Tag Archive for: Cybersecurity

Best Practice Approach to Data Security

/in /by

Below is a summary of the presentation given by PCR Business Systems president, Pat Carroll, at the 2019 Day Ketterer CyberSecurity Seminar. For more information on protecting your business from cyber attacks, or if you have any doubts about your network security you can contact Pat directly at pat@pcrbusiness.com or (330) 572-7526 x 1001.

PCR is also offering Northeast Ohio businesses a free network security audit to make sure you have the proper cybersecurity measures in place. Remember, it’s much easier to prevent a cyber attack than it is to recover from one.

Simple things that companies can do to guard against cyber attacks. These items need to be in place before anything else:

  • Centrally controlled, monitored Antivirus
  • Device control with routine patching – not just Windows, all programs – java, adobe etc
  • Unique user IDs with central control
  • Modern Backup – no tapes

Preventative measures that all companies need to implement:

  • No users with admin rights to computers
  • No elevated permissions logging in for normal computer use – domain admin or 365 admin etc
  • User awareness training – people are the easy target
  • Best in class, properly configured email security – .js, .exe, .zip should never get through
  • Multifactor authentication on all web facing logins – Office365 is a must

Know your risks and review at least annually:

  • Where is sensitive data stored?
  • Typical – PII, EHI
  • Trade Secrets
  • Non-Typical

In addition, schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

Know how an attacker is most likely to strike:

  • Use information
  • Trick users to send money
  • Demand a ransom
  • Expose your information?

You have been attacked, what will save you?

Properly configured backup

  • Test it
  • Attack it – test permissions, try to get to it

Properly configured firewall

UTM FEATURES

  • Intrusion Detection with alerting configured
  • IP Reputation
  • Content Filtering
  • Look for suspicious activity leaving the network

Misc:

  • Banking – Know your exposure. Consider Positive Pay on checks and ACH
  • Cyber Liability Insurance
  • Be careful on the questions they require
  • Know what they won’t cover

 

 

 

Pat Carroll 

pat@pcrbusiness.com  (330) 572-7526 x 1001

 

 

Network Security Risk Assessment

/in , /by

Is your business at risk for a Cyber Security Attack?

Our questionnaire will assess your Cyber Security risks and help prevent attacks from ever occurring.

Prevention… In the NFL, it’s a defensive scheme designed to guard against the big play. Except, it seems every time I watch a team go into the prevent defense the opponent drives down the field in a matter of seconds and kicks the game-winning field goal.

Maybe I’ve watched too many Browns games over the years, but this conservative approach to winning always seems to end poorly. I like a coach who goes after the quarterback when the game is on the line—a coach who brings the heat and always keeps the offense off-balance.

I feel the same way about defending against hackers. As soon as you relax your cyber security defense, hackers will find a way to attack where you’re most vulnerable.

 

Free Cyber Security Assessment for Small Businesses

Prevention is key to preventing a cyber attack, but it’s not as simple as putting a few security measures in place to guard against the big attack. You must have a proactive prevention plan in place, you must stay up-to-date on the latest cyber security risks, and you must keep the pressure on hackers by constantly updating and monitoring your network to let them know not to mess with your business.

As we’ve written about in our Cyber Crime Files, cyber attacks can happen to any size business. That includes yours.

So what can you do to actively prevent a cyber attack? You can start by taking this cyber security network assessment to see if your business is prepared.

We designed this high-level cyber security assessment exclusively for small businesses owners so that you can assess your cyber security risks and conclude if you have the proper preventative measures in place.

We hope you find value in our cyber security assessment. If you have any questions please feel free to reach out and we’ll be happy to help your business set up the best defense against cyber criminals.

WannaCry’s Long-Lasting Effect On Cybersecurity

/in , /by

The cycle of news today moves very quickly, and certain stories can be lost in its wake. The massive WannaCry ransomware attack took place more than a year ago, and many people have forgotten about it at this point. The WannaCry attack spread worldwide in a matter of days, affecting more than 230,000 computer systems. The cyber attack bypassed antivirus software and heavily encrypted data on many of those computers. This caused all sorts of issues across many industries. Pieces of sensitive information in critical infrastructure were blocked from access and unretrievable.

It Is Still Out There

The self-propagating nature of WannaCry means that it is still out there and has not stopped trying to infect more systems. The number of WannaCry ransomware attacks has slowed, but it still one of the largest across the globe. This situation clearly dictates how many people and businesses do not take their security seriously enough. It also stresses how we must pay attention to threats even after they have left the news cycle. This far-reaching and long-lasting teaches the valuable lesson that no one can guarantee your complete online safety. However, there are safeguards you can put in place to defend the continuity of your business.

