There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life that can have costly consequences for individuals. Hackers can steal identities, compromise bank accounts and even sell your credentials on the dark web.
Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data.
Hackers can breach your personal information and passwords without you knowing it. The time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress which is a popular online retailer that prints personalized items.
CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted.
As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company due to its careless security practices.
The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful, but what if you have other information beyond a password compromised?
It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.
Recent Breaches of Personal Information That May Impact You
Microsoft Customer Data Breach
On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame and the breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide.
2.5 Million Records Exposed in a Student Loan Breach
Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022.
The personal information at risk included:
- Social security numbers
- Email addresses
- Home addresses
- Phone numbers
The breach compromised the data of over 2.5 million loan recipients.
U-Haul Data Breach of 2.2 Million Individuals’ Data
Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.
The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.
Neopets Breach May Have Compromised 69 Million Accounts
You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked.
The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500.
One Employee Computer Causes a Marriott Breach
Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.
Unfortunately, the company shows a pattern of poor cybersecurity. Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.
Shield Health Care Group Exposes Up to 2 Million Records
In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data.
Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach
In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers.
8.2 million Current and Former Customers of Block Compromised
Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed.
About 8.2 million current and former customers had their data exposed.
Crypto.com Breach Nets Hackers Over $30 Million
Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached.
The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.
Are Your Credentials Out There?
Contact Databranch today at 716-373-4467 x 115 or info@databranch.com to learn more about protecting your personal data from a breach. We can help your business implement Multi-Factor Authentication or set you up with our Dark Web monitoring services. Visit out website here to learn more.
Article used with permission from The Technology Press.
Read More
If you follow Microsoft products, then you may know about Microsoft Ignite. Held annually, it generates many exciting updates and announcements in the Microsoft world.
Microsoft held its most recent conference last October. In the rush of the recent holidays, you may have missed some of the highlights. So, we’re bringing them to you now.
One thing you’ll notice is that Microsoft Teams got a lot of love at the event. Microsoft is now describing Teams as “the app at the center of Microsoft 365.” We can see why the company keeps enhancing this virtual workspace. Teams now has over 280 million users. It’s not surprising seeing that Microsoft has introduced over 450 new Teams features just in the last year.
We’ll go over some Teams features below, along with other Microsoft App announcements from Ignite. These may give you some ideas for your next digital workflow upgrade.
Teams Premium
There is a new Teams Premium offering from Microsoft that adds a whole new AI component to the platform. This service includes several AI-powered features. They make it seem like you have your own meeting assistant.
Some of the cool features include automatically generating chapters from a Teams meeting. The app also generates personalized highlights for you. This saves you from having to rewatch the meeting later.
If you’re meeting internationally, you can enjoy real-time translations for captions. Meeting guides is another new feature. It sets up your meeting options according to your needs.
360-Degree Intelligent Camera for Teams Meetings
SmartVision 60 is the first 360-degree, center-of-room intelligent camera. It has the ability to track the speaker as they’re moving. The camera is also due to have a people recognition feature coming soon.
Virtual meetings can feel much more like real meetings using SmartVision 60. Instead of just seeing a small video feed of one person, the movement of the camera can capture a whole team.
Cisco is Now a Certified Devices Partner for Teams Rooms
Those that are fans of Cisco meeting products will be pleased to know they now have more options. Microsoft announced that Cisco is now a Teams Room Certified Devices partner. You can now start Teams meetings across all certified Cisco meeting devices.
Microsoft Places
One of the virtual workspace apps to support the new hybrid movement is Microsoft Places. This is a team management app that integrates with the rest of the Microsoft 365 ecosystem.
The office is still around, but for how long? Much of the world had to do things virtually during the pandemic. Many companies and employees found they like it better that way. Seventy-four percent of US companies have or plan to put in place a permanent hybrid work model.
Microsoft Places is one more way Microsoft is leading the hybrid office revolution. Some of the app’s features include:
- Manage and track where employees are working (at home or in the office)
- Track whether coworkers are away or available
- Track physical room use to make strategic decisions
Hours & Location Feature in Outlook & Teams
Another feature announcement related to the hybrid working world is hours and location. This is a new capability added to Teams and Outlook to make it easier to schedule in-person meetings.
It can get tricky to plan in-person meetings when you don’t know who is working at the office and who is remote. If you plan without checking, you’re bound to alienate someone. They won’t be happy if they were planning to work from home that day.
