Call (716) 373-4467

Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for, so the user often assumes that they don’t need to worry about security because it’s handled.

This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure but the user is responsible for configuring security settings in their account properly.

Problems with misconfiguration are the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake because it hasn’t adequately secured its cloud application. 

Perhaps they gave too many employees administrative privileges or, they may have neglected to turn on a security function that would have prevented the downloading of cloud files by an unauthorized user.   

Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 shed light on how common this issue is. Around 45% of organizations experience between 1 and 50 cloud misconfigurations per day.

Some of the main causes of misconfiguration are:

  • Lack of adequate oversight and controls
  • A team lacking security awareness
  • Too many cloud APIs to manage
  • No adequate cloud environment monitoring
  • Negligent insider behavior
  • Not enough expertise in cloud security

Use the tips below to reduce your risk of a cloud data breach and improve cloud security.

 

Enable Visibility into Your Cloud Infrastructure

Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use.

When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team.

How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous and why they often result in breaches due to misconfiguration.

Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.

 

Restrict Privileged Accounts

The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability, such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers.

Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.

Click here to learn more about the risks associated with Administrative Privileges.

 

Put in Place Automated Security Policies

Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches. 

For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place.

 

Use a Cloud Security Audit Tool (Like Microsoft Secure Score)

How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk.

Use an auditing tool, like Microsoft Secure Score. You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps.

 

Set Up Alerts for When Configurations Change

Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:

  • An employee with elevated permissions accidentally changes them
  • A change caused by an integrated 3rd party plug-in
  • Software updates
  • A hacker that has compromised a privileged user credential

Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off.

If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation.

 

Have a Cloud Specialist Check Your Cloud Settings

Business owners, executives, and office managers usually are not cybersecurity experts and no one should expect them to know how to configure the best security for your organization’s needs.

It’s best to have a cloud security specialist from Databranch check your settings. Thinking about moving your applications from your local server to the cloud? We can help ensure that they’re set up to keep your data protected without restricting your team. 

 

Improve Cloud Security & Lower Your Chances for a Data Breach

Most work is now done in the cloud, and companies store data in these online environments.  Don’t leave your company at risk by neglecting to review your cloud security configuration. Contact Databranch today at 716-373-4467 x 115 or info@databranch.com to set up a cloud security assessment. 

 

Article used with permission from The Technology Press.

Databranch has been tracking a Microsoft Outlook security flaw, CVE-2023-23397.

The critical Outlook exploit affects both 32 and 64-bit versions of Microsoft 365 Apps for Enterprise. Office 2013, 2016, and 2019.

It is triggered by sending a malicious email (which doesn’t even need to be opened) that lets attackers capture the Net-NTLMv2 hash (challenge response protocols used for authentication in Windows environments) of the recipient and thereby authenticate as the victim.

More information can be found here.

Microsoft has released a patch to address some instances of Outlook.

If you are a managed maintenance client, we are actively working to patch vulnerable instances of Outlook for you. 

You may see the following prompts as your client is updated.  

 

 

Please feel free to reach out to support@databranch.com with any questions. 

If you are not a managed client and would like to discuss how Databranch can help to proactively manage, monitor, and patch your IT environment, please reach out to Databranch at 716-373-4467 x115 or info@databranch.com.

No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)

These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that along with lost customer trust. A business could also have extensive legal costs associated with a breach.

Visit our website here to see what the cost of downtime would be for your business.

According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.

Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.

It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.

Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack. 

All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.

 

Cybersecurity Tactics to Reduce the Impact of a Breach

 

Use a Hybrid Cloud Approach

Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.

Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.

What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.

 

Put in Place a Disaster Recovery Plan & Practice It

You don’t need to be a large enterprise to create an Disaster Recovery (DR) plan. The DR plan is a set of instructions for employees to follow should any number of cybersecurity incidents occur.

Along with this, it is the Business Continuity Solution put in place by the business to monitor backup processes, implement recovery objectives and restore your data to its former state.

Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. DR plans improve the speed and effectiveness of a response in the face of a security crisis.

Having a practiced Disaster Recovery plan reduces the cost of a data breach by an average of $2.66 million per incident.

Need help setting up your Disaster Recovery plan? We’re ready to help you with a custom-built business continuity solution that meets the needs of your unique business. Give our experts a call at 716-373-4467 x115 or click here to get started.

 

Adopt a Zero Trust Security Approach

Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:

Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach. 

 

Use Tools with Security AI & Automation

Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.

Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.

Here at Databranch, we use a number of automated remote monitoring tools that will inspect your system 24/7, 365 days a year to help prevent attacks from happening to your organization. Click here to learn more.

