2023 is just about here, and you should start to plan for the new year. Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse and this is the area you should start to take seriously (if you haven’t already) and look at the attack trends. Continue reading
Tag Archives: cyber-attack
What Is Shadow IT And Why Is It An Issue?
Shadow IT are the things that employees download onto a business system that management and / or the IT department doesn’t know about, and it can be a big problem. Continue reading
Do Not Get Hooked By a Whaling Attack
The executives of your company are the big fish in your sea and cyber-criminals think of them as whales. In fact, whaling is a new cyber-security threat targeting your C-suite level staff. Continue reading
Security or Flexibility: Which Matters More?
Business is all about making tough choices. One such choice is whether to value IT security or business flexibility more. Unfortunately, you can not have the best of both at the same time. Continue reading
How the Bad Guys Get Your Passwords
Passwords are an essential part to your businesses cybersafety. If, like the rest of us, you have dozens of passwords to remember, you might take shortcuts. Taking advantage of this type of attitude is one way bad guys access your passwords. Continue reading
How Hackers Attack Companies – Island Hopping
The phrase “island hopping” conjures up positive images of holidays, sandy beaches and cruises. But cybercriminals have given the term a new, less pleasant spin. Continue reading
Businesses Top 5 IT Security Problems
In today’s world, companies seem to be having security issues most weeks. These issues relate to 5 main problems. Is your company guilty of any of them?
1. No Backups
A shocking number of businesses do not back up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.
Even with companies that think they are doing their backups correctly they never regularly test those backups. It is a step that businesses miss surprisingly often\ so don’t be that business that only finds out that their backup isn’t working when it is already too late.
2. Being Reactive and Not Proactive
Technology is changing on a daily basis. Attackers are always working on new ways to break into businesses, hardware is evolving faster than most of us can keep up and old systems fail due to wear and tear. A huge number of businesses wait until these issues impact them directly before they respond. This results in higher costs, longer downtime, and harder hitting impacts.
By responding to hardware warnings before it fails, fixing security holes before they’re exploited and upgrading systems before they are out of date: IT can be done right. Being proactive about your IT needs means systems do not have to break before they are fixed. This results in less downtime, fewer losses and lower IT costs for your business.
3. Poor Passwords
A surprising number of people will use weak passwords to secure their accounts. Even more will write down their passwords on a post-it note right next to the computer. In other cases many people have no passwords at all! Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too – when system changes are made it is essential to be able to trace back to the account that made that change.
With an weak or insecure password tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.
4. Little or No Staff Training
People are commonly the weakest link when it comes to IT security. Implementing IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate when staff aren’t trained to use that lock.
Often businesses can justify spending big on security hardware and software but spend zero dollars on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat, stop it at its entry point and avoid any issues that may have occurred if the staff member hadn’t had any training.
5. Weak Data Controls
Some companies take an ad-hoc, fast and loose approach to data storage. Often crucial data is spread across many devices, copied needlessly and even left unsecured. Client data can be found regularly on employee laptops, mobile phones and tablet devices. These devices are prone to being misplaced or stolen along with any data they contain.
Most companies focus on the costs of devices and hardware purchased for the business. The reality is that the data held on those devices is always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since when the firm was first founded. Critical data is often held on single machines that hasn’t been updated because they hold that critical data. Such machines are clearly vulnerable, outdated and of course prone to failure.
Common problems with simple solutions
Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.
If you are in South Australia and need help securing your IT system, give DP Computing a call on 08 8326 4364 or at
su*****@dp*********.au
.
Think Before Clicking – 5 Red Flags of Phishing Emails
Just one click can be the difference between maintaining computer security and suffering massive financial losses. All it takes is just one employee to click on a link in an email for your business to be vulnerable.
Here are a list of 5 red flags that point out a potential phishing email:
1. Poor spelling and grammar
The occasional typo happens to even the best of us, an email filled with errors (both in grammar and spelling) is a clear warning sign of a phishing attempt. Most companies push their email campaigns through multiple reviews where errors are fixed and the language is refined. Errors throughout the entire message indicate that the same level of care was not taken and therefore the message is more than likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sound great, but does the offer comes out of nowhere and with no catch? Then there is definitely cause for concern. Take care not to get carried away with the message and don’t click without investigating further.
3. Random sender who knows too much
Spear phishing is when an email or offer is designed and crafted especially for your business. Culprits take personal details from your public channels (Facebook, Twitter, Linkedin and even offline documents such as annual company reports etc) and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. Even check the email address of the sender to confirm that it is correct and not just a similar sounding or looking address (see #4 below).
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com] Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text then delete the email.
5. It asks for personal, financial or business details
Alarms should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels (ie phone the person on their known number not one contained within the email).
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
DP Computing can help secure your business and can even organise a fake phishing attack to see if further staff training is required. Give us a call to discuss how we can help you on 08 8326 4364 or
su*****@dp*********.au
.
The True and Unexpected Costs of Being Hacked
There are the normal costs everyone associates with a computer breach, like employee downtime and the costs associated with getting your network and computers fixed. But really, most businesses that haven’t been hit with a security incident view it as more of an inconvenience than a bottom-line cost. For those businesses who have come out the other side though, it’s a very different story. They know from firsthand experience that the hidden and ongoing costs of a data breach can be crippling and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close down after a cyber-attack. Here are a few of the hard, but common cold hard realities of life after a hack.
Raiding the budget to reduce downtime
From the moment a cyber-attack compromises your system, things can get expensive, and the longer the attack goes, the more it costs. Latest statistics reveal most breaches aren’t identified for around 191 days and then it can take on average another 66 days to fix and contain the damage – during this time you are cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fees for IT professionals to fix everything up, the costs for new hardware and software to help prevent future incidents and all the hours/days/weeks when your business is struggling with downtime, businesses will quickly exhaust any emergency funds they have.
The long arm of the law
Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. If medical data or legal files are leaked a particularly messy scenario may occur with fines coming from multiple sources.
New privacy laws also mean businesses are liable for large fines if they don’t disclose a data breach. Where this gets trickier is that the burden is on your business to know exactly what data has been stolen or illegally accessed, so that you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you will still need to hire an expert who can identify exactly data what the hackers took or accessed.
Customer retention measures
In a double crush to your bottom line, not only does your business bear the cost of fixing the hack and your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to spend more on advertising and public relations just to ensure they survive to fight another day.
The data breach disclosure may still come up in search results for many years to come. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.
All your secrets exposed
While you may not have high level secrets to protect, your business does have data that you would like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. While large corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret (databases, client info, financial records etc).
But simply avoiding a breach doesn’t cost much at all…
The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines and make embarrassing public announcements.
DP Computing can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians implemented a firewall or UTM device to build a virtual fortress around your business that keeps the bad guys out while letting you thrive. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe.
Ready to secure your business against breaches? Give us a call on 08 8326 4364 or via email at
su*****@dp*********.au
.