Data loss disasters come in many forms, ranging from full-scale natural calamities to cyberattacks and even simple human errors. Disasters can bring businesses to a grinding halt. Apart from financial and reputational damage, failing to protect valuable data can also result in expensive lawsuits.

That’s why businesses, regardless of size, must have a backup and disaster recovery (BCDR) plan. By implementing a foolproof BCDR, you can quickly get your business back up and running should disaster strike. It will also help you comply with governmental and industry regulatory frameworks.

In this post, we’ll break down the different types of data loss disasters and outline the key BCDR components that can help you make it through a disruptive event with flying colors.

The Many Forms Data Loss Can Take

Let’s analyze the various types of data loss disasters that can hurt your business:

Natural Disasters

This covers everything from storms, hurricanes, floods, fires, tsunamis and volcano eruptions. In most cases, you can expect infrastructural damages, power failure and mechanical failures, which could then lead to data loss.

Hardware and Software Failure

Software and hardware disruption can cause data loss if you don’t have BCDR measures in place. These disruptions could be due to bugs, glitches, configuration errors, programmatic errors, component failures, or simply because the device is at its end of life or the software is outdated.

Unforeseen Circumstances

Data loss can happen due to random, unexpected scenarios. For instance, a portable hard disk held by an employee could get stolen, your server room may have a water leak because of a plumbing issue, or there could even be a pest infestation in one of your data centers.

Human Factor

Human errors are a leading cause of data loss incidents. These errors range from accidental file deletions, overwriting of existing files and naming convention errors to forgetting to save or back up data or spilling liquid on a storage device.

Cyberthreats

Your business may fall prey to malware, ransomware and virus attacks, which could leave your data and backups corrupt and irrecoverable. Additionally, data loss could be caused by malicious insiders with unauthorized access, which often goes under the radar.

Allowing your employees to have administrative privileges can leave holes in your cybersecurity, visit us here to learn more.

Key components of BCDR

Here are a few crucial things to keep in mind as you build a robust BCDR strategy:

Risk Assessment

Identify potential risks and threats that would impact business operations. Measure and quantify the risks to tackle them. 

Databranch believes that identifying the right level of security to protect your IT infrastructure begins with a comprehensive security assessment that includes vulnerability/penetration evaluation, assessment reporting and security policy creation.

You can visit our website here to request your FREE baseline security assessment.

Business Impact Analysis (BIA)

Assess the potential consequences of a disruptive event on critical business functions and prioritize them in the recovery plan.

Continuity Planning

Implement procedures to resume critical business operations during disruption, with minimal downtime. Databranch offers our BCDR solution from Datto, the leader in Total Data Protection. Not only will Datto backup all your data to the device itself, but it will also backup everything to 2 separate offsite cloud storage locations.

So, in the event that the local device is destroyed, your business can be up and running in just minutes.

Disaster Recovery Planning

Plan a well-defined business resumption plan to recover critical IT functions and data following a disruptive incident. With a recovery plan in place, many businesses may simply never recover.

Do you know the cost of downtime for your business? If not, visit our website here to view our Recovery Time Calculator.

Testing and Maintenance

Periodically test your disaster recovery and backup plans to ensure they can be recovered in a disaster. If they fail, you can work on the enhancement.

Wondering Where to Begin?

Developing and implementing a BCDR plan on your own can be daunting. However, we can help you build the right BCDR strategy for your business profile. 

Databranch has the knowledge and experience to take care of your backup and BCDR needs. Get in touch with us today at 716-373-4467 option 6, [email protected].

You can also download our infographic below to learn more about planning for potential data loss.

Read More

Cybercriminals are always looking for new ways to bypass security defenses. That’s why it’s essential to think like a hacker and adopt measures to stay ahead of them. This is what Defense in Depth (DiD) is all about.

The National Institute of Standards and Technology (NIST) defines DiD as “The application of multiple countermeasures in a layered or stepwise manner to achieve security objectives. The methodology involves layering heterogeneous security technologies in the common attack vectors to ensure that attacks missed by one technology are caught by another.”