The new hours and location feature allows people to specify where they are working. They can adjust this from hour to hour which takes the guesswork out of scheduling.
Loop App Private Preview
Another exciting app announcement that Microsoft made was about its Loop app. It stated that Loop entered private preview. This gives some organizations a chance to check it out.
Loop is a collaborative workspace app that helps teams ideate in a virtual space. All data pulled in from Microsoft 365 apps syncs automatically to stay up to date.
Microsoft Clipchamp Video Editor
You may have noticed an unfamiliar app popping up on Windows. Microsoft Clipchamp was formally announced at the Ignite event. It’s a quick and easy video editor for Windows PCs.
Have you ever felt frustrated trying to fix a video and not having the right tool to do it? Then you may want to take a closer look at what Clipchamp has to offer. It looks to have a fairly low learning curve.
Get Help Navigating the Microsoft 365 Universe
Microsoft 365 has come a long way in a short period. There are many different app integrations you can use to power your workflow, but it can get a bit complicated without an expert to help. Contact Databranch today at 716-373-4467 x115 or info@databranch.com, to schedule a Microsoft consultation.
Article used with permission from The Technology Press.
Read More
It is common for organizations to invest in preventative cybersecurity defenses. In fact, most organizations have technologies such as firewalls and anti-virus software that are designed to stop a cyber-attack. These controls certainly serve a purpose in fighting the war against cybercrime and should not be discounted.
But, cybersecurity professionals are recommending that we turn our attention to our ability to detect cybersecurity incidents and recover from them.
It makes perfect sense. The reality is that defending cyber-attacks is an incredibly hard task to do. Hackers are anonymous, perimeters are not physical, attacks are sophisticated, and the volume of cyber assaults launched every day is astounding. Defending cyber-attacks is a little like entering a cage fight blindfolded with one arm tied behind your back. Despite the best defensive efforts, you will get hit.
Hence the recommendation to invest the ability to recover from a cybersecurity incident. Of course we will continue to defend ourselves from cyber criminals, but we also recognize we are not fighting a fair fight, and that we will likely suffer a cyber incident at some point. The thought is simple, when we become a victim of cybercrime, we must be prepared to recover from the incident.
If you do not regularly backup critical data and systems, then you must start doing so immediately. If you do not have a documented disaster recovery plan, then you must create one as soon as possible. In the process of creating a data backup strategy and disaster recovery plan, please recognize the nine most common mistakes made and more importantly, how you can avoid making them in your quest for recovery preparation.
The 9 Mistakes
1. The Scope of the Backup is Incomplete
It is very common to see a data backup that has very little strategic thought behind it. Evidence of this mistake presents itself in the form of:
- Important Data, Applications, or Systems that are NOT included in the backup job(s).
- All Data, Applications and Systems are backed up the exact same way – there are no priorities.
- The time it takes to ACTUALLY recover lost or corrupt data is much longer than expected.
- The point in time in which you are ACTUALLY able to restore to is too far in the past (I want to recover yesterday’s information, but I am only able to recover last month’s information!)
Avoid this mistake by classifying and prioritizing the data, applications and systems that need to be backed up. A Business Impact Analysis will identify critical sets of data and define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). This allows you to implement a backup job that supports lightning fast restore times for critical information.
2. Backups are Not Completed Automatically
All too often we see backup jobs that require a person to manually start the backup. The process to start the backup job is usually very simple, like clicking a button. However , people forget to do it.
Backup jobs should always be automated. Automation eliminates human error or neglect and yields a much better chance of having a successful backup when you need it most.
With Datto you will receive daily backup verifications and screen shots of your virtual servers give you peace of mind and ensure that your backup data is working and accessible to you when you need it.
3. There is Only ONE Copy of the Backup
There should always be more than one copy of your data backup. For critical systems, we recommend having three copies – for less critical systems, we recommend having two copies. The logic is simple, what happens if your data backup is lost, deleted or becomes corrupt? If you need to restore from backup, is it more comforting to have only one recovery source, or is it more comforting to have a few recovery sources?
4. Backups are Not Monitored for Success
So many businesses have a “set it and forget it” mentality about their data backup jobs. People rarely check to see if the backups are running successfully. For this reason it is important that your backup jobs are monitored very closely and if there are any errors (and there will be from time to time) that cause a backup job to fail.