 

How to Get Started Improving Your Cyber Resilience

Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.

Databranch will even help you put together a roadmap to achieve this in the most efficient way possible. Address the “low-hanging fruit” first. Then, move on to longer-term projects.

As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.

A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.

 

Need Help Improving Your Security & Reducing Risk?

Working with Databranch can take the cybersecurity burden off your shoulders. Contact us today at 716-373-4467 x 115 or info@databranch.com to discuss your security needs.

 

Article used with permission from The Technology Press.

Imagine you’re going about your day when suddenly you receive a text from the CEO asking for your help. They’re out doing customer visits and someone else dropped the ball in providing gift cards. The CEO needs you to buy six $200 gift cards and text the information right away.

The message sender promises to reimburse you before the end of the day. Oh, and by the way, you won’t be able to reach them by phone for the next two hours because they’ll be in meetings. One last thing, this is a high priority. They need those gift cards urgently.

Would this kind of request make you pause and wonder or would you quickly pull out your credit card to do as the message asked?

A surprising number of employees fall for this gift card scam. There are also many variations. Such as your boss being stuck without gas or some other dire situation that only you can help with.

This scam can come by text message or via email. The unsuspecting employee buys the gift cards and sends the numbers back to the boss. They find out later that the real company CEO wasn’t the one that contacted them, it was a phishing scammer.

The employee is out the cash.

Without proper training, 32.4% of employees are prone to fall for a phishing scam.

Read about our Employee Security Awareness training and the services it offers here.

 

Why Do Employees Fall for Phishing Scams?

Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics and manipulate emotions to get the employee to follow through on the request.

Some of these social engineering tactics illicit the following:

  • The employee is afraid of not doing as asked by a superior
  • The employee jumps at the chance to save the day
  • The employee doesn’t want to let their company down
  • The employee may feel they can advance in their career by helping

The scam’s message is also crafted in a way to get the employee to act without thinking or checking. It includes a sense of urgency. The CEO needs the gift card details right away. Also, the message notes that the CEO will be out of touch for the next few hours. This decreases the chance the employee will try to contact the real CEO to check the validity of the text.

 

Illinois Woman Scammed Out of More Than $6,000 from a Fake CEO Email

Variations of this scam are prevalent and can lead to significant financial losses. A company isn’t responsible if an employee falls for a scam and purchases gift cards with their own money.

In one example, a woman from Palos Hills, Illinois lost over $6,000. This was after getting an email request from who she thought was her company’s CEO. 

The woman received an email purporting to be from her boss and company CEO. It stated that her boss wanted to send gift cards to some selected staff that had gone above and beyond.

The email ended with “Can you help me purchase some gift cards today?”  The boss had a reputation for being great to employees, so the email did not seem out of character.

The woman bought the requested gift cards from Target and Best Buy. Then she got another request asking to send a photo of the cards. Again, the wording in the message was very believable and non-threatening. It simply stated, “Can you take a picture, I’m putting this all on a spreadsheet.” 

The woman ended up purchasing over $6,500 in gift cards that the scammer then stole. When she saw her boss a little while later, her boss knew nothing about the gift card request. The woman realized she was the victim of a scam.

 

Tips for Avoiding Costly Phishing Scams

Always Double Check Unusual Requests

Despite what a message might say about being unreachable, check in person or by phone anyhow. If you receive any unusual requests or one relating to money, verify it. Contact the person through other means to make sure it’s legitimate.

Databranch recommends using the SLAM Method to review your emails and act accordingly. Don’t know what the SLAM Method is? Click here to read all about it.

 

Don’t React Emotionally

Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realize it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary.

 

Get a Second Opinion

Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error. 

 

Need Help with Employee Phishing Awareness Training?

Phishing keeps getting more sophisticated all the time, are your employee’s up to date on their security awareness training?

Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program that helps your team change their behaviors to improve cyber hygiene.

Contact Databranch today at 716-373-4467 x 115 or info@databranch.com if you would like to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

 

Article used with permission from The Technology Press.

 

The CIA Triad is an information security concept that consists of three core principles, (1) Confidentiality, (2) Integrity and, (3) Availability. These core principles become foundational components of information security policy, strategy and solutions. Cybersecurity professionals and Executives responsible for the oversight of cybersecurity programs should have a deep understanding and appreciation for each of the three core principles.

 

Ultimately, all vulnerabilities and risks should be evaluated based on the threat they pose to one or more of the CIA Triad core principles. In addition, all security controls, or countermeasures, should be evaluated on how well they address the core principles of the CIA Triad.

