Dell Technologies
BMS-center-logo
 

By Debbie Gregory.

LinkedIN Debbie Gregory VAMBOA VAMBOA Facebook VAMBOA Twitter

 

 

A data breech can cost companies billions of dollars in damages if the hackers are able to extract sensitive information.  These items may include credit and debit card numbers or social security numbers. The damage is also not limited to monetary costs.  There is also the negative press, drops in company productivity as everyone scrambles to handle the crisis as well as a dip in consumer confidence and trusting the company. These data breeches happen all the time to large corporations that employ very skilled cybersecurity teams and take all types of high-level precautions.  What this means is that small businesses are even more vulnerable and easy prey for hackers.  This article will provide you information on how to protect your small business from security risks like this.

Why are small businesses a hacker’s favorite target?

When it comes to easily grabbed data, a small business is the perfect prey. Small businesses typically lack strong security measures as well as the staff capable of handling hacking intrusions.

Most small business owners don’t make it a priority to:

  • Monitor their server networks and data
  • Ensure their Wi-Fi is secure
  • Hire a true IT specialist to keep watch
  • Learn about and train their employees in cybersecurity

Small business owners have a lot on their plate and cybersecurity tends to get pushed aside since most people assume that getting hacked will not happen to them. However, ensuring your company data as well as your customer data is secure, is essential for every business. According to recent reports, 60% of small businesses that had suffered a data theft were forced to close their doors within six months of the breech.

The Top 3 Security Mistakes Made by Small Business Owners:  

1.)  Trusting and using public Wi-Fi:

It is extremely tempting to jump on free Wi-Fi and work or catch up while in a coffee shop, restaurant, or public venue. However, hackers often go to these places and setup their own free public Wi-Fi hotspots to catch the unwary.  Logging into their “free” Wi-Fi provides them immediate access to the devices that you connect. Even logging in to the right network, public Wi-Fi offers little to no real security from savvy hackers.  Do not use unknown networks so you can protect yourself and your data.

2.) Not using and enforcing strong password standards

Strong passwords are incredibly important for every aspect of your life and business. This is the one area where  most people and small business owners make the most mistakes. Remembering complicated passwords can be challenging but it is worth the effort.

These password practices are not strong enough to withstand a password-related attack:

  • Less than eight characters in length
  • A lack of various letter cases, numbers, and special symbols – meaning not alphanumeric
  • Allowing the use of the same password for multiple platforms and/or applications

Every password used by anyone at your business should be alphanumeric, longer than 8 characters in length, and only used once. You should also regularly change your passwords and utilize 2-factor authentication whenever it is available to use.

3.) Not having and enforcing a clear BOYD (Bring Your Own Device) policy:

Lots of businesses allow their employees to bring in their own electronics or mobile devices. Doing so has a lot of clear benefits for the company including cost savings and allowing your employees to be comfortable with the devices.

However, you need to have clear BYOD policies in place that include guidelines that spell out how employees can handle software updates, IT support, encrypted data options, or when and where employee-owned devices can be used for work. If you do not have such a policy, get on it ASAP! You are leaving your business very vulnerable to a data breech.

We advise you to be vigilant. There are many things that you need to do to protect your business from a hacker. However, the risks are simply too great to ignore proper cybersecurity.

If you are not already a member of VAMBOA, the Veterans and Military Business Owners Association, we invite you to join.  There are not any dues or fees and members can proudly display the VAMBOA seal for their collateral and website.  Below is a link to register for membership:

https://vamboa.org/member-registration

Common Small Business Cyber Attacks

Share this Article:
Share Article on Facebook Share Article on Linked In Share Article on Twitter

 

By Debbie Gregory.

LinkedIN Debbie Gregory VAMBOA VAMBOA Facebook VAMBOA Twitter

 

 

Let us begin with a frightening statistic!  Do you know that every three- and one-half seconds brand new cybersecurity threats arise?  Small businesses are typically the targets for these threats as they typically do not have strong cybersecurity practices. This article will review where the most common threats come from so you can be forewarned and forearmed.

1.)  Passwords:

A hacker with your password can access any of your private information and data. Hackers learn these passwords in a variety of ways.  The most common way is called a “brute force attack.” These types of attacks utilize specially designed bot programs that generate and try every possible combination of letters, symbols, and numbers out there to obtain your information.