There are many systems that are available to provide monitoring and alerting services for backup jobs. You must keep a close eye on your backups; otherwise you will find yourself in a very bad situation one day.
This is why Datto has implemented screenshot verifications for their users. This ensures that the backups are operating as designed and the users have peace of mind that their critical data is being saved in case of a disaster.
5. Backups are Not Kept Offsite
It is very common for data backups to be kept onsite, in the same physical location of the systems that are being backed up. While this practice is acceptable for some types of system failures (hardware failure, software corruption, etc.), it is a terrible idea for other types of failures. For example, if your building floods or burns – and your servers are severely damaged – do you think the backup media that was located right next to those servers will also be damaged? YES, IT WILL BE! For this reason, it is important to keep at least one copy of your data backups offsite, at a different physical location.
Not only will the Datto backup all your data to the device itself, but it will also backup everything to 2 separate offsite cloud storage locations. So in the event that the local device is destroyed, you can still access your information, even from a remote location.
6. There is Insufficient Capacity for Backups
The backup job is 400GB, but your backup tape or drive is only 300GB. Capacity issues have a tendency to create sloppy and incomplete backup jobs. It is imperative that your backup media be sized and provisioned to not only support your current backup needs, but also allow for some element of growth over time.
Need help determining you backup size? A simple Capacity Planning exercise conducted by a Databranch engineer could be incredibly important to your overall backup strategy. Click here to request a meeting with one of our highly trained team members.
7. There is No Documented Disaster Recovery Plan
Often we see backup jobs that are working very well. Critical data is being backed up at regular intervals which support organizational RTO and RPO requirements. Then, disaster strikes. There is a power outage that fries the server, the network room floods, the building burns down, etc.
A backup job is only successful if data can be easily and quickly recovered. You need to have a recovery procedure documented! Typically this is in the form of a Disaster Recovery (DR) Plan. The plan should include important procedural steps involved in recovering lost data and should also indicate who is responsible for performing those steps once a disaster is declared.
If you choose to not have a documented DR Plan, then recovering from a disaster will be chaotic and frustrating at best! At worst? A disaster could cost you business thousands of dollars and could possibly cost you the business itself.
Interested in calculating the cost of downtime for your business? Check out our Recovery Time Calculator here.
8. There is No Process to Add or Remove Items from the Backup Scope
As new servers, applications and data repositories are added to your computing environment – they also need to be added to your backup job(s). It is very important to have a documented Data Backup Policy that outlines the process for adding or deleting components of the data backup job(s).
Without a policy, new systems may or may not be integrated into the backup job(s) effectively and old systems may never get removed. Once you have a great data backup job, you want it to stay great. This requires governance and oversight typically provided by good policies and procedures.
9. Backups are Not Tested; People are Not Trained
Data backup job(s) absolutely, positively need to be tested at least once a year – if not more frequently. A true test is the only way to verify that critical information can be restored if needed. More importantly, people (employees, vendors, etc.) should all be educated on the restore process, especially if they play a critical role in restoring lost or corrupted data. A common and effective way to provide this training is by conducting routine Table Top exercises where DR scenarios are presented to the recovery team and they have an opportunity to respond – without creating any service disruptions
Backup and Recovery Solutions
Avoid these common pitfalls and be confident in your ability to recover from most cyber security incidents. Invest in defense, and also in resiliency. Our backup recovery and disaster recovery solution ensures that your data is restored to its former state, with little to no downtime or interruption to your business.
Databranch monitors the success of every backup, and if there’s an issue, we’ll take care of it for you as part of the service. With a commitment to continually improve and serve, Databranch employees regularly go above and beyond to ensure complete customer satisfaction. Reach out to us today at 716-373-4467 x115 or info@databranch.com, you can rest assured that your data is in good hands.
Article used with permission from Cyberstone.
Read More
The global pandemic put a big emphasis on the need to run a business from anywhere. Enabling employees to work remotely requires cloud solutions. This includes collaborative platforms like Google Workspace and Microsoft 365. VoIP (Voice over Internet Protocol) phone systems have also become critical.
VoIP allows companies to stay in contact with customers and potential customers. Employees can work from anywhere and still answer the business phone line. Callers get a similar experience no matter where employees may be working, office or home.
When you have people working from home, those old landline systems are inefficient. This has led to a large movement by businesses to VoIP. Both for necessity and cost-savings.
