Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for, so the user often assumes that they don’t need to worry about security because it’s handled.
This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure but the user is responsible for configuring security settings in their account properly.
Problems with misconfiguration are the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake because it hasn’t adequately secured its cloud application.
Perhaps they gave too many employees administrative privileges or, they may have neglected to turn on a security function that would have prevented the downloading of cloud files by an unauthorized user.
Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 shed light on how common this issue is. Around 45% of organizations experience between 1 and 50 cloud misconfigurations per day.
Some of the main causes of misconfiguration are:
- Lack of adequate oversight and controls
- A team lacking security awareness
- Too many cloud APIs to manage
- No adequate cloud environment monitoring
- Negligent insider behavior
- Not enough expertise in cloud security
Use the tips below to reduce your risk of a cloud data breach and improve cloud security.
Enable Visibility into Your Cloud Infrastructure
Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use.
When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team.
How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous and why they often result in breaches due to misconfiguration.
Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.
Restrict Privileged Accounts
The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability, such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers.
Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.
Click here to learn more about the risks associated with Administrative Privileges.
Put in Place Automated Security Policies
Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches.
For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place.
Use a Cloud Security Audit Tool (Like Microsoft Secure Score)
How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk.
Use an auditing tool, like Microsoft Secure Score. You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps.
Set Up Alerts for When Configurations Change
Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:
- An employee with elevated permissions accidentally changes them
- A change caused by an integrated 3rd party plug-in
- Software updates
- A hacker that has compromised a privileged user credential
Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off.
If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation.
Have a Cloud Specialist Check Your Cloud Settings
Business owners, executives, and office managers usually are not cybersecurity experts and no one should expect them to know how to configure the best security for your organization’s needs.
It’s best to have a cloud security specialist from Databranch check your settings. Thinking about moving your applications from your local server to the cloud? We can help ensure that they’re set up to keep your data protected without restricting your team.
Improve Cloud Security & Lower Your Chances for a Data Breach
Most work is now done in the cloud, and companies store data in these online environments. Don’t leave your company at risk by neglecting to review your cloud security configuration. Contact Databranch today at 716-373-4467 x 115 or firstname.lastname@example.org to set up a cloud security assessment.
Article used with permission from The Technology Press.
Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.
Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach. Including remediating a malware infection or compromised account.
Cybersecurity insurance policies will cover the costs for things like:
- Recovering compromised data
- Repairing computer systems
- Notifying customers about a data breach
- Providing personal identity monitoring
- IT forensics to investigate the breach
- Legal expenses
- Ransomware payments
Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year.
No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well. About 60% of small businesses close down within 6 months of a cyber incident.
The increase in online danger and rising costs of a breach have led to changes in this type of insurance. The cybersecurity insurance industry is ever evolving and businesses need to keep up with these trends to ensure they can stay protected.
Here are some of the cyber liability insurance trends you need to know about.
Demand is Going Up
The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.
With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.
Premiums are Increasing
With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%.
The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive. This is at the same time as they are more necessary.
Certain Coverages are Being Dropped
Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government. Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.
Insurance carriers are tired of unsecured clients relying on them to pay the ransom, so many are excluding ransomware payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned.
If a cybersecurity incident occurs, does your business have a recovery plan? If not, reach out to Databranch today to get started.
It’s Harder to Qualify
Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include:
- Network security
- Use of things like multi-factor authentication
- BYOD and device security policies
- Advanced threat protection
- Automated security processes
- Backup and recovery strategy
- Administrative access to systems
- Anti-phishing tactics
- Employee security training
You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this.
This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.
So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.
Need Help Making Sense of Cybersecurity Policies?
Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should. If you’re considering cybersecurity insurance, don’t go it alone. Contact us today at 716-373-4467 x 115 or email@example.com, we can explain the policy details and provide guidance.
Article used with permission from The Technology Press.
Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.
Electronics now hold just as much personal information and banking information as your wallet does, probably more. This makes a lost or stolen device a cause for alarm.
It’s often not the device that is the biggest concern. It’s the data on the device and the ability of the device holder to access cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.
There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.
If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.
In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
The Minutes After the Loss of Your Device Are Critical
The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.
What Types of Information Does Your Device Hold?