 

Confidentiality

This core security principle is defined as the ability to restrict unauthorized subjects from accessing data, systems, objects or resources. Imagine an employee punches the timeclock and goes home for the evening but forgets to shut down or lock their computer. Even worse, they are still logged into the client database that contains all sorts of Personally Identifiable Information (PII) like your client’s names, addresses, and social security numbers. What happens if the janitorial service shows up to clean the office space and one of the cleaners notices the unlocked computer and helps themselves to the valuable info? This example illustrates the importance of Confidentiality.

 

There are many cyber-attacks used to violate confidentiality including, social engineering, theft of credentials or passwords, eavesdropping and network sniffing. Here are a few controls that you should consider incorporating into the program:

  1. Inventory of Devices and Software – It is very difficult to manage access to devices, applications and systems unless you have an accurate inventory of those assets. Once you understand what assets you own, only then can you begin to think about who is authorized to access and use them. At Databranch, our Managed Services clients have their inventory maintained for them by their Databranch Account Manager
  2. Data Classification – You must understand what data or information resides on your information systems. More importantly, you have to classify this data so that it can be protected according to value, sensitivity, and regulatory compliance.
  3. Access Controls – Systems and information should be physically and / or logically segregated based on data classification efforts.  Access to systems and information should be granted to authorized users on a need to know basis. Procedures for granting and revoking access should be documented and enforced. Strong password policies should be implemented and enforced. Privileged accounts should be minimized and monitored very closely using logging and notification technologies. Multifactor Authentication (MFA) should be used by authorized users when accessing systems and data according data classification efforts and regulatory requirements.
  4. Encryption – Information should be encrypted at rest and in transit according to data classification, regulatory requirements and the annual risk assessment. 
  5. Personnel Training – Many confidentiality breaches occur by accident or mistake. Authorized users need to be properly trained. They should understand your data classification policy and acceptable use policy. They should understand why certain security controls are in place, how to properly use them and why they should never attempt to circumvent them. Lastly, they should understand the threat landscape as it relates to confidentiality and what their actions and behaviors can do to help mitigate those risks. Click here to learn more about Databranch’s Annual Security Awareness training.

 

Integrity 

This core security principle is defined as the ability for data and information to retain truth or, accuracy and be intentionally modified by authorized users only. Imagine a patient under the care of doctors and nurses at a hospital. The patient requires 100mg of medication every six hours. What happens if the nurse accesses the patients’ medical records and the 100mg has been modified (with malicious intent or by accident) and now reads 1000mg? This example illustrates the importance of integrity.

 

There are many cyber-attacks used to violate integrity including, computer viruses, malware, logic bombs, database injections and altering system configurations.  Your cybersecurity program should absolutely work to promote integrity and defend against these attacks. Here are a few controls that you should consider incorporating into the program:

  1. Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) – IPS / IDS examines network traffic flows to detect and prevent vulnerability exploits. Many times this technology is embedded in perimeter defenses such as firewalls but, it needs to be enabled and configured to work properly.
  2. Anti-Virus / Anti-Malware – This powerful tool can be used to detect, quarantine and even remove malicious code from computers and systems. It is imperative that Antivirus software is installed and configured on all computing devices.
  3. Vulnerability Management – There should be a process for identifying known vulnerabilities across systems and applications and then remediating those vulnerabilities typically by installing patches. Click here to request your free Databranch baseline security assessment.
  4. Log Monitoring and Analysis – The ability to collect system and application logs and then monitor / analyze them is critical. It can detect anomalies in system behaviors and be used in forensic efforts post incident.

 

Availability 

This core security principle is defined as the ability to grant authorized users uninterrupted access to systems and information. Imagine logging into your computer on Monday morning. You are refreshed from the weekend, ready to work and conquer the world. Then suddenly, a message flashes across your computer screen. The message explains that your computer and everything on it has been encrypted by ransomware, and you must pay a fee to receive the decryption key and resume regular work activities. You no longer have access to email, customer records, financial records, etc. What would you do if the applications and data on your computer were no longer available to use? This example illustrates the importance of Availability.

 

There are many cyber-attacks used to violate availability including, computer viruses, malware and denial of service (DoS). There are also circumstantial events that violate availably such as hardware failure and natural disasters. Your cybersecurity program should absolutely be influenced by the availability principle. Here are a few controls that you should consider incorporating into the program:

  1. Data Backup Systems – Effective data backup strategies should be defined, implemented and monitored for success. If systems or data suddenly become unavailable, recovery efforts almost always start with restoring from a successful backup job.
  2. Disaster Recovery (DR) and Business Continuity Planning (BCP) – Documenting DR and BCP plans is an absolute must. In addition, these plans should be tested, at least annually to verify effectiveness. Learn more about our Dataguard Backup and Recovery solution here!
  3. System Monitoring – Critical systems and applications should be continuously monitored for performance and capacity requirements. Proactive monitoring can often prevent unwanted outages or disruptions.
  4. Incident Response Plan – Having a plan to contain, eradicate, and recover from a cybersecurity incident is invaluable. Incidents create stress and chaos. Having an incident response plan introduces confidence and organization. 