According to Microsoft, 82% of organizations have reported saving money after implementing VoIP.
While VoIP is the way to go for the future, this doesn’t mean it’s foolproof. Companies that don’t set up their system efficiently, can experience issues. This includes things like dropped calls, low bandwidth, and features left unused.
If you’ve been struggling to make your cloud phone system more efficient, check out these tips below. They provide setup best practices for VoIP. Use these to positively impact your bottom line.
1. Check Network Capabilities
You can’t just assume that you can enable a VoIP system, and all will be well. Your network may not be able to handle the extra bandwidth needs without adjustments.
Things you want to look at include jitter and packet loss. Additionally, review router settings to make sure it can handle peak traffic times. Experiencing dropped calls or choppy audio shows a need to address issues. These may include adjusting network hardware and/or increasing your ISP bandwidth.
2. Prioritize Your VoIP Software Using QoS Rules
Quality of Service (QoS) is a router settings area that allows you to say which traffic is most important. If QoS is not in place, it means resource issues. A large cloud backup could kick in and interrupt your calls because it’s taking up bandwidth.
QoS sets up “traffic lanes” that give priority to certain functions. You’ll want to have your VoIP software prioritized to get the bandwidth it needs. This avoids issues with less critical processes hogging up internet resources.
Using QoS keeps your calls smooth and improves the reliability of your cloud phone system. It’s also a good idea to use these rules for other important cloud activities.
3. Provide Quality Headsets for Your Team
A cheap headset can ruin the call experience for a potential customer. If someone calls in and can’t hear anything or gets choppy reception, they’ll quickly get frustrated. They will most likely figure that your company doesn’t have its act together.
Head off potential problems by issuing quality headsets for your team to use. Reach out to Databranch today at info@databranch.com if you need help finding a quality headset and verifying its compatibility with your phone models.
4. Set Up Departments & Ring Groups
One of the great features of VoIP phone systems is the ability to set up ring groups. You first set up your department groups (accounting, marketing, etc.). Then set the included employee extensions.
Creating a ring group allows you to have a call go to your customer support department as a whole. This is better than one person, who may be busy. That way, the whole group gets the ring, and the first available person can pick up.
Ring groups improve the caller experience by reducing the wait time. It can also mitigate the need for the caller to leave a voicemail and get stuck waiting on a callback.
5. Create Your Company Directory
Auto assistants are extremely helpful and nearly all VoIP systems have them. First, you set up your company directory and then record messages to prompt the caller.
For example, you can set up a message that prompts them to input the last name of the person they are trying to reach. If they aren’t calling a specific person, they can be routed to a department.
While setting up a company directory takes a little effort upfront, it will save much more. You no longer will need to have someone specifically routing every call. Callers can also get to the person or department they need faster. This improves the customer experience and boosts office productivity.
When implementing a Hosted VoIP system with Databranch, our highly qualified engineers will create your directory and ring groups in the format you desire to give your business the most efficient calls possible.
6. Have Employees Set Up Their Voicemail & VM to Email
When you get out of a long meeting, going through a bunch of voicemails can take time. Instead of having to listen to each one to see which calls are a priority, you could simply read through them.
The voicemail to email feature in VoIP phone systems will automatically transcribe voicemails. They are then emailed to the recipient. This improves efficiency and eliminates wasted time having to listen to entire messages to know who called.
Have employees set up this feature with their extension and email address. Some VoIP systems also offer an option to have transcribed voicemails sent via SMS!
7. Train Your Team on the Call Handling Process
Don’t leave your employees to jump in and learn a VoIP system themselves. It’s important to train them on the features and the company calling process. This ensures that your team can enjoy all those time-saving features.
Get Help Enhancing Your Business Phone System
Need help improving your business phone system? Looking for a better customer experience? Reach out to Databranch today at 716-373-4467 x115 or info@databranch.com to schedule a consultation. We can help!
Our Rock-It VoIP Platform offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide. We also port your numbers so they stay the same and handle any upgrades, maintenance, and programming! Learn more about Rock-It VoIP here.
Article used with permission from The Technology Press.
Read More
Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.
Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach. Including remediating a malware infection or compromised account.
Cybersecurity insurance policies will cover the costs for things like:
- Recovering compromised data
- Repairing computer systems
- Notifying customers about a data breach
- Providing personal identity monitoring
- IT forensics to investigate the breach
- Legal expenses
- Ransomware payments
Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year.