When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:
- Photos & videos
- Access to any logged-in app accounts on the device
- Passwords stored in a browser
- Cloud storage access through a syncing account
- Text messages
- Multi-factor authentication prompts that come via SMS
- And more
Steps to Take Immediately After Missing Your Device
As we mentioned, time is of the essence when it comes to a lost mobile device. The faster you act, the more risk you mitigate for a breach of personal or business information.
Here are steps you should take immediately after the device is missing.
Activate a “Lock My Device” Feature
Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.
What about “find my device?”
There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!
Report the Device Missing to Your Company If It’s Used for Work
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked.
Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.
Log Out & Revoke Access to SaaS Tools
Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc.
Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option.
This disconnects the device from your account so the thief can’t gain access.
Log Out & Revoke Access to Cloud Storage
It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection.
They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.
Active a “Wipe My Device” Feature
Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.
Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.
How We Can Help
No matter what size company you have, mobile device management is vital. Get in touch with us today at 716-373-4467 x 15 or firstname.lastname@example.org to arrange a quick chat to learn more about your options and how we can help you identify and address any potential security risks.
Article used with permission from The Technology Press.
One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out and get replaced by new tools. Continuing to use discontinued technology can leave computers and networks vulnerable to attacks.
While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach.
Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach.
Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.
Important reasons to keep your technology updated to a supported version are:
- Reduce the risk of a data breach or malware infection
- Meet data privacy compliance requirements
- To keep a good reputation and foster customer trust
- To be competitive in your market
- To mitigate hardware and software compatibility issues
- To enable employee productivity
Older systems are clunky and get in the way of employee productivity. The efficiency of your employee is only as good as the technology they are working on. Slower machines mean a decrease in progress which can negatively impact your business over time.
Dig you know that 49% of surveyed workers say they would consider leaving their jobs due to poor technology?
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use within your business?
Get Rid of This Tech Now If You’re Still Using It
1) Internet Explorer
Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers shadowed it out. Including its replacement, Microsoft Edge.
Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022.
2) Adobe Flash
Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.
The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.
3) Windows 7 and Earlier
Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020.
While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.
4) macOS 10.14 Mojave and Earlier
Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.
If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple and you should consider an upgrade.
5) Oracle 18c Database
If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.
The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.
6) Microsoft SQL Server 2014
Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. Plus, in July of 2024 all support, including security updates will stop.
This gives you a little more time to upgrade before you’re in danger of not getting security patches. However, it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.
Get Help Upgrading Your Technology & Reducing Risk
Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. You can also contact Databranch today at 716-373-4467, email@example.com , or fill in the form below to set up a vulnerability assessment.
Request your Free Baseline Security Assessment here:
Article used with permission from The Technology Press.
Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.
With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.
Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.
How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).
It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.
What are the Three Methods of MFA?
When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same. There are key differences that make some more secure than others and some more convenient.
Let’s take a look at what these three methods are:
The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user.
The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered.
2. On-Device Prompt in an App
Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at login, but rather than receiving the code via SMS, it’s received through the app.
This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.
3. Security Key
The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.
The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.
Now, let’s look at the differences between these three methods.
What is the Most Convenient Form of MFA?
Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?).
This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.
If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based MFA.
Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.
What is the Most Secure Form of MFA?
If your company handles sensitive data in a cloud platform, such as your online accounting solution, then it may be in your best interest to go for security.
The most secure form of MFA is the security key.
The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.
The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.
A Google study looked at the effectiveness of these three methods of MFA at blocking three different types of attacks. The security key was the most secure overall.
Percentage of attacks blocked:
- SMS-based: between 76 – 100%
- On-device app prompt: between 90 – 100%
- Security key: 100% for all three attack types
What is in Between?
So, where does the app with an on-device prompt fit in? Right in between the other two MFA methods.
Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than needing to carry around a separate security key that could quickly become lost or misplaced.
Looking for Help Setting up MFA at Your Company?
Multi-factor authentication is a “must-have” solution in today’s threat climate. Let’s discuss your barrier points and come up with a solution together to keep your cloud environment better secured.
Contact Databranch today at 716-373-4467 x15 or firstname.lastname@example.org, we’d be happy to help you out.
Article used with permission from The Technology Press.