As one can see, the core principles of the CIA Triad (Confidentiality, Integrity and Availability) are simple information security concepts that when properly applied to policy and program creation can have a real meaningful impact our ability to stay safe and protected.

Contact Databranch today at 716-373-4467 x115 or info@databranch.com for any questions about the information above. You can also fill out the form below to set up a meeting with one of our experienced team members to discuss how we can help enhance your businesses cybersecurity.

Article used with permission from Huntress.

Our technology inevitably comes with us when we travel. Some people won’t even travel to the end of the block without their smartphones. Whether you travel for work or pleasure, not having your technology there when you need it can ruin your day.

Travel smarter and more securely by doing several checks before you go. Use our handy tech travel checklist below, it can save you from lost devices or a data breach.

 

1. Check Your Apps

Have you ever sat at an airport gate wondering why it looked so empty? You then found out that your gate had changed, and you had no idea. You go rushing to the other end of the concourse, hoping you’re not too late.

How did everyone else know about the gate change? They most likely had the app for the airline and received a notification.

Before you leave for a trip, make sure to download any apps you may need. It’s better to download them when you’re at home on your own Wi-Fi. Waiting until you’re at the airport could cause connectivity or security issues.

Some of the apps you may want to download or update before your trip are:

  • Airline app
  • Train app
  • Hotel app
  • Weather app
  • City tourism app

 

2. Check Your Cords & Adapters

People leave behind countless chargers and adapters every day. They litter airports, restaurants, and train stations around the world.  Make sure to bring a backup charger for your laptop, tablet, or phone. Otherwise, you may find yourself paying a premium price for a new charger in a gift shop. 

 

3. Check Your Power

A great way to ensure you have the power you need is to buy a small portable battery. You can find these in most major retailers or online. They are small “blocks” that hold a charge and can power up a cell phone in a pinch.

Having this extra backup also helps you avoid potential juice-jacking ports. These are fake or compromised public USB charging ports that hackers use them to steal your data when you plug in your device.

 

4. Check Your Mobile Plan

Traveling for work is exciting, but it can also lead to issues connecting with clients. Being away from the office means missed calls an unheard voicemails.

Handing out you personal mobile number may seem like a good solution. However, having clients or coworkers reach you at all hours of the day can blur the line between your professional and personal life. It can also get expensive if you’re on long calls or using your own mobile data.

An alternative is to set up a VoIP app that you can use with your office while you’re traveling. These enable both calls and SMS, but you do need an internet connection.

Interested in learning more about VoIP and the functions it provides? Reach out to Databranch today! Our Rock-It VoIP platform offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide. With Rock-IT VoIP, we also port your numbers so they stay the same and handle any upgrades, maintenance, and programming!

 

5. Check or Add a VPN

Free Wi-Fi may be a welcome site when you’re on the road, but it can also be dangerous. You don’t know who else is using that Wi-Fi. A hacker hanging out on the connection can easily steal your data if you’re not protected.

It’s better to use either your mobile carrier connection or a virtual private network (VPN) app. VPN plans are inexpensive and will keep your data encrypted, even if you’re on public Wi-Fi.

Visit our website here to learn more about VPNs and what factors to consider when choosing a plan.

 

6. Check Your Backup

Unfortunately, mishaps occur when traveling. You may leave your phone behind in the airport, have your luggage lost, or get your device stolen while in a crowded area.

10% of all laptop thefts happen in airports.

Don’t lose all your work data with the device! Back up your devices to the cloud or local storage before you travel. This ensures that you won’t lose the valuable information on your device. 

Need help with a Data Backup and Recovery plan for your business? Contact us today or visit our website to learn more.

 

7. Check Your Device Security

Make your devices as secure as possible before you hit the road. When we’re traveling, our minds are occupied by other things. So, you may not think to check your antivirus or avoid suspicious phishing links.

Protect your devices before you go using:

  • Antivirus/anti-malware
  • DNS filtering
  • Screen lock with passcode
  • Sharing features turned off
  • VPN application
  • Find-My-Device feature turned on

 

Improve the Security of Your Devices Now

Don’t leave your company devices unprotected. Contact us today if you want to discuss your cybersecurity in greater detail. We can arrange a quick chat to discussed some options we have available that would help enhance your businesses security. Give us a call at 716-373-4467 x 115 or email us at info@databranch.com to learn more.

