You May Have a Backup, But Could it Be Better?
Data backup is important for businesses that want to keep their data safe in the event of a disaster scenario, but each organization’s specific needs will vary. One thing is important to keep in mind, though, and it’s that your business can’t afford to not have data backup. In other words, you need to be prepared for any situation so that you aren’t left wondering if you’re ready to deal with a disaster scenario.
You May Have a Backup, But Could it Be Better?
Data backup is important for businesses that want to keep their data safe in the event of a disaster scenario, but each organization’s specific needs will vary. One thing is important to keep in mind, though, and it’s that your business can’t afford to not have data backup. In other words, you need to be prepared for any situation so that you aren’t left wondering if you’re ready to deal with a disaster scenario.
Could You Identify a Social Engineering Attack?
Social engineering can allow a cybercriminal to access networks without being hampered by the security solutions that a business has in place. Through the manipulation of the human element of a company, its critical resources are exposed. In order to protect your business against the threat of a social engineer, there has to be an overall awareness in your company culture.
Why Social Engineering Works
One of the main reasons that social engineering can be such an effective tactic for cybercriminals is because, rather than telling the target what they want to hear, the target is told what they expect to hear. By coming forward under the guise of someone who should be coming forward, the cybercriminal is able to extract information from unwitting staff members, adding to their intel through intensive online research.
These are the key factors that allow these kinds of attacks to be as successful as they are. The methods used by social engineers aren’t the kind that immediately come to mind when one thinks about cyberattacks. Since the attack doesn’t typically resemble more well-known threats like ransomware, these attacks are often able to infiltrate their target without any suspicion. Additionally, there is an excess of information available online, known as open-source intelligence, that provides the social engineer with the knowledge they need to craft their approach.
This open-source intelligence can come from a variety of places, making the social engineer’s job that much easier. There is plenty of information readily available on the Internet, all it takes is looking in the right place.
Sample Information
While it’s no secret that there is a ton of information online, the true scope of what is available can be alarming when all laid out. The following information can all be found if one knows where to look, and is by no means a comprehensive list of what is there:
Technological Details
Considering how valuable a cybercriminal would find the details of what technology is used in a business, these details are remarkably easy for cybercriminals to find. Companies will often show their hand in online job postings, identifying the hardware and software that they use in order to find someone with the experience. This not only ensures that qualified applicants send in their resumes, it also allows cybercriminals to send in the exploits needed to take the company down. Social media posts can also share this information–the wrong picture could give access to networking hardware and other critical and sensitive data.
Employee Data
On the topic of social media, sensitive company information can easily leak through oversharing. Employee activities that are shared or tweeted can provide a cybercriminal with crucial insights. Images can create an even bigger problem. If not scrutinized before posting, you can inadvertently display key details, from the data on the screens to the model of the computer that holds the data.
Furthermore, employees using social media carelessly can deliver more invaluable data for a cybercriminal to leverage. Discussing work schedules or even sharing specifics of work experience can potentially put your business at risk.
External Companies
Unfortunately, social engineering attacks can leverage data that you have minimal control over against your business as well, as other companies and vendors you do business with may share their experience with you as evidence of their value. Furthermore, if your janitorial services and trash pickup providers aren’t secure, your data could be stolen after it has left your property.
So while it is absolutely critical to leverage cyber protections for your data’s security, including solutions like firewalls and authentication measures, your employees also need to have their eyes peeled for the threat of social engineering. Every business needs to have a plan to avoid and mitigate the threat of social engineering. Catalyst Technology Group can help.
For more information, call (317) 705-0333.
Could Your Business Be a Victim of Targeted Ransomware?
If you were a cybercriminal, what would be your preferred method of launching a ransomware attack? Would you rather create a catch-all threat that could capture as many potential victims as possible, or a calculated approach to land a big one? Despite the proven results of larger ransomware initiatives, most cybercriminals have made the shift to smaller, more targeted attacks against specific companies, and in some cases, individuals.
This transition occurred last year, which saw attackers ditching the traditional approach to ransomware in favor of a more targeted approach. The previous mindset assumed that the more victims, the more would be willing to pay up. This is what made spam such an ideal way of spreading ransomware, as it could be distributed to countless victims relatively quickly. Even though this was effective, attackers have changed tactics to experiment and find a better way to accomplish the same goal.
Instead of sending out a large net to bring in several victims, smaller attacks have proven to be just as effective. Attacks targeting specific industries, company sizes, and geographic locations have been among the most effective. Ransomware attackers have even begun to use more sophisticated measures to spread their influence, particularly in regard to spear phishing emails.
