Tag Archive for: Cybersecurity

IT Security for Working at Home

/in , , , , /by

Unfortunately, due to the Coronavirus many employees have been forced to work from home, or may be working from home in the near future. If you find yourself in this situation it’s important to remember to follow the best IT security practices when working from home to not put your company at risk of an online virus or cyberattack.

Working remotely can be challenging because you likely don’t have the same security safeguards in place at home as you do in the office. In addition, most people have multiple devices connected to their home Wifi, including personal computers, smartphones, game consoles, etc. These can all offer hackers a gateway into your home Wifi which can then give them a backdoor into the corporate device you are working from. It’s up to you to implement your own layers of security controls at home to prevent your company’s data from being breached.

 

Cyber criminals love to prey on companies when they are most vulnerable, and one of the weak spots they look for is employees who are not following the best IT security practices for working remotely.

Below is a list of things you can do to prevent cyberattacks while working remotely. You should follow these guidelines whenever you are logged into a corporate laptop or phone, even if it’s just to check a few emails.

IT Security Checklist for Remote Employees

Only Use Secure Wifi

  • Avoid using Public WiFi
  • Use a VPN (Virtual Private Network)
  • Change the default Wifi router passwords to something more secure
  • Update router firmware

Protect Your Workspace

  • Don’t use your personal computer for work
  • Don’t let anyone eavesdrop on what you are working on
  • Encrypt sensitive data in emails
  • Don’t use the same passwords on work devices as you do personal devices
  • Update software for all devices that are connected to your home network (this includes personal computers, television services, game consoles, thermostats, etc.)

Secure Your Devices

  • Update firmware
  • Create strong passwords using multi-factor authentication
  • Review and follow corporate policies and procedures
  • Don’t leave your work devices unaccompanied in a vehicle
  • Keep your home or apartment securely locked

Read about having a secure bring your own device policy >>

Use Common Sense

  • Don’t share your work devices with family or friends
  • Don’t post business itineraries or corporate information online. This includes posting photos that may show addresses, client information, or any other personal or business information in the background
  • Don’t let your guard down. It’s easy to feel comfortable at home but practice the same IT security best practices at home as you would at work

Report Any Security Issues Immediately

  • Don’t wait until it’s too late. If you fear your work computer has been breached contact an IT professional within your company immediately

 

Want to learn more about working from home safely? Read about Threat Remediation while working from home >> 

Fill out the form below or contact PCR Business Systems if you have any questions about setting up a secure workspace for your remote employees.

 

It’s Time to Have a Talk with your IT Company

/in , , , , /by

The relationship between a business and IT team or IT person used to be so simple. Do you remember those old Saturday Night Live skits with Jimmy Fallon playing “Nick Burns: Your Company’s Computer Guy?” It was kind of like that, only with less sarcasm.

You would call up your IT Company when you had an issue with your server or a company computer, and someone would come over and fix it.

Today, things are much more complicated. Akron, OH IT Service providers are not only tasked with keeping your networks up and running, but they are also your first line of defense against cyberattacks. If they fail to adequately protect your network, or if their own system gets hacked into, your IT provider could destroy your business and everything you worked so hard for.

We meet with one or two companies every month whose business is on the brink of disaster because their IT company failed to properly secure their network or because they didn’t have a proper backup plan in place. Please, don’t let this happen to your business.

It’s OKAY to ask questions

It’s important to have an open dialogue with your in-house IT team or outsourced IT company to learn everything about what they are doing, and what they plan to do in regards to your company’s Information Technology.

Whether or not you outsource your IT or have an in-house team on staff, your IT provider is an extension of your business. You need to stay on top of what they are up to just as you would one of your employees. Often, business leaders will simply write a check and let the IT provider do “their job.”

10 questions to ask your IT Company

 

Please, have a conversation with your IT Company and ask specific questions about things like cybersecurity, backup plans, and network monitoring.

As we wrote in the article The Wild West of IT Services, there are no regulations governing IT Service Providers. It’s up to you to do your homework before hiring an IT person or team, and to continuing monitoring the work you are doing for you.

What Questions should you ask?

We have created a Cyber Security Risk Assessment that we encourage you to take. This questionnaire takes less than five minutes to complete and will give you an idea of how well your IT Service Provider is managing your network security and protecting your business against cyberattacks.

IN ADDITION, feel free to ask your IT Company any of the questions from this assessment. If there is a question you are unsure of, ASK your IT Provider for the answer. This is a great tool to help you get the conversation started.