No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well. About 60% of small businesses close down within 6 months of a cyber incident.
The increase in online danger and rising costs of a breach have led to changes in this type of insurance. The cybersecurity insurance industry is ever evolving and businesses need to keep up with these trends to ensure they can stay protected.
Here are some of the cyber liability insurance trends you need to know about.
Demand is Going Up
The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.
With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.
Premiums are Increasing
With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%.
The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive. This is at the same time as they are more necessary.
Certain Coverages are Being Dropped
Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government. Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.
Insurance carriers are tired of unsecured clients relying on them to pay the ransom, so many are excluding ransomware payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned.
If a cybersecurity incident occurs, does your business have a recovery plan? If not, reach out to Databranch today to get started.
It’s Harder to Qualify
Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include:
- Network security
- Use of things like multi-factor authentication
- BYOD and device security policies
- Advanced threat protection
- Automated security processes
- Backup and recovery strategy
- Administrative access to systems
- Anti-phishing tactics
- Employee security training
You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this.
This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.
So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.
Need Help Making Sense of Cybersecurity Policies?
Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should. If you’re considering cybersecurity insurance, don’t go it alone. Contact us today at 716-373-4467 x 115 or info@databranch.com, we can explain the policy details and provide guidance.
Article used with permission from The Technology Press.
Read More
The Importance of Training
We all learn differently. While some individuals can read instructions one time and know what to do, there are others who benefit from being taught visually or by ‘doing’. Regardless of how you learn, having a single approach for everyone isn’t ideal.
The one thing we do know about learning, or training, is that when it comes to cybersecurity, repetition is important. That doesn’t mean taking the same course every quarter, or re-reading the manual once a year. Smart and safe cyber practices are critical to your business’s success and human error is the number one reason that breaches occur. You and your colleagues are your company’s greatest risk, but also your greatest asset.
Our Approach
We offer ongoing and interactive training. Why? Because to stay secure, you need keep up with cybercriminals and their ever-changing tactics. This isn’t a one-and-done approach. Cyber-crimes are always adapting to the way we live and work, so we need to adapt to mitigate the risks. These nefarious characters want to catch you off guard. Which means that as soon as a new device is released, a pop culture story becomes news, or a pandemic hits the world, they are ready to dupe you. That might mean they’ll come after your money, your identification, or hit you with a slow burn that gets them into your business, and you don’t realize it until months later…but they are there lurking and waiting for their next score.
Everyday Habits
Our approach mixes video training, with integrated tools that teach on the job. This will help to address not only the variety of ways that people learn, but also the variety of ways that you can be targeted! If you are a current client and want to ensure that you’re maximizing the tools and resources that we offer, or you’re new here and interested in learning more about how you can work with our team to protect your business, let’s talk today!
The Cybersecurity Training Courses for 2023 are available now! Contact Databranch today at 716-373-4467 x115 or info@databranch.com for more information on these courses and how you can enroll in a security awareness training program.
Read More
The new year has just begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks.
Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse, and they have a good reason. Attacks continue to get more sophisticated. They are also often perpetrated by large criminal organizations. These criminal groups treat these attacks like a business.
In 2021, the average number of global cyberattacks increased by 15.1%.
To protect your business in the coming year, it’s important to watch the attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection.
We’ve pulled out the security crystal ball for the upcoming year and we’ve researched what cybersecurity experts are expecting. Here are the attack trends that you need to watch out for.
Attacks on 5G Devices
The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area.
Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have some code vulnerabilities. This is exactly what hackers are looking to exploit.
You can prepare by being aware of the firmware security in the devices you buy. This is especially true for those enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices.
One-Time Password (OTP) Bypass
This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.
There are a few different ways that hackers try to bypass MFA. These include:
- Reusing a token: Gaining access to a recent user OTP and trying to reuse it
- Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
- Leaked token: Using an OTP token leaked through a web application.
- Password reset function: A hacker uses phishing to fool the user into resetting a password. They then trick them into handing over their OTP via text or email.
Interested in learning more about Multi-Factor Authentication and how it can enhance your businesses cybersecurity? Read more about it here.
Attacks Surrounding World Events
During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative.
They launch phishing campaigns for world events. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams. This is because they are often distracted by the crisis.
People need to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions.