In simple terms, DiD is a cybersecurity approach in which multiple defensive methods are layered to protect a business. Since no individual security measure can guarantee protection against every attack, combining several layers of security can be more effective.

Before you start your DiD journey, it’s crucial to stay informed about the changing threat landscape.

9 Threats to Protect Your Business Against

While there are numerous threats that businesses like yours must be aware of, let’s look at some of the most common.

 1. Ransomware 

Ransomware is a type of malware that threatens to disclose sensitive data or blocks access to files/systems by encrypting it until the victim pays a ransom. Failure to pay on time can lead to data leaks or permanent data loss.

2. Phishing/Business Email Compromise (BEC) 

Phishing involves a hacker masquerading as a genuine person/organization primarily through emails or other channels like SMS. Malicious actors use phishing to deliver links or attachments that execute actions such as extracting login credentials or installing malware.

Business email compromise (BEC) is a scam that involves cybercriminals using compromised or impersonated email accounts to manipulate victims into transferring money or sharing sensitive information.

3. Cloud Jacking

Cloud jacking, or hijacking, entails exploiting cloud vulnerabilities to steal an account holder’s information and gain server access. With more and more companies adopting cloud solutions, IT leaders are worried about cloud jacking becoming a significant concern for years to come.

4. Insider Threats 

An insider threat originates from within a business. It may happen because of current or former employees, vendors or other business partners who have access to sensitive business data. Because it originates from the inside and may or may not be premeditated, an insider threat is hard to detect.

5. Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS)

These attacks are common and easy to carry out. In a DoS or DDoS attack, hackers flood the targeted system with multiple data requests, causing it to slow down or crash.

6. Artificial Intelligence (AI) and Machine Learning (ML) Hacks

Artificial intelligence (AI) and machine learning (ML) are trending topics within the IT world for their path-breaking applications. However, AI and ML help hackers more efficiently develop an in-depth understanding of how businesses guard against cyberattacks.

7. Internet of Things (IoT) Risks and Targeted Attacks

IoT devices are a favorite target of cybercriminals because of the ease of data sharing without human intervention and inadequate legislation.

8. Web Application Attacks

Vulnerabilities within web applications permit hackers to gain direct access to databases to manipulate sensitive data. Business databases are regular targets because they contain sensitive data, including Personally Identifiable Information (PII) and banking details.

9. Deepfakes

A deepfake is a cyberthreat that uses artificial intelligence to manipulate or generate audio/video content that can deceive end users into believing something untrue.

Get Up and Running with DiD

To keep sophisticated cyberthreats at bay, you need a robust DiD strategy. Your strategy should involve layering multiple defensive methods, like firewalls, intrusion prevention and detection systems, endpoint detection and response (EDR) and more, to build a security fortress that’s hard to crack.

DiD is an undertaking that requires time and effort. That’s why collaborating with a partner like Databranch, who can implement and maintain your DiD strategy while you focus on your business, is ideal.

If you want to learn more about how DiD can help protect your business, download our free eBook “7 Elements of an Effective Defense in Depth (DiD) Security Strategy.”

You can also reach out to one of our experienced team members at 716-373-4467 option 6, or [email protected].

Read More

Social media has significantly transformed the way we communicate and do business. However, this growing popularity also comes with potential risks that could cause harm to businesses like yours.

Unfortunately, many organizations remain unaware of these rapidly evolving challenges. In this blog, we will explore the dangers associated with social media and share practical tips to safeguard your organization’s reputation and financial stability so that you can safely reap the benefits of social media platforms.

Exploring the Risks

Social media presents several risks that you need to address, such as:

Security Breaches

Cybercriminals can exploit social media to steal sensitive information by creating fake profiles and content to trick people into sharing confidential data. Social media platforms are also vulnerable to hacking, which can have a negative impact on your business.