How can you protect against this type of attack?

Creating and using a unique password of upper and lowercase letters that is at least ten characters long can substantially slow down these brute force program attacks. It can take them years to find your password if it is more complex.  It is also important that you do not use the same password over and over and you frequently change your passwords.

2.)  Phishing

Phishing is a technique used to trick people into willingly handing over their information to a hacker. These types of attacks target all types of personal data including, but not limited to passwords, bank account numbers, credit card numbers, Social Security numbers, and more.

How are these types of attacks performed?

Usually a hacker will pose as a reputable source asking their victim to allow them access to their computer or to click a specific link. They impress upon their victims that the reason for doing so is incredibly important and they must provide key personal information. These types of attacks happen via phone, email, and text message.  Often, they have what appears to be a legitimate email address but when you really look at it, you will see they are not who they pretend to be.   Be on the alert and never ever click on a link or open a document from someone you do not know or a generic email address because they are after your personal information.

3.)  Pharming:

Pharming is the term for website spoofing. In this type of attack, the hacker has compromised the naming system in the website’s server so that a visitor to the legitimate site is instead redirected to a fraudulent one. Once on the fraudulent site, the victim is prompted to provide their sensitive data, such as a credit card number or Social Security number.

4.) Malware

Malware is malicious software that is specifically designed to gain access to or to cause damage to a device. The goal is usually stealing personal data such as passwords, bank account numbers, credit card numbers, Social Security numbers, and more. Malware comes in many forms from adware to spyware to Trojan horses. All are extremely dangerous.

These are only a few of the potential risks your business faces. Other common attacks include point-of-sale hacks, drive-by-downloads, and ones that are so new they haven’t even been named yet. The best thing you can do is to take the time and effort to create and enforce strong cybersecurity policies. Stay on top of what is happening in the world of cybersecurity and help protect yourself, your employees, and your business.

 

By Nick Porter – Guest Blogger

 

Whatever industry you’re in, having a strong online presence is vital to any business hoping to grow to its fullest potential, and in many cases, it’s necessary to operate. To that end, much like you need to protect physical business assets, you need to protect your online presence as well. People care and will check if your website is safe. Cybercriminals are constantly operating, and they are usually organized.

While cybersecurity is a complex topic, here is some of the basic information you can use to get started protecting your online presence:

The Human Factor

When running a business, the absolute most important thing to remember about cybersecurity is that human error is responsible for the vast majority of successful cyberattacks. Whether it’s lax security, mixing personal and business accounts, or other common lapses in judgment, hackers use social engineering techniques far more often than the type of brute force hacking you might first think of.

You need to make sure your staff is trained and remember that the weakest link in the chain is going to be the one that causes issues. As easy as it might seem to let things go at some point, it won’t be easy to deal with the fallout of a data breach.

 

Lock Down Your Website

Depending on your business and website, it could have valuable information attached to it or have accounts related. Many websites are different, and so specific recommendations here as to how to best secure your site wouldn’t be effective. However, you should invest in an SSL certificate, use tools or plugins to secure your website (and update them), and check for potential exploits.

 

Implement Strict and Formal Policies

Related to the importance of reducing human error is the fact that businesses that have a formal cybersecurity plan (for both prevention and response) will be less susceptible and less damaged by cybersecurity threats. Take some time to develop it with whoever is on your IT team, and make sure everyone is on the same page once it is complete.

 

Common Threats

Here are some of the most common threats and issues you or your team may encounter:

  • Phishing Scams: Either through email or phone (or on occasion other methods), a scammer will attempt to get login or other information out of you or one of your team members, and then either use it against your system or for profit. This is where having strict cybersecurity pol
  • Malware: If you don’t have proper firewalls and cybersecurity suites installed on office computers, malware can cause a wide range of malicious effects, ranging from stealing data to slowing down (or even ruining) your computers. Instruct employees to stay off of suspicious sites and be careful of unknown files.
  • Ransomware: A specific type of malware that will hold a device or data hostage until you send money. Never pay those responsible what they want under any circumstances.
  • DDoS Attacks: Effectively, hackers, through various means, can try to overload requests to your server. It’s unlikely for a business to be a victim but know that data is relatively safe (even if your business is disrupted).
  • SQL Injection Attacks: An injection of code into your website that exploits a vulnerability on your website. These types of attacks can affect your site, allow hackers to access data, and more.