 

Article used with permission from The Technology Press.

 

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life that can have costly consequences for individuals. Hackers can steal identities, compromise bank accounts and even sell your credentials on the dark web.

Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data.

Hackers can breach your personal information and passwords without you knowing it. The time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress which is a popular online retailer that prints personalized items.

CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted.

As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company due to its careless security practices.

The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful, but what if you have other information beyond a password compromised?

It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Recent Breaches of Personal Information That May Impact You

Microsoft Customer Data Breach

On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame and the breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide.

2.5 Million Records Exposed in a Student Loan Breach

Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

  • Social security numbers
  • Email addresses
  • Home addresses
  • Phone numbers

The breach compromised the data of over 2.5 million loan recipients.

U-Haul Data Breach of 2.2 Million Individuals’ Data

Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach May Have Compromised 69 Million Accounts

You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked.

The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500.

One Employee Computer Causes a Marriott Breach

Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.

Unfortunately, the company shows a pattern of poor cybersecurity. Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.

Shield Health Care Group Exposes Up to 2 Million Records

In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data.

Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach

In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers.

8.2 million Current and Former Customers of Block Compromised

Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed. 

About 8.2 million current and former customers had their data exposed.

Crypto.com Breach Nets Hackers Over $30 Million

Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached.

The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

 

Are Your Credentials Out There?

Contact Databranch today at 716-373-4467 x 115 or info@databranch.com to learn more about protecting your personal data from a breach. We can help your business implement Multi-Factor Authentication or set you up with our Dark Web monitoring services. Visit out website here to learn more.

 

Article used with permission from The Technology Press.

If you follow Microsoft products, then you may know about Microsoft Ignite. Held annually, it generates many exciting updates and announcements in the Microsoft world.

Microsoft held its most recent conference last October. In the rush of the recent holidays, you may have missed some of the highlights. So, we’re bringing them to you now.

One thing you’ll notice is that Microsoft Teams got a lot of love at the event. Microsoft is now describing Teams as “the app at the center of Microsoft 365.” We can see why the company keeps enhancing this virtual workspace. Teams now has over 280 million users. It’s not surprising seeing that Microsoft has introduced over 450 new Teams features just in the last year.

We’ll go over some Teams features below, along with other Microsoft App announcements from Ignite. These may give you some ideas for your next digital workflow upgrade.

 

Teams Premium

There is a new Teams Premium offering from Microsoft that adds a whole new AI component to the platform. This service includes several AI-powered features. They make it seem like you have your own meeting assistant.

Some of the cool features include automatically generating chapters from a Teams meeting. The app also generates personalized highlights for you. This saves you from having to rewatch the meeting later.

If you’re meeting internationally, you can enjoy real-time translations for captions. Meeting guides is another new feature. It sets up your meeting options according to your needs.

 

360-Degree Intelligent Camera for Teams Meetings

SmartVision 60 is the first 360-degree, center-of-room intelligent camera. It has the ability to track the speaker as they’re moving. The camera is also due to have a people recognition feature coming soon.

Virtual meetings can feel much more like real meetings using SmartVision 60. Instead of just seeing a small video feed of one person, the movement of the camera can capture a whole team.

 

Cisco is Now a Certified Devices Partner for Teams Rooms

Those that are fans of Cisco meeting products will be pleased to know they now have more options. Microsoft announced that Cisco is now a Teams Room Certified Devices partner. You can now start Teams meetings across all certified Cisco meeting devices. 

 

Microsoft Places

One of the virtual workspace apps to support the new hybrid movement is Microsoft Places. This is a team management app that integrates with the rest of the Microsoft 365 ecosystem.

The office is still around, but for how long? Much of the world had to do things virtually during the pandemic. Many companies and employees found they like it better that way. Seventy-four percent of US companies have or plan to put in place a permanent hybrid work model.

Microsoft Places is one more way Microsoft is leading the hybrid office revolution. Some of the app’s features include:

  • Manage and track where employees are working (at home or in the office)
  • Track whether coworkers are away or available
  • Track physical room use to make strategic decisions

 

Hours & Location Feature in Outlook & Teams

Another feature announcement related to the hybrid working world is hours and location. This is a new capability added to Teams and Outlook to make it easier to schedule in-person meetings.

It can get tricky to plan in-person meetings when you don’t know who is working at the office and who is remote. If you plan without checking, you’re bound to alienate someone. They won’t be happy if they were planning to work from home that day.

The new hours and location feature allows people to specify where they are working. They can adjust this from hour to hour which takes the guesswork out of scheduling.