Reputation Damage

Negative comments from dissatisfied customers, envious competitors or even unhappy employees can quickly spread online and cause significant damage to your brand’s image within seconds.

Employee Misconduct

Certain employees may share offensive content or leak confidential information on social media, which can trigger a crisis that can be challenging for business leaders to handle.

Legal Accountability

Social media has the potential to blur the boundaries between personal and professional lives, which can, in turn, create legal liabilities for your business. If your employees make malicious remarks about competitors, clients or individuals, the public can hold you responsible for their actions. Employees may also face the consequences if their social media behavior violates the organization’s regulations.

Phishing Threats

Social media phishing scams can target your business and employees by installing malware or ransomware through seemingly authentic posts.

Fake LinkedIn Jobs

Cybercriminals often pose as recruiters on LinkedIn and post fake job listings to collect data for identity theft scams.

Securing Your Business

Taking proactive measures is essential to avoid social media risks, including:

Checking Privacy Settings

Set privacy settings to the highest level across all accounts, restricting your and your employees’ access to sensitive information. This includes removing Local Admin Privileges for employees.

Strengthening Security

Employ robust passwords and multifactor authentication (MFA) to bolster account security.

Establishing Clear Guidelines

Enforce clear social media rules for company and personal devices, customizing policies to fit your industry’s unique risks.

Educating Your Teams

Educate your team on social media risks, imparting safe practices to thwart scams and phishing attempts. Our Employee Cybersecurity Training not only offers an annual cybersecurity training, but also contains weekly micro-trainings to keep your employees up to date on real world threats.

Identifying Impersonation

Develop protocols to detect and manage fake profiles and impersonations swiftly. Remain vigilant and report any suspicious activity.

Vigilant Monitoring

Set up a system to monitor social media, promptly addressing fraudulent accounts or suspicious activity that could stain your brand image.

Act Now to Safeguard Your Business

Understanding the risks and adhering to social media best practices are crucial for businesses of all sizes. By following these guidelines, you can reduce your business’s vulnerability while reaping the rewards of social media.

For comprehensive insights into social media safety, download our eBook “From Vulnerability to Vigilance: Social Media Safety.”

Reach out to Databranch today at 716-373-4467 option 4 or [email protected] if your business is looking to increase their cybersecurity awareness.

Read More

What is Ransomware?

Ransomware is a type of malware that encrypts data on a computer or network into an unreadable format until a sum of money, or ransom, is paid.

How does Ransomware Work?

When run, ransomware will scan the file storage disk for files to encrypt – typically documents, spreadsheets, etc. The files are encrypted with a key that only the attackers know, thus preventing your access to the files. Then, threat actors hold you files hostage, demanding a ransom to be paid for you to get your access back.

How do Hackers Sneak into an Environment?

Hackers are stealthy and can sneak in using many different approaches. Here are a few of the most popular ways that hackers gain access:

• Phishing: This is when a threat actor tricks someone into handling over their sensitive, personal information, such as a credit card or Social Security number. The victim believe they’re handing over their information to a trustworthy resource when in reality, they’re giving their information to threat actors.
• Public-Facing Vulnerabilities: Threat actors scour the internet looking for systems with known vulnerabilities. Then, they exploit them to gain access to the environment.
• Drive-By Downloads: This is when someone navigated to a malicious webpage and unknowingly downloads malicious code to their computer – all by visiting the webpage.
• Purchased Access: There’s a marketplace for everything these days, and cyberattacks are no exception. The dark web is a treasure trove of hackers for hire and deployable ransomware for download.

Ransomware Prevention

1. Keep your computer updated and patched.
2. Verify, then trust.
3. Make sure your connection to a site is secure before submitting any personal information.
4. Stay up-to-date on the latest cybersecurity education.

Ransomware Detection

Prevention is only part of the puzzle. Some attacks are virtually impossible to prevent. It all comes down to fast detection and response times, which help you combat tomorrow’s threats that may not be detectable today.