Smishing & Mobile Device Attacks
Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cybercriminals. Be on the lookout for more mobile device-based attacks, including SMS-based phishing (“smishing”).
Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach.
Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile anti-malware. As well as other protections on your devices, such as a DNS filter.
Elevated Phishing Using AI & Machine Learning
These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t.
Criminal groups elevate today’s phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past.
Schedule a Cybersecurity Check-Up Today
Is your business prepared for the cyber threats coming in 2022? Don’t wait to find out the hard way! Contact us today at 716-373-4467 x 115 or info@databranch.com to schedule a cybersecurity check-up to stay one step ahead of the digital criminals.
Article used with permission from The Technology Press.
Read More
Bring your own device (BYOD) is a concept that took hold after the invention of the smartphone. When phones got smarter, software developers began creating apps for those phones. Over time, mobile device use has overtaken desktop use at work.
According to Microsoft, mobile devices make up about 60% of the endpoints in a company network. They also handle about 80% of the workload. But they’re often neglected when it comes to strong cybersecurity measures.
This is especially true with employee-owned mobile devices. BYOD differs from corporate-owned mobile use programs. Instead of using company tools, employees are using their personal devices for work. Many businesses find this the most economical way to keep their teams productive.
Purchasing phones and wireless plans for staff is often out of reach financially. It can also be a pain for employees to carry around two different devices, personal and work.
It’s estimated that 83% of companies have some type of BYOD policy.
You can run BYOD securely if you have some best practices in place. Too often, business owners don’t even know all the devices that are connecting to business data. Or which ones may have data stored on them.
Here are some tips to overcome the security and challenges of BYOD. These should help you enjoy a win-win situation for employees and the business.
Define Your BYOD Policy
If there are no defined rules for BYOD, then you can’t expect the process to be secure. Employees may leave business data unprotected. Or they may connect to public Wi-Fi and then enter their business email password, exposing it.
If you allow employees to access business data from personal devices, you need a policy. This policy protects the company from unnecessary risk. It can also lay out specifics that reduce potential problems. For example, detailing the compensation for employees that use personal devices for work.
Keep Your Policy “Evergreen”
As soon as a policy gets outdated, it becomes less relevant to employees. Someone may look at your BYOD policy and note that one directive is old. Because of that, they may think they should ignore the entire policy.
Make sure that you keep your BYOD policy “evergreen.” This means updating it regularly if any changes impact those policies.
Use VoIP Apps for Business Calls
Before the pandemic, 65% of employees gave their personal phone numbers to customers. This often happens due to the need to connect with a client when away from an office phone. Clients also may save a personal number for a staff member. For example, when the employee calls the customer from their own device.
Customers having employees’ personal numbers is a problem for everyone. Employees may leave the company and no longer answer those calls. This could result in the customer may not realize why and could get aggravated.
You can avoid the issue by using a business VoIP phone system. These services have mobile apps that employees can use. VoIP mobile apps allow employees to make and receive calls through a business number.
Hosted VoIP also offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide. With Rock-IT VoIP, we also port your numbers so they stay the same and handle any upgrades, maintenance, and programming!
Create Restrictions on Saved Company Data
Remote work has exasperated the security issue with BYOD. While BYOD may have meant mobile devices in the past, it now means computers too. Remote employees often will use their own PCs when working outside the office.
No matter what the type of device, you should maintain control of business data. It’s a good idea to restrict the types of data that staff can store on personal devices. You should also ensure that it’s backed up from those devices.
Require Device Updates
When employee devices are not updated or patched, they invite a data breach. Any endpoint connected to your network can enable a breach. This includes those owned by employees.
It can be tricky to ensure that a device owned by an employee is kept updated. Therefore, many businesses turn to endpoint management solutions. An endpoint device manager can push through automated updates. It also allows you to protect business data without intruding on employee privacy.
The monitoring and management capabilities of these tools improve security. This includes the ability to safelist devices. Safelisting can block devices not added to the endpoint manager.
Include BYOD in Your Offboarding Process
If an employee leaves your company, you need to clean their digital trail. Is the employee still receiving work email on their phone? Do they have access to company data through persistent logins? Are any saved company passwords on their device?
These are all questions to ask when offboarding a former staff member. You should also make sure to copy and remove any company files on their personal device. Additionally, ensure that you deauthorize their device(s) from your network.
As a managed client, Databranch will handle the offboarding process to help make the transition smooth and simple.