There Are Precautions You Can Take

Many people think a cyber attack will never happen to them. You might think that you will never get in a car accident, but that is not a good enough reason to not have car insurance. There is even a patch that Microsoft put out to protect systems from this piece of ransomware months before the attack ever hit, but many organizations still haven’t applied the update. The WannaCry attack is a perfect demonstration of why companies should be investing in robust and responsive data backup and disaster recovery solutions.

Investing in business continuity and data recovery strategies will protect your systems and the future of your business. A data breach is much less costly when you only have to restore your information systems from scratch. Virus protection like firewalls, intrusion detection, penetration testing, and network security and compliance are crucial defenses to have, but just putting walls up is never enough. You need to know that even when the defenses fail, your operations will be safe.

Let Us Protect Your Critical Business Functions

You can rely on PCR Business Systems for backup solutions that make sense. Our solutions will stay out of your way and let you have the peace of mind to go about your typical work day knowing that your data is safe and protected. Even when the next WannaCry attack happens, you can just restore straight from the backups and get back to work.

We can help you build your business continuity plan with reliable recovery time objectives and targeted risk management to prepare for the most likely threats. Contact PCR Business Systems today to learn more about our services and how we can help you defend your productivity to achieve your goals.    

What To Look For In A Cybersecurity Training Program

/in /by

Today’s society is dominated by virtual technology. Information technology ultimately dictates the way that most businesses operate. To succeed in the current business world, organizations must have the support from the right hardware and software. A high-quality IT infrastructure is almost a surefire way to maintain a competitive edge. For many businesses, it is the backbone of their entire operation. An IT system is comprised of an arsenal of tools like phone systems, desktop PCs, laptops and other mobile devices, along with cloud-based platforms to keep your data secure.

If you are a business owner, you need to take a proactive approach to protect your intellectual property, because this is a critical way to keep your workforce safe.  Firewall systems, disaster recovery, and data backup plans are all great sources of security, but they can only do so much. This is why it’s important to educate all staff members about lingering cyber threats such as ransomware, phishing scams, and unpatched software systems. Cybersecurity awareness training is a great way to teach your employees how to defend against these treacherous dangers. Fortunately, there are many online security awareness training programs that make it easier to do this.

Over the years, PCR Business Solutions has engineered cyber training platforms to help businesses successfully mitigate handfuls of cyber risks like data breaches and malware invasions. Our comprehensive curriculum is full of useful training content that effectively covers each of these critical areas:

Data Management

We emphasize the nature of data security and the responsibilities that each employee has in order to protect the network. Administrators and leaders may have more capabilities granted, but all staff members will have the same obligation to respect and protect the equipment.  

Passwords Protection

One of the most important aspects of cybersecurity is password protection. It’s important for employees to select strong, cryptic passwords. This means that they cannot be easily guessed or remembered by others. Passwords should be updated after an extended length of time to make sure your company sends periodic reminders when it’s time to change this login credential.

Email Use

Data theft often stems from irresponsible email use. Make sure that your employees are trained to recognize email scams. Your training program needs to educate people on phishing scams, virus threats, and other email dangers. Make sure that the training program is adjusted with the latest safety practices.

Unauthorized Software

Unlicensed software should not be installed on any company computer. This needs to be addressed in company training. If an employee downloads unauthorized software, then your company may be susceptible to malicious attacks that can further corrupt your business model.

Social Media Policies

Social media should be limited to a minimum use at most. If your employee spends an extended amount of time of social media while on the job, then this can hinder their performance. Make sure this is addressed in the training program. Also, include policies that pertain to the use of any company-sponsored social media engines.

Mobile Device Policies

Employees pose a bigger risk of enduring security breaches when they access networks through their own mobile devices. The training program must effectively communicate the details of a company’s mobile device policy. If there is a bring your own device policy in place, then this is a must needed topic to cover.

The Anatomy of Cyber Attacks

Cyber attacks can strike networks from any angle at practically any point in time. You need to break down the anatomy of certain cyber dangers and discover the reason for the attack. Some might call this hacking forensics. This can help teach you how to discover vulnerabilities in your network so you know how to act when threats are discovered on the horizon.

Computer Protection Methods

There are copious amounts of protection strategies that will keep your computer safeguarded from external hazards. Train your employees to lock their computers when they are not in use. Additionally, you need to promote routine backups and storage security. Encourage your employees to also continually update the virus protection software that’s stored on their computers.

How PCR Can Help

The experienced team at PCR Business system can help audit your current IT infrastructure and identify the areas in need of improvement. Once we have patched your network, we will continue to monitor for cyber threats and work with your team to develop policies that your team can follow to be more secure. We will also create a plan for recovery in case a cyberattack is ever carried out. Contact us today to learn more about how we can help!