 

Feel free to email me directly with any questions.

Pat Carroll

5 Ways to Protect your Business from Cyber Threats

/in , , /by

Think of your internet and sensitive data like you would a car. We take several preventative measures to keep our vehicles from being the target of thieves. We lock our doors, hide valuables from plain sight, install car alarms and anti-theft devices like the Club, and avoid parking in unsafe and dimly lit areas.

So why don’t we always take similar steps to protect our computers and smart phones from people looking to steal our valuable information or money from our online accounts?

Just like car thieves, most hackers look for easy targets. They’ll prey on victims with weak passwords or who use unsecured WiFi to access important financial accounts or to make online purchases. Fortunately, just like with keeping our cars from getting stolen or broken into, a little cyber defense can go a long way in keeping you from getting hacked.

Below are 5 simple things you can do RIGHT NOW to minimize your chances of being hacked.

1). Make sure your security software is up-to-date. Don’t ignore those notifications that pop-up on your screen telling you that your operating system requires an update. That update may contain critical security patches that must be installed in order to keep your system protected from hackers.

Email programs, apps and web browsers should all be updated whenever a software update is available. In addition, as we wrote in the article “End of the Road for Windows 7 and Windows Server 2008,” make sure you are using an operating system (OS) that is not obsolete. Using an OS or any software that is no longer supported can leave you extremely vulnerable to a cyber-attack.

2). Create strong passwords, change them regularly, and don’t use the same password for everything. This seems pretty simple, and it is! In the unfortunate event that a hacker gains access to one of your passwords, for example your Facebook login; you can mitigate the damage by ensuring that password is ONLY used for Facebook. If you use the same password for Facebook as you do for your online banking, email, etc. you could be in real trouble as hackers will have access to all of those accounts.

Fortunately, you can prevent hackers from gaining access to any of your accounts by creating strong passwords with a variety of numbers, capital letters, and unique characters, and changing them regularly. Keep a log of your passwords locked in a safe place in your desk or your home.

3). Use Multi-Factor Authentication on all devices. In addition to password protection, you can also thwart off hackers by using multi-factor authentication for all connected devices. Multi-factor authentication simply means that you must present multiple credentials (in addition to just a single password) to gain access to your device or account. Using Multi-factor authentication will help protect your sensitive data against the leading cause of data security breaches– stolen credentials.

4). Install proper antivirus software. If you already have up-to-date security software installed, good for you! You’re one step ahead. If you don’t, make sure you install a firewall today and stay current with updates. Do your research before installing any program or software, and feel free to give us a call at 330.572.7575 or email directly at pat@pcrbusiness.com and we can recommend the best antivirus and antimalware software on the market today.

5). Limit the use of public WiFi and unsecured devices. Do your best to only browse the internet from a secure network. While we understand this may be difficult while traveling, especially if you need to book a last minute hotel or pay a bill online, try to find a network that is safe and password protected. Never use open Wifi for accessing email or important accounts. Just as you wouldn’t leave your purse or laptop on the front seat of your car for a would-be thief to see, you should never display sensitive data on an unsecured network for hackers to get their hands on. Troubleshooting internet connection problems>>

Staying ahead of hackers can be a challenging task. However, implementing these five things today will at the very least make it more difficult for hackers to gain access into your data–limiting the chances they’ll go after you in the first place.

For more information on how you can protect your business from cyber attacks visit  us at pcrbusiness.com and check out more posts from our blog.

 

In Business since, 2004, PCR Business Systems is the leading IT Service Provider in Akron, OH and is SOC 2 Audited and Certified. Schedule a free review of your IT today!

Best Practice Approach to Data Security

/in /by

Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at pat@pcrbusiness.com or (330) 572-7526 x 1001.

PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.

Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:

  • Centrally controlled, monitored Antivirus
  • Device control with routine patching – not just Windows, all programs – java, adobe etc
  • Unique user IDs with central control
  • Modern Backup – no tapes

Preventative measures that all companies need to implement:

  • No users with admin rights to computers
  • No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
  • User awareness training – people are the easy target
  • Best in class, properly configured email security – .js, .exe, .zip should never get through
  • Multifactor authentication on all web facing logins – Office365 is a must

Know your risks and review at least annually:

  • Where is sensitive data stored?
  • Typical – PII, EHI
  • Trade Secrets
  • Non-Typical

In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

Know how an attacker is most likely to strike:

  • Use information
  • Trick users to send money
  • Demand a ransom
  • Expose your information?