Let Us Help You Explore Endpoint Security Solutions
We can help you explore solutions to secure a BYOD program. We’ll look at how your company uses personal devices at your business and recommend the best tools. Contact us today at 716-373-4467 x 115 or info@databranch.com to speak with one of our experienced team members.
Article used with permission from The Technology Press.
Read More
When the year is coming to a close, it’s the perfect time to plan for the future. Most businesses begin the year with the hope of growing and improving operations. Much of how a business operates depends on technology. So, it makes sense to look to your IT for areas of optimization.
A year-end technology review provides an opportunity to look at several areas of your IT. The goal is to take time to focus on improvements you can make to boost your bottom line. As well as what tactics to take to reduce the risk of a costly cyberattack.
A recent study by Deloitte looked at digitally advanced small businesses. Small businesses that make smart use of technology are well ahead of their peers. Here are some of the ways they excel:
- Earn 2x more revenue per employee
- Experience year-over-year revenue growth nearly 4x as high
- Had an average employee growth rate over 6x as high
The bottom line is that companies that use technology well, do better. They are also more secure. According to IBM, businesses that have an incident response plan reduce the costs of a data breach by 61%. Using security AI and automation can lower costs by 70%.
As the year is coming to an end, take some time to do a technology review with one of our experienced team members. This will set you up for success and security in the coming year.
Considerations When Reviewing Your Technology at Year-End
The goal of a year-end technology review is to look at all areas of your IT infrastructure. Security, efficiency, and bottom-line considerations will be the key drivers for future initiatives.
Technology Policies
When technology policies get outdated, people stop following them. Review all your policies to see if any of them need updating to reflect new conditions. For example, if you now have some staff working from home, make sure your device use policy reflects this.
When you update policies, let your employees know. This gives them a refresher on important information. They may have forgotten certain things since onboarding.
Disaster Recovery Planning
When is the last time your company did an incident response drill? Is there a list of steps for employees to follow in the case of a natural disaster or cyberattack?
Take time to look at disaster recovery planning for the new year. You should also put dates in place for preparedness drills and training in the coming months.
Interested in learning more? Click here to read about the backup recovery and disaster recovery solutions we have available to protect your business.
IT Issues & Pain Points
You don’t want to go through a big IT upgrade without considering employee pain points. Otherwise, you might miss some golden opportunities to improve staff productivity and wellbeing.
Survey your employees on how they use technology. Ask questions about their favorite and least favorite apps. Ask what struggles they face. Let them tell you how they feel technology could improve to make their jobs better.
This, in turn, benefits your business. It can also help you target the most impactful improvements.
Privileged Access & Orphaned Accounts
Do an audit of your privileged accounts as part of your year-end review. Over time, permissions can be misappropriated. This leaves your network at a higher risk of a major attack.
You should ensure that only those that need them have admin-level permissions. The fewer privileged accounts you have in your business tools, the lower your risk. Compromised privileged accounts password open the door to major damage. Read more about local admin privileges and the associated risks.
While going through your accounts, also look for orphaned accounts. You need to close these because they’re no longer used. Leaving them active poses a security risk.
IT Upgrade & Transformation Plans for the New Year
If you make IT upgrades and decisions “on the fly” it can come back to bite you. It’s best to plan out a strategy ahead of time, so you can upgrade in an organized way.
Have a vulnerability assessment performed. This gives you a list of potential problems your company should address. Eliminating vulnerabilities improves your cybersecurity and planning ahead will allow you to budget for your upgrades while avoiding unplanned expenses
Request your free baseline security assessment here.
Cloud Use & Shadow IT
Review your use of cloud applications. Are certain apps hardly used? Do you have redundancies in your cloud environment? A review can help you cut waste and save money.
Also, look for uses of shadow IT by employees. These are cloud applications that are being used for work but did not go through approval. Management may not even be aware of them. Remove this security risk by either closing the accounts or officially approving them.
Customer-Facing Technology
Don’t forget to look at the customer experience of your technology infrastructure. Go through your website and contact process as a customer would.
If you get frustrated by things like site navigation, then your customers and leads may be too. Include optimizations to your customer-facing technology in your new year plans.
Schedule a Technology & Security Assessment Today!
We can help you with a thorough review of your technology environment to give you a roadmap for tomorrow. Contact us today at 716-373-4467 x 115, info@databranch.com, or fill out the form below to see how we can make the most out of your technology infrastructure for next year.