 

Loop App Private Preview

Another exciting app announcement that Microsoft made was about its Loop app. It stated that Loop entered private preview. This gives some organizations a chance to check it out.

Loop is a collaborative workspace app that helps teams ideate in a virtual space. All data pulled in from Microsoft 365 apps syncs automatically to stay up to date.

 

Microsoft Clipchamp Video Editor

You may have noticed an unfamiliar app popping up on Windows. Microsoft Clipchamp was formally announced at the Ignite event. It’s a quick and easy video editor for Windows PCs.

Have you ever felt frustrated trying to fix a video and not having the right tool to do it? Then you may want to take a closer look at what Clipchamp has to offer. It looks to have a fairly low learning curve.

 

Get Help Navigating the Microsoft 365 Universe

Microsoft 365 has come a long way in a short period. There are many different app integrations you can use to power your workflow, but it can get a bit complicated without an expert to help. Contact Databranch today at 716-373-4467 x115 or info@databranch.com, to schedule a Microsoft consultation.

 

Article used with permission from The Technology Press.

It is common for organizations to invest in preventative cybersecurity defenses. In fact, most organizations have technologies such as firewalls and anti-virus software that are designed to stop a cyber-attack. These controls certainly serve a purpose in fighting the war against cybercrime and should not be discounted.

But, cybersecurity professionals are recommending that we turn our attention to our ability to detect cybersecurity incidents and recover from them.

It makes perfect sense. The reality is that defending cyber-attacks is an incredibly hard task to do. Hackers are anonymous, perimeters are not physical, attacks are sophisticated, and the volume of cyber assaults launched every day is astounding. Defending cyber-attacks is a little like entering a cage fight blindfolded with one arm tied behind your back. Despite the best defensive efforts, you will get hit.

Hence the recommendation to invest the ability to recover from a cybersecurity incident. Of course we will continue to defend ourselves from cyber criminals, but we also recognize we are not fighting a fair fight, and that we will likely suffer a cyber incident at some point. The thought is simple, when we become a victim of cybercrime, we must be prepared to recover from the incident. 

If you do not regularly backup critical data and systems, then you must start doing so immediately. If you do not have a documented disaster recovery plan, then you must create one as soon as possible. In the process of creating a data backup strategy and disaster recovery plan, please recognize the nine most common mistakes made and more importantly, how you can avoid making them in your quest for recovery preparation. 

The 9 Mistakes

 

1. The Scope of the Backup is Incomplete 

It is very common to see a data backup that has very little strategic thought behind it. Evidence of this mistake presents itself in the form of:

  • Important Data, Applications, or Systems that are NOT included in the backup job(s).
  • All Data, Applications and Systems are backed up the exact same way – there are no priorities.
  • The time it takes to ACTUALLY recover lost or corrupt data is much longer than expected.
  • The point in time in which you are ACTUALLY able to restore to is too far in the past (I want to recover yesterday’s information, but I am only able to recover last month’s information!)

Avoid this mistake by classifying and prioritizing the data, applications and systems that need to be backed up. A Business Impact Analysis will identify critical sets of data and define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). This allows you to implement a backup job that supports lightning fast restore times for critical information.

 

2. Backups are Not Completed Automatically 

All too often we see backup jobs that require a person to manually start the backup. The process to start the backup job is usually very simple, like clicking a button. However , people forget to do it.

Backup jobs should always be automated. Automation eliminates human error or neglect and yields a much better chance of having a successful backup when you need it most.

With Datto you will receive daily backup verifications and screen shots of your virtual servers give you peace of mind and ensure that your backup data is working and accessible to you when you need it.

 

3. There is Only ONE Copy of the Backup 

There should always be more than one copy of your data backup. For critical systems, we recommend having three copies – for less critical systems, we recommend having two copies. The logic is simple, what happens if your data backup is lost, deleted or becomes corrupt? If you need to restore from backup, is it more comforting to have only one recovery source, or is it more comforting to have a few recovery sources?

 

4. Backups are Not Monitored for Success

So many businesses have a “set it and forget it” mentality about their data backup jobs. People rarely check to see if the backups are running successfully. For this reason it is important that your backup jobs are monitored very closely and if there are any errors (and there will be from time to time) that cause a backup job to fail.

There are many systems that are available to provide monitoring and alerting services for backup jobs. You must keep a close eye on your backups; otherwise you will find yourself in a very bad situation one day.

This is why Datto has implemented screenshot verifications for their users. This ensures that the backups are operating as designed and the users have peace of mind that their critical data is being saved in case of a disaster.