You have been attacked, what will save you?

Properly configured backup

  • Test it
  • Attack it – test permissions, try to get to it

Properly configured firewall

UTM FEATURES

  • Intrusion Detection with alerting configured
  • IP Reputation
  • Content Filtering
  • Look for suspicious activity leaving the network

Misc:

  • Banking – Know your exposure. Consider Positive Pay on checks and ACH
  • Cyber Liability Insurance
  • Be careful on the questions they require
  • Know what they won’t cover

 

 

 

Pat Carroll 

pat@pcrbusiness.com  (330) 572-7526 x 1001

 

 

Network Security Risk Assessment

/in , /by

Is your business at risk for a Cyber Security Attack?

Our questionnaire will assess your Cyber Security risks and help prevent attacks from ever occurring.

Prevention… In the NFL, it’s a defensive scheme designed to guard against the big play. Except, it seems every time I watch a team go into the prevent defense the opponent drives down the field in a matter of seconds and kicks the game-winning field goal.

Maybe I’ve watched too many Browns games over the years, but this conservative approach to winning always seems to end poorly. I like a coach who goes after the quarterback when the game is on the line—a coach who brings the heat and always keeps the offense off-balance.

I feel the same way about defending against hackers. As soon as you relax your cyber security defense, hackers will find a way to attack where you’re most vulnerable.

 

Free Cyber Security Assessment for Small Businesses

Prevention is key to preventing a cyber attack, but it’s not as simple as putting a few security measures in place to guard against the big attack. You must have a proactive prevention plan in place, you must stay up-to-date on the latest cyber security risks, and you must keep the pressure on hackers by constantly updating and monitoring your network to let them know not to mess with your business.

As we’ve written about in our Cyber Crime Files, cyber attacks can happen to any size business. That includes yours.

So what can you do to actively prevent a cyber attack? You can start by taking this cyber security network assessment to see if your business is prepared.

We designed this high-level cyber security assessment exclusively for small businesses owners so that you can assess your cyber security risks and conclude if you have the proper preventative measures in place.

We hope you find value in our cyber security assessment. If you have any questions please feel free to reach out and we’ll be happy to help your business set up the best defense against cyber criminals.

WannaCry’s Long-Lasting Effect On Cybersecurity

/in , /by

The cycle of news today moves very quickly, and certain stories can be lost in its wake. The massive WannaCry ransomware attack took place more than a year ago, and many people have forgotten about it at this point. The WannaCry attack spread worldwide in a matter of days, affecting more than 230,000 computer systems. The cyber attack bypassed antivirus software and heavily encrypted data on many of those computers. This caused all sorts of issues across many industries. Pieces of sensitive information in critical infrastructure were blocked from access and unretrievable.

It Is Still Out There

The self-propagating nature of WannaCry means that it is still out there and has not stopped trying to infect more systems. The number of WannaCry ransomware attacks has slowed, but it still one of the largest across the globe. This situation clearly dictates how many people and businesses do not take their security seriously enough. It also stresses how we must pay attention to threats even after they have left the news cycle. This far-reaching and long-lasting teaches the valuable lesson that no one can guarantee your complete online safety. However, there are safeguards you can put in place to defend the continuity of your business.

There Are Precautions You Can Take

Many people think a cyber attack will never happen to them. You might think that you will never get in a car accident, but that is not a good enough reason to not have car insurance. There is even a patch that Microsoft put out to protect systems from this piece of ransomware months before the attack ever hit, but many organizations still haven’t applied the update. The WannaCry attack is a perfect demonstration of why companies should be investing in robust and responsive data backup and disaster recovery solutions.

Investing in business continuity and data recovery strategies will protect your systems and the future of your business. A data breach is much less costly when you only have to restore your information systems from scratch. Virus protection like firewalls, intrusion detection, penetration testing, and network security and compliance are crucial defenses to have, but just putting walls up is never enough. You need to know that even when the defenses fail, your operations will be safe.

Let Us Protect Your Critical Business Functions

You can rely on PCR Business Systems for backup solutions that make sense. Our solutions will stay out of your way and let you have the peace of mind to go about your typical work day knowing that your data is safe and protected. Even when the next WannaCry attack happens, you can just restore straight from the backups and get back to work.

We can help you build your business continuity plan with reliable recovery time objectives and targeted risk management to prepare for the most likely threats. Contact PCR Business Systems today to learn more about our services and how we can help you defend your productivity to achieve your goals.