The most efficient way to detect ransomware is to leverage the tools in your security stay. 

Secure your business with a cybersecurity platform that secure your business and detects hackers. To protect our managed clients, we deploy a suite of cybersecurity tools that are backed by a 24/7 Threat Operations Center that worked to protect your assets and evict malicious actors.

Reach out to Databranch today at 716-373-4467 x115 or [email protected] to learn more.

Read More

Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.

Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach. Including remediating a malware infection or compromised account.

Cybersecurity insurance policies will cover the costs for things like:

• Recovering compromised data
• Repairing computer systems
• Notifying customers about a data breach
• Providing personal identity monitoring
• IT forensics to investigate the breach
• Legal expenses
• Ransomware payments

Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year.

No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well. About 60% of small businesses close down within 6 months of a cyber incident.

The increase in online danger and rising costs of a breach have led to changes in this type of insurance. The cybersecurity insurance industry is ever evolving and businesses need to keep up with these trends to ensure they can stay protected.

Here are some of the cyber liability insurance trends you need to know about.

Demand is Going Up

The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.

Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.

With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.

Premiums are Increasing

With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%. 

The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive. This is at the same time as they are more necessary.

Certain Coverages are Being Dropped

Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government. Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.

In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.

Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.

Insurance carriers are tired of unsecured clients relying on them to pay the ransom, so many are excluding ransomware payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned.

If a cybersecurity incident occurs, does your business have a recovery plan? If not, reach out to Databranch today to get started.

It’s Harder to Qualify

Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.

Some of the factors that insurance carriers look at include:

• Network security
• Use of things like multi-factor authentication
• BYOD and device security policies
• Advanced threat protection
• Automated security processes
• Backup and recovery strategy
• Administrative access to systems
• Anti-phishing tactics
• Employee security training

You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this.

This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.

So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.

Need Help Making Sense of Cybersecurity Policies?

Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should. If you’re considering cybersecurity insurance, don’t go it alone. Contact us today at 716-373-4467 x 115 or [email protected], we can explain the policy details and provide guidance.

Article used with permission from The Technology Press.

Read More

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.

Well, a new report by the cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

• Customer records
• Employee records
• Bank account information
• Emails and passwords
• Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.

Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Even if a hacker can’t get as much ransom from a small business as they can from a larger organization, it’s worth it. They often can breach more small companies than they can larger ones.

When companies pay the ransom, it feeds the beast and more cyber criminals join in. Criminals who are newer to ransomware attacks will often go after smaller, easier-to-breach companies.

Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity

Cybersecurity Training is another thing is usually not too high on the list of priorities for a small business owner. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.

Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.

In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.

Phishing causes over 80% of data breaches.

A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.

Teaching employees how to spot these ploys can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus.

Need Affordable IT Security Services for Your Small Business?

Reach out today at 716-373-4467 x 115 or [email protected] to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.

Article used with permission from The Technology Press.

Read More

In 2020, 75% of companies around the world experienced a phishing attack. Phishing remains one of the biggest dangers to your business’s health and wellbeing because it’s the main delivery method for all types of cyberattacks.

One phishing email can be responsible for a company succumbing to ransomware and having to face costly downtime. As many as 92% of data breaches are due to human error such as falling for a phishing email. This can result in a user unknowingly handing over the credentials to a company email account that the hacker then uses to send targeted attacks to customers.

Phishing takes advantage of human error, and some phishing emails use sophisticated tactics to fool the recipient into divulging information or infecting a network with malware.

Mobile phishing threats skyrocketed by 161% in 2021.

Your best safeguards against the continuous onslaught of phishing include:

• Email filtering
• DNS filtering
• Next-gen antivirus/anti-malware
• Ongoing employee cybersecurity awareness training

To properly train your employees and ensure your IT security is being upgraded to meet the newest threats you need to know what new phishing dangers are headed your way.

Here are some of the latest phishing trends that you need to watch out for in 2022.