 

5. Backups are Not Kept Offsite

It is very common for data backups to be kept onsite, in the same physical location of the systems that are being backed up. While this practice is acceptable for some types of system failures (hardware failure, software corruption, etc.), it is a terrible idea for other types of failures. For example, if your building floods or burns – and your servers are severely damaged – do you think the backup media that was located right next to those servers will also be damaged? YES, IT WILL BE! For this reason, it is important to keep at least one copy of your data backups offsite, at a different physical location.

Not only will the Datto backup all your data to the device itself, but it will also backup everything to 2 separate offsite cloud storage locations. So in the event that the local device is destroyed, you can still access your information, even from a remote location. 

 

6. There is Insufficient Capacity for Backups

The backup job is 400GB, but your backup tape or drive is only 300GB. Capacity issues have a tendency to create sloppy and incomplete backup jobs. It is imperative that your backup media be sized and provisioned to not only support your current backup needs, but also allow for some element of growth over time.

Need help determining you backup size? A simple Capacity Planning exercise conducted by a Databranch engineer could be incredibly important to your overall backup strategy. Click here to request a meeting with one of our highly trained team members.

 

7. There is No Documented Disaster Recovery Plan

Often we see backup jobs that are working very well. Critical data is being backed up at regular intervals which support organizational RTO and RPO requirements. Then, disaster strikes. There is a power outage that fries the server, the network room floods, the building burns down, etc.

A backup job is only successful if data can be easily and quickly recovered. You need to have a recovery procedure documented! Typically this is in the form of a Disaster Recovery (DR) Plan. The plan should include important procedural steps involved in recovering lost data and should also indicate who is responsible for performing those steps once a disaster is declared.

If you choose to not have a documented DR Plan, then recovering from a disaster will be chaotic and frustrating at best! At worst? A disaster could cost you business thousands of dollars and could possibly cost you the business itself.

Interested in calculating the cost of downtime for your business? Check out our Recovery Time Calculator here.

 

8. There is No Process to Add or Remove Items from the Backup Scope

As new servers, applications and data repositories are added to your computing environment – they also need to be added to your backup job(s). It is very important to have a documented Data Backup Policy that outlines the process for adding or deleting components of the data backup job(s).

Without a policy, new systems may or may not be integrated into the backup job(s) effectively and old systems may never get removed. Once you have a great data backup job, you want it to stay great. This requires governance and oversight typically provided by good policies and procedures.

 

9. Backups are Not Tested; People are Not Trained

Data backup job(s) absolutely, positively need to be tested at least once a year – if not more frequently. A true test is the only way to verify that critical information can be restored if needed. More importantly, people (employees, vendors, etc.) should all be educated on the restore process, especially if they play a critical role in restoring lost or corrupted data. A common and effective way to provide this training is by conducting routine Table Top exercises where DR scenarios are presented to the recovery team and they have an opportunity to respond – without creating any service disruptions

 

Backup and Recovery Solutions

Avoid these common pitfalls and be confident in your ability to recover from most cyber security incidents. Invest in defense, and also in resiliency. Our backup recovery and disaster recovery solution ensures that your data is restored to its former state, with little to no downtime or interruption to your business.

Databranch monitors the success of every backup, and if there’s an issue, we’ll take care of it for you as part of the service. With a commitment to continually improve and serve, Databranch employees regularly go above and beyond to ensure complete customer satisfaction. Reach out to us today at 716-373-4467 x115 or info@databranch.com, you can rest assured that your data is in good hands.

 

 

Article used with permission from Cyberstone.

The global pandemic put a big emphasis on the need to run a business from anywhere. Enabling employees to work remotely requires cloud solutions. This includes collaborative platforms like Google Workspace and Microsoft 365. VoIP (Voice over Internet Protocol) phone systems have also become critical.

VoIP allows companies to stay in contact with customers and potential customers. Employees can work from anywhere and still answer the business phone line. Callers get a similar experience no matter where employees may be working, office or home.

When you have people working from home, those old landline systems are inefficient. This has led to a large movement by businesses to VoIP. Both for necessity and cost-savings.

According to Microsoft, 82% of organizations have reported saving money after implementing VoIP.

While VoIP is the way to go for the future, this doesn’t mean it’s foolproof. Companies that don’t set up their system efficiently, can experience issues. This includes things like dropped calls, low bandwidth, and features left unused.

If you’ve been struggling to make your cloud phone system more efficient, check out these tips below. They provide setup best practices for VoIP. Use these to positively impact your bottom line.  

 

1. Check Network Capabilities

You can’t just assume that you can enable a VoIP system, and all will be well. Your network may not be able to handle the extra bandwidth needs without adjustments.

