user error or something more insidious such as a disgruntled employee or cyber espionage, the aforementioned Verizon report concluded that 28 percent of breaches involved internal actors. Of those breaches, 12 percent involved privilege misuse. That’s why we always recommend implementing the practice of least privilege. This means allowing access to data only to those who require it to fulfil their job duties.

Email Security

Email is the bread and butter of communication for most modern offices. The use of email for both internal and external communications is a necessity for today’s businesses so securing it effectively is imperative. The issue is that it is also a major point of entry for many attacks.

A blog by CSO from IDG shows that 92 percent of malware is delivered by email. In addition, the blog stated that the average ransomware attack (which often occurs via email) costs a company $5 million. The same blog also stated that phishing attacks is one of the most common methods of email malware infection.

There is email and network scanning software available to help protect your business. At ORAM Corporate Advisors, we recommend Mimecast for email protection. It is a terrific solution to help organizations prevent email-borne ransomware as well as protect against the associated downtime and data loss such attacks can cause. ORAM recommends Mimecast because it “safeguards employee communication and reduces risk with targeted protection, data leak prevention, and enforced security controls.”

Mimecast, which I mentioned above for email and network scanning, is also an excellent solution for data loss prevention. Its data loss prevention solution scans all emails and file attachments and identifies potential leaks using flexible polices based on keywords, file hashes, pattern matching, and dictionaries.

Another piece of modern technology you’ll want to have in place is multi-factor authentication. Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access. It adds an extra step for employees to access your network but it will help ensure your business’ data security.

In addition to software, we also recommend that employee training become a regular event. Every business should offer employee training during the onboarding process and at regular intervals throughout the year (every six months) to every employee. They should be trained not to click on email attachments or to follow links in emails from unknown or untrusted sources. Employees should also be taught to verify emails with links and attachments with a trusted source before opening them if something comes into their email that they weren’t expecting. While this training can take some time, it can prevent a costly breach later on.

Manage Your Network

While securing access to your network is important, managing your network is even more imperative to keep business operations running smoothly. Your network houses your most critical data while supporting the daily workflow and processes of your business. That means maximizing uptime, optimizing network capacity and utilization, and ensuring its protection.

There are a great deal of pieces that comprise your network and all of them need to be addressed on an ongoing, regular basis. Start with a network technology assessment and auditing. This will tell you where your network is in terms of optimization and data security. By assessing where your network is now and taking a full audit, you will be able to tell where your strengths and weaknesses are to tweak it to work at full capacity for your business needs.

In addition to regular assessments and audits of your network, you will need to plan ahead for storage, disaster recovery, business continuity, and more. Here are some of the things that go into managing a business network:

  • Email Continuity
  • IT Asset Tracking and Reporting
  • High Availability Services
  • Cloud Solutions
  • Network Design, Implementation, and Support
  • Data Assessment, Analysis and Recovery
  • Security and Monitoring Services
  • Workflow Assessment and Optimization

Up-To-Date Security

Your business should also have up-to-date technology security in place. You will want to ensure that your company has installed intrusion prevention software on all of its data networks to keep hackers from getting their hands on your information. You can check to ensure you have such software in place during the audit process.

The intrusion prevention system we use at ORAM is Cisco hardware that scans on a network level. It scans everything going into and out of your network to ensure that your network traffic is safe. This could catch someone maliciously trying to access your internal network, bad email attachments, and other threats.

In addition, you will want to put together policies for your employees that protect your business. Ensure you have a solid computer use and data loss prevention policy in place so employees know exactly when and for what purposes they can use their company devices. Make it clear what sites they should not visit and what the repercussions are for visiting non-work related sites on business devices.

You’ll also want to have a password policy in place so employees are not using the same passwords for multiple accounts or old passwords that could leave them at risk of being hacked. Passwords also need to be strong so encourage your employees to develop passwords that use letters (both lowercase and capital), numerals, and special characters. There is even software available to prompt your employees to change or update their passwords over time. You may even offer your employees a password manager so they can easily recall their passwords.

Many enterprise businesses are also moving to the cloud. Not only does this allow for greater flexibility for your employees, but it can offer greater data security. When you save both to your local network and the cloud, you have your data backed up. This is ideal in the event of a disaster and will get your business up and running again with less downtime or the worry that valuable information can’t be recovered.

Don’t Forget Your Physical Security

Remember that all data is not digital. Whether you have data files stored in locked filing cabinets or your HR employees are printing personally identifiable information (PII) during tax season, the physical security of your business is just as important as its digital security. You don’t want someone walking out with printed files or sifting through your garbage to steal information.

ORAM recommends that all businesses have a clean desk policy. This means requiring that all employees keep their desk clear of papers, notes, and other information that could lead to a breach or loss of information if it were to fall into the wrong hands. When they are not as their desk, employees should have a clean desk since everything should be put away, hopefully under lock and key.

Businesses should also limit physical access to certain areas such as file storage areas, server rooms, and other places where information is stored. If an employee doesn’t require that access to do their job on a regular basis, they shouldn’t have access. Such areas should be locked with limited persons possessing keys for access. We also recommend adding video cameras at data rich entry points to protect against a physical breach. This small addition will let administrators know who accessed the area(s) and when they did so which will help in an investigation.

Finally, you’ll want to ensure that all data is properly disposed of. Shred all hard copies before tossing paper information and consider hiring a disposal company that handles this type of waste. Don’t leave such waste out on the curb for anyone to take. Ensure the company will come in to gather paper for disposal. In addition, make sure that valuable paper data isn’t thrown into the recycle bin but is shredded before being thrown out. When it comes to cyber espionage, dumpster diving isn’t unheard of.

Have a Plan

Every business should also have a written information security plan (WISP) in place. It should include everything from regular IT audits to employee training. There are many mistakes that businesses make when it comes to backup that are completely preventable. Your WISP will outline effective administrative, technical, and physical safeguards specific to your organization to help prevent such mistakes. It will also define security measures for your business, protect against anticipated security threats, and unauthorized access. The WISP for your business will put safeguards into place to protect your data. It will also help you and your employees know exactly what to do and who to contact if disaster strikes.

If you need help with securing your modern office or want more information about building stronger security for your business, contact ORAM today at (617) 933-5060. Our experts are always here to assist you in bettering your business and data security.