PHISHING IS INCREASINGLY BEING SENT VIA TEXT MESSAGE

Fewer people are suspicious of text messages than they are of unexpected email messages. Most phishing training is usually focused on the email form of phishing because it’s always been the most prevalent.

But cybercrime entities are now taking advantage of the easy availability of mobile phone numbers and using text messaging to deploy phishing attacks. This type of phishing (called “smishing”) is growing in volume.

People are receiving more text messages now than they did in the past, due in large part to retailers and service businesses pushing their text updates for sales and delivery notices.

This makes it even easier for phishing via SMS to fake being a shipment notice and get a user to click on a shortened URL.

BUSINESS EMAIL COMPROMISE IS ON THE RISE

Ransomware has been a growing threat over the last few years largely because it’s been a big money-maker for the criminal groups that launch cyberattacks. A new up-and-coming form of attack is beginning to be quite lucrative and thus is also growing.

Business email compromise (BEC) is on the rise and being exploited by attackers to make money off things like gift card scams and fake wire transfer requests.

What makes BEC so dangerous (and lucrative) is that when a criminal gains access to a business email account, they can send very convincing phishing messages to employees, customers, and vendors of that company. The recipients will immediately trust the familiar email address, making these emails potent weapons for cybercriminals.

Enabling Multi-Factor Authentication (MFA) is one of the best ways you can protect yourself and your business from BEC. Reach out to Databranch with any questions or if you would like assistance setting up MFA for your companies users.

SMALL BUSINESSES ARE BEING TARGETED MORE FREQUENTLY WITH SPEAR PHISHING

There is no such thing as being too small to be attacked by a hacker. Small businesses are targeted frequently in cyberattacks because they tend to have less IT security than larger companies.

43% of all data breaches target small and mid-sized companies, and 40% of small businesses that become victims of an attack experience at least eight hours of downtime as a result.

Spear phishing is a more dangerous form of phishing because it’s targeted and not generic. It’s the type deployed in an attack using BEC.

It used to be that spear-phishing was used for larger companies because it takes more time to set up a targeted and tailored attack. However, as large criminal groups and state-sponsored hackers make their attacks more efficient, they’re able to more easily target anyone.

A result is small businesses receiving more tailored phishing attacks that are harder for their users to identify as a scam.

THE USE OF INITIAL ACCESS BROKERS TO MAKE ATTACKS MORE EFFECTIVE

We just discussed the fact that large criminal groups are continually optimizing their attacks to make them more effective. They treat cyberattacks like a business and work to make them more profitable all the time.

One way they are doing this is by using outside specialists called Initial Access Brokers. This is a specific type of hacker that only focuses on getting the initial breach into a network or company account.

The increasing use of these experts in their field makes phishing attacks even more dangerous and difficult for users to detect.

BUSINESS IMPERSONATION IS BEING USED MORE OFTEN

As users have gotten savvier about being careful of emails from unknown senders, phishing attackers have increasingly used business impersonation. This is where a phishing email will come in looking like a legitimate email from a company that the user may know or even do business with.

Amazon is a common target of business impersonation, but it also happens with smaller companies as well. For example, there have been instances where website hosting companies have had client lists breached and those companies sent emails impersonating the hosting company and asking the users to log in to an account to fix an urgent problem.

More business impersonation being used in phishing attacks mean users have to be suspicious of all emails, not just those from unknown senders.

IS YOUR COMPANY ADEQUATELY PROTECTED FROM PHISHING ATTACKS?

It’s important to implement a multi-layered security strategy to defend against one of the biggest dangers to your business’s wellbeing, phishing attacks. Contact Databranch today at 716-373-4467 x 15 or [email protected] if you would like to learn more about what options are available to improve your organizations cybersecurity. Our Foundation Security Plan offers a wide variety of benefits such as increasing malware/ransomware protection, reduces phishing compromises, and helps prevent data theft/loss.

To request a free Baseline Security Assessment, click here.

Article used with permission from The Technology Press.

Read More