 

Update and Adapt Regularly

Cybercriminals and cybercriminal organizations are regularly going to use new social engineering tactics and tools, and as such you need to adapt regularly and keep abreast of what you should look out for. Learn about recent common scams, update your applications and security programs, and review your business cybersecurity strategy at least every six months.

 

Conclusion

In some ways, this article is only breaching the surface when it comes to cybersecurity for your business, but you must start with the basics and the important tasks listed above. The sooner you get these items taken care of, the sooner you can settle into a routine for it and otherwise focus on growth and the other things that matter. We hope that this information proved useful and wish you success in your future endeavors.

 

An additional source for your online security:

https://www.broadbandsearch.net/blog/how-to-tell-website-safe-legitimate

 

Nick Porter is a writer and blogger who is especially interested in Cyber Security and Digital Marketing.  Sharing his knowledge to help his readers be more productive with social media and SEO brings him great joy! He also enjoys educating readers on more effective online security controls.

Does America Need A Cybersecurity Civilian Corps?

Share this Article:
Share Article on Facebook Share Article on Linked In Share Article on Twitter

By Debbie Gregory

In cybersecurity, the threats are ever-changing. The United States has been engaged in cybersecurity for over a generation, but there continues to be organizational and human gaps that leave the nation vulnerable. Could it be that the time has come for the United States to form a Civilian Cybersecurity Corps to combat breaches of our country’s data, systems and networks?

Although some states have tapped the National Guard for civilian talent, the need for cybersecurity experts greatly exceeds the supply. An auxiliary corps could be made up of security-screened volunteers, giving their time to aid in our nation’s cybersecurity needs. The goal of the Corps would be to provide needed resources on three key areas: Education and Outreach; Testing, Assessments, and Exercises; and On Call Expertise and Emergency Response.

The Corps would fall under the jurisdiction of the Department of Homeland Security, and the initial budget would be relatively inexpensive. It is estimated that $50 million would allow for 25,000 volunteers spread across all 50 states. The funds would cover the cost of devices, training materials, software licenses and office space.

Personnel would be comprised of professionals and students, potentially adding to the talent pipeline. Volunteers would need experience in information security or be able to pass a test. Basic background screening would be necessary, but top-secret clearance should not be a requirement.

According to “The Need for C3, A Proposal for a United States Cybersecurity Civilian Corps” written by Natasha Cohen and Peter Warren Singer, “A Civilian Cyber Corps would not just build upon the lessons of history and successful models, but also provide the United States a valuable means to building capability and talent for the future. With cyber threats only growing, and present approaches clearly insufficient, it is time for new ideas — and new organizations.”

By Debbie Gregory.

The Chinese government broke into the supply chain for about 30 US companies as well as government contractors by using malicious computer chips, according to a new report by Bloomberg Businessweek.

The tiny microchips are no larger than single grains of rice.  Chinese spies inserted the microchips into equipment used by the companies and American agencies in order to gather intellectual property, along with trade and governmental secrets.

 

The chips, which were allegedly discovered in 2015 by engineers at Amazon and Apple, allowed hackers to “create a stealth doorway into any network that included the altered machines,” a Trojan horse that gave hackers a direct line into any sensitive network, according to the report.

Amazon and Apple denied the Bloomberg report.

But the report stated that Amazon reported the discovery to U.S. authorities, which sent a shudder through the intelligence community. Affected servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships.

There have been heightened concerns about foreign intelligence agencies infiltrating American and other companies through so-called “supply chain attacks,” particularly from China where several high-tech firms outsource their manufacturing, according to Reuters.

Cybersecurity companies have warned that Chinese hacking activity has skyrocketed amid increased tensions between Washington and Beijing. The United States and China are locked in a bitter and escalating trade war, in which hundreds of billions of U.S. and Chinese products are under tariff.

The reported electronic spying via supply chains to U.S. companies are certain to continue long-standing questions about the essential but uneasy relationship between the world’s two leading economies.

American companies design and sell leading technology products, such as servers, laptop computers and smartphones, but depend on the labor force  in China to build and assemble them.

IBM