Most notably, companies and businesses in finance, healthcare, higher education, and technology industries faced many campaigns designed to take advantage of ransomware events. These targets were often larger, which means that there were more endpoints to infect with the variants.
It doesn’t matter what the size of the ransomware campaign is, or if your business is in the industries targeted most by ransomware–you should be ready to protect against threats including ransomware. Today’s IT landscape can be unforgiving if you aren’t prepared to protect your infrastructure. Your company’s security needs will not be covered by one specific solution. Therefore, you need to make sure that your business is well-prepared for any ransomware attempts, including both hardware and software protection and other security best practices.
For more information on how to protect your business from ransomware, reach out to us at (317) 705-0333.
Equifax Freeze PINs Aren’t As Secure As They Could Be
The Equifax data breach has been a considerable issue for countless individuals, exposing sensitive information that could lead to identity theft and so much more. In response to this breach, some experts are recommending that consumers go as far as freezing their credit lines because of the potential for breaches. Well, it all comes down to a PIN–something that can be easily guessed by a hacker under the right circumstances.
Personal identification numbers–contrary to popular belief–are the exact same thing as passwords. They are codes designed to keep someone from accessing sensitive information. However, access control devices like this need to follow the same guidelines, regardless of what they are called. They need to be complex and secure so as to keep hackers from guessing them. You should include both upper and lower-case letters, numbers, and symbols, and include them in a seemingly random order.
You’re probably thinking, “Great. Now I know enough to make my Equifax PIN as strong as possible.” Except… that’s not how this works.
Due to the way that Equifax generates your PIN, your credit lines could be placed at risk. The PINs used by Equifax are ten digits long, stemming from the date that the credit line was frozen, as well as the specific time which it was frozen. The order of these variables is the following: DdMmYyHhMm. This significantly cuts down on the amount of possible combinations available for a PIN. Furthermore, there are only a certain number of reasonable times within a day where you could apply for a credit line freeze, further limiting the amount of potential variables including the access code.
If Equifax had kept it a simple ten-digit randomized string of numbers, this wouldn’t be an issue. But that’s just not how the cookie crumbled.
As of September 11th, 2017, Equifax has addressed that this PIN generation process needs to be changed. Hopefully, the change will be enough to secure people’s sensitive information properly.
What are your thoughts about this development? Are you certain that your passwords and PINs are secure enough to protect your organization (and your identity) from being compromised? For assistance securing your personal and organizational information, reach out to Catalyst Technology Group at (317) 705-0333.
How Easily Could A Freak Event Take Down Your Business?
Your business is much more vulnerable to dangerous entities than you’d care to admit. Think about it–all it takes is one unexpected event to cause untold amounts of chaos for your business. To make matters worse, these events are often outside of your control. Data loss incidents might be unpredictable, but they can be soothed thanks to a little bit of preventative management.
It’s one thing protecting yourself from cyber security threats (which you definitely need to be concerned with) but there are other types of unplanned disasters that can show up without warning. We’re talking about acts of nature and misfortune, which are certainly much more difficult to prevent than a hacking attack–there’s little you can do to stop the weather.
The only way to guarantee your business’s future is to think of your organization like you would an egg. An egg could crack at any time unless you take preventative measures to keep it safe. For example, you’d keep it in the carton in the refrigerator, safe from any external elements. This is the way that you want to preserve your business’s data–in a safe, controlled environment that is free of external troubles.
This type of data isolation is generally not possible with traditional tape backup solutions. Your organization would take one backup a day after your office has closed, and this backup would be stored on a tape, which is either stored off-site or in-house. This presents potential problems for your organization in the fact that the tapes could be lost, misplaced, stolen, or destroyed while being stored in-house. Furthermore, since they are only being taken once a day, you run the risk of a data loss incident derailing operations during the middle of the workday. You could potentially lose up to an entire day’s worth of progress that could make all the difference when finishing a crucial project and meeting a deadline.
Plus, nobody wants to think about the downtime that comes from restoring data to your infrastructure. With traditional tape backup, restoring data could take anywhere from several hours to days, depending on the amount of data that’s being restored. Furthermore, your operations will be halted during this process. When no work is being done, you’ll only get further and further behind.
Cloud-based backup allows for much more dynamic data preservation techniques that utilize the virtual environment of the cloud. You can take multiple backups as often as every fifteen minutes, allowing for minimal data loss. Furthermore, your data can be restored directly to the BDR device itself, allowing for near-instantaneous recovery and minimal downtime. It’s just one way that planning for the worst can help you avoid it.
Does your organization need comprehensive data backup and disaster recovery? We can equip your business with BDR so that you’ll never have to be concerned with data loss again. To learn more, reach out to us at (317) 705-0333.