Article used with permission from The Technology Press.
Read More
Have you ever bought a new computer and then had buyer’s remorse a few months later? Maybe you didn’t pay attention to the storage capacity and ran out of space. Or you may have glossed over memory and now experience constant freeze-ups.
An investment in a new PC isn’t something you want to do lightly. Doing your research ahead of time and consulting with an IT business, such as Databranch, can help. It will keep you from making major mistakes that could come back to haunt you later.
Here are several things to consider before you put down your hard-earned money on a new computer.
The Amount of Memory (RAM)
One of the big mistakes that people make when looking for a new computer is to ignore the RAM. Random access memory may be called RAM on the specification or “memory.” If your system has low memory, you run into all sorts of problems.
These issues can include:
- Browser freezing up when you have too many tabs open
- Issues watching videos
- Some software not working properly
- Sluggish behavior
- Inability to open multiple applications
- Constant freezes
Memory is the “thought process” of the PC. If there isn’t enough, it can’t take on another task until it completes the current processing tasks. This can cause frustration and ruin your productivity.
People often go for those low-priced computer deals when looking for a new device. But these can include only 4GB of RAM. That’s not a lot if you do much more than staying in a single application or just a few browser tabs.
The higher the RAM, the more responsive the system performance. So, look for PCs with at least 8GB of RAM. Or higher if you do any graphics/video or other processing-intensive activities.
User Reviews for Longevity
Buying a new computer is an investment. So, it’s natural to want that investment to last as long as possible. You don’t want to spend $700 on a new computer, only to begin experiencing problems when it’s just two years old.
Take your time to research user reviews on the specific models you’re considering. You’ll begin to see patterns emerging. Steer clear of models that have consistent complaints about breakdowns sooner than expected.
You may have to pay a little more for a system that has a better track record of performance, but it will save you in the long run when you have more years of usable life before that device needs replacement.
Whether the PC is for Personal or Business Use
If you have a small business or are a freelancer, you may try to save money by buying a consumer PC. But this could end up costing you more in the long run.
Consumer PCs aren’t designed for continuous “9-to-5” use. They also often lack certain types of firmware security present in business-use models. The price gap has also shortened between good consumer computers and business versions. If you’re not looking at the cheap systems, you’ll find that it’s not that much more to get a business-grade device.
Interested in learning more about the security measures you should be implementing on all your company devices? Click here to read our simple guide for better endpoint protection.
The Processor Used
It can be confusing to read through the processor specifications on a computer. How do you know if Intel Core i7 or i3 is best for your needs? What’s the performance difference between AMD and Intel processors?
If you don’t want to do the research yourself, contact Databranch today at 716-373-4467 x 115 or at info@databranch.com. We’re happy to explain in layman’s terms the differences, as well as guide you in the right direction of which processor makes the most sense for your intended use.
For Laptops: The Case Type
If you’re looking for a laptop computer, it’s important to choose a durable option. Laptops have some unique characteristics that differ from desktops, such as the keyboard being part of the unit and not easily replaced by the user.
If you get a laptop made from cheap plastic, it’s bound to break during normal use. Keys could also easily pop off the keyboard, requiring a trip to a computer repair shop.
You want to consider the materials used for the laptop, paying a little extra for a better casing is definitely worth it. It can help you avoid unneeded headaches.
Storage Capacity
Storage capacity can be a pain point that you experience after the fact. If you buy a computer without paying attention to hard drive space, you could regret it. You may not be able to transfer over all your data from the old system or you may not have enough room for growth.
Storage capacity can also be an area where you can save some money. If you store most of your files in the cloud, then you may not need a lot of hard drive space. The less space you need, the lower the price.
Hard Drive Type
If you can get a computer with a solid-state drive (SSD) rather than a traditional hard disk drive (HDD) you should. SSDs are faster and less likely to have read/write issues. They have no moving parts; thus they are quieter as well.
Solid-state drives have come down in price quite a bit recently. There are many affordable options, and you’ll also find some PCs with both a hard drive and SSD.
Come to Us Before You Spend Money on a New Computer
Don’t blindly invest in a new computer without some expert guidance. Contact Databranch today at 716-373-4467 x 115 or at info@databranch.com for a consultation to help guide you towards the proper PC for your business.
Article used with permission from The Technology Press.
Read More