Things you want to look at include jitter and packet loss. Additionally, review router settings to make sure it can handle peak traffic times. Experiencing dropped calls or choppy audio shows a need to address issues. These may include adjusting network hardware and/or increasing your ISP bandwidth.

 

2. Prioritize Your VoIP Software Using QoS Rules

Quality of Service (QoS) is a router settings area that allows you to say which traffic is most important. If QoS is not in place, it means resource issues. A large cloud backup could kick in and interrupt your calls because it’s taking up bandwidth.

QoS sets up “traffic lanes” that give priority to certain functions. You’ll want to have your VoIP software prioritized to get the bandwidth it needs. This avoids issues with less critical processes hogging up internet resources.

Using QoS keeps your calls smooth and improves the reliability of your cloud phone system. It’s also a good idea to use these rules for other important cloud activities.

 

3. Provide Quality Headsets for Your Team

A cheap headset can ruin the call experience for a potential customer. If someone calls in and can’t hear anything or gets choppy reception, they’ll quickly get frustrated. They will most likely figure that your company doesn’t have its act together.

Head off potential problems by issuing quality headsets for your team to use. Reach out to Databranch today at info@databranch.com if you need help finding a quality headset and verifying its compatibility with your phone models.

 

4. Set Up Departments & Ring Groups

One of the great features of VoIP phone systems is the ability to set up ring groups. You first set up your department groups (accounting, marketing, etc.). Then set the included employee extensions.

Creating a ring group allows you to have a call go to your customer support department as a whole. This is better than one person, who may be busy. That way, the whole group gets the ring, and the first available person can pick up.

Ring groups improve the caller experience by reducing the wait time. It can also mitigate the need for the caller to leave a voicemail and get stuck waiting on a callback.

 

5. Create Your Company Directory 

Auto assistants are extremely helpful and nearly all VoIP systems have them. First, you set up your company directory and then record messages to prompt the caller.

For example, you can set up a message that prompts them to input the last name of the person they are trying to reach. If they aren’t calling a specific person, they can be routed to a department.

While setting up a company directory takes a little effort upfront, it will save much more. You no longer will need to have someone specifically routing every call. Callers can also get to the person or department they need faster. This improves the customer experience and boosts office productivity.

When implementing a Hosted VoIP system with Databranch, our highly qualified engineers will create your directory and ring groups in the format you desire to give your business the most efficient calls possible.

 

6. Have Employees Set Up Their Voicemail & VM to Email

When you get out of a long meeting, going through a bunch of voicemails can take time. Instead of having to listen to each one to see which calls are a priority, you could simply read through them.

The voicemail to email feature in VoIP phone systems will automatically transcribe voicemails. They are then emailed to the recipient. This improves efficiency and eliminates wasted time having to listen to entire messages to know who called.

Have employees set up this feature with their extension and email address. Some VoIP systems also offer an option to have transcribed voicemails sent via SMS!

 

7. Train Your Team on the Call Handling Process

Don’t leave your employees to jump in and learn a VoIP system themselves. It’s important to train them on the features and the company calling process. This ensures that your team can enjoy all those time-saving features.

 

Get Help Enhancing Your Business Phone System

Need help improving your business phone system? Looking for a better customer experience? Reach out to Databranch today at 716-373-4467 x115 or info@databranch.com to schedule a consultation. We can help!

Our Rock-It VoIP Platform offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide. We also port your numbers so they stay the same and handle any upgrades, maintenance, and programming! Learn more about Rock-It VoIP here.

 

 

Article used with permission from The Technology Press.

Administrative Privileges Annual Security Training Anti-Virus Backup and Recovery Breaches business continuity Business Email Compromise Business Phone System BYOD Call Directory Cisco Cloud Infrastructure Cloud Security Cloud Solutions Compromised Credentials computer support Computer Upgrades Conditional Access Cyber Attacks Cyber Criminals Cyber Insurance Cyberattacks cybersecurity Cybersecurity Breach Cybersecurity Training Dark Web Monitoring Data Backup Data Backup Solution Data Breach Data Breaches data protection Data Recovery Device Security Disaster Recovery DNS Filtering doug wilson field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Internet Explorer IT Compliance IT Policies IT Security IT Services Juice Jacking Local Admin local admin privileges Lost Devices malware managed service provider managed services MFA Microsoft Microsoft 356 Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication New Computer Offboarding Office 365 Outlook Password Manager Password Managers Password Protection password security Passwords Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi RAM Ransomware repeatbusinesssystems Ring Groups Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Key SLAM Method Smishing SMS Social Media Security Solid-State Drive SSD stolen credentials Storage Teams technology best practices Technology Policies Technology Review Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Work Computers