We live in an era where organizations are increasingly aware of the ever-changing cybersecurity landscape. Despite billions of dollars invested worldwide to fend off cyberthreats, cybercriminals still manage to penetrate even the strongest security defenses.

They relentlessly exploit vulnerabilities with one primary target in mind — employees. Cybercriminals perceive employees as the weakest link in an organization’s cybersecurity perimeter. However, you can address and shore up this vulnerability through proper training.

Strengthening employee security awareness is paramount in safeguarding your business. In this blog, we’ll look at why employees are prime targets for cybercriminals and explore the critical significance of enhancing their security awareness. By recognizing vulnerabilities, we can proactively mitigate risks and empower your workforce to actively defend against cyberattacks.

The Vulnerabilities Within

Is your organization dealing with any of the following?

Lack of Awareness

One of the key reasons employees fall prey to cybercriminals is their limited knowledge of common cybersecurity threats, techniques and best practices. Cybercriminals can launch phishing attacks, malware infections and social engineering ploys by exploiting this knowledge gap among your employees.

Privileged Access

Employees often hold privileged access to critical systems, sensitive data or administrative privileges that cybercriminals crave. By compromising your employees’ accounts, cybercriminals can gain unauthorized access to valuable assets, wreaking havoc within your organization.

Social Engineering Tactics

Cybercriminals are masters of manipulation, leveraging social engineering tactics to deceive employees into disclosing sensitive information, sharing login credentials or unwittingly compromising security measures. These tactics can exploit human emotions, trust and curiosity, making your employees unintentional accomplices in cybercrime.

Bring Your Own Device (BYOD) Trend

The rising trend of BYOD can expose your organization to additional risks. Employees accessing business information and systems from personal devices that often lack the robust security controls of company-issued devices create vulnerabilities that cybercriminals can exploit.

Remote/Hybrid Work Challenges

The shift towards remote and hybrid work arrangements introduces new security challenges for businesses like yours. Unsecured home networks, shared devices and distractions can divert employee focus from cybersecurity best practices, increasing their susceptibility to attacks.

Best Practices for Developing an Engaging Employee Security Training Program

To fortify your organization’s security, implement an engaging employee security training program using these best practices:

Assess Cybersecurity Needs

Understand the specific cybersecurity risks and requirements your organization faces. Identify areas where employees may be particularly vulnerable.

Define Clear Objectives

Set concrete goals for your training program, outlining the desired outcomes and essential skills employees should acquire.

Develop Engaging Content

Create interactive and easily digestible training materials for your employees. Use real-life examples and scenarios to make the content relatable and memorable.

Tailor Targeted Content

Customize the training to address your organization’s unique challenges and risks. Make it relevant to employees’ roles and responsibilities.

Deliver Consistent, Continuous Training

Establish a regular training schedule to reinforce cybersecurity awareness and foster a culture of ongoing learning. Keep your employees up to date with the latest threats and preventive measures.

Measure Effectiveness and Gather Feedback

Continuously evaluate your training program’s effectiveness through assessments and feedback mechanisms. Use the data to refine and improve the program.

Foster a Cybersecurity Culture

Encourage employees to take an active role in cybersecurity by promoting open communication, incident reporting and shared responsibility for protecting company assets.

Collaborate for Success

Investing in employee security awareness can transform your workforce into a formidable line of defense, safeguarding your business from cybercriminals and ensuring a more resilient future.

Ready to empower your employees as cybercrime fighters but unsure where to start?

Contact Databranch today at 716-373-4467 x6 or info@databranch.com. We can discuss our Breach Prevention Platform and Security Awareness Training with simulated phishing tests that engages your team and strengthens your organization’s defenses against evolving cyberthreats.

Read More

Once upon a time, our most precious assets were confidently protected behind layers of security defenses. Cash was neatly stacked in a cast metal safe which was bolted to the floor of the building. Customer lists and bank records were locked in a filing cabinet and only accessible to the person who had the key. Human Resource records were protected by the shelter of the impenetrable HR office door.

Then, digital electronics revolutionized the typical business office. Instead of accessing records from a locked filing cabinet, employees now used computers to navigate a digital file system which contained an abundance of information – much of it considered to be confidential. The sensitive documents that were once tangible and secured behind a physical lock and key were now accessible in digital format and stored in the data network for end users to access.

Security controls such as passwords and file permissions were established to protect the confidential information in its new digital format. This was a time however, when computing devices were stationary and did not typically leave the confines of the physical office. Employees would report to the office for work, log onto their computer, and only then – be granted with access to confidential information. The data that companies treasured most rarely – if ever – left the building.

The same statement cannot be made today. Mobile computing devices are very popular and can be found in most corporate computing devices. Employees are no longer forced to work on a computer that is tethered to the floor beneath their office desk. Laptops and tablets have provided employees with the freedom and flexibility to work from just about anywhere. Mobile devices have also changed the corresponding security landscape too.

The Customer Lists, HR records and Bank Statements are now leaving the building.

The 2 Significant Risks Associated with Mobile Computing Devices:

People lose them and people steal them.

The most common item stolen by thieves is cash, the second is electronic devices. So, what happens when the hotel maid swipes your work laptop or tablet? Or, what if it’s accidentally left at a train station or airport?

The answer to both questions is simple: Someone now has a device that contains sensitive and confidential business information. Chances are that “Someone” is not a trusted entity at all. Many data breaches start with a stolen work device. The stolen property is then compromised, and the thief has the ability to use or sell the stolen data.

There is no doubt that mobile computing devices pose a real security challenge. We have grown accustomed to the elasticity they provide and it is unreasonable to think we will revert back to using the stationary computer we once used at our desk. Laptops and tablets are here to stay.

Human beings will continue to lose these devices and criminals will continue to steal them. Although we can fight to minimize these occurrences through effective awareness training, the reality is that we will not be able to prevent them all together. 

However, there are security controls you can put in place to help minimize your businesses risk when it comes to laptops and tablets.

Use a VPN

Free Wi-Fi may be a welcome site when you’re on the road, but it can also be dangerous. You don’t know who else is using that Wi-Fi. A hacker hanging out on the connection can easily steal your data if you’re not protected.

It’s better to use either your mobile carrier connection or a virtual private network (VPN) app. VPN plans are inexpensive and will keep your data encrypted, even if you’re on public Wi-Fi. It is highly recommended that VPNs are secured using Multi-Factor Authentication, this provides an additional layer of security against threat actors.

Visit our website here to learn more about VPNs and what factors to consider when choosing a plan.

Backup Your Data

Don’t lose all your work data with the device! Back up your devices to the cloud or local storage before you travel. This ensures that you won’t lose the valuable information on your device. 

Need help with a Data Backup and Recovery plan for your business? Contact us today or visit our website to learn more.

Restrict Privileges 

Local Admin Privileges allow employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.

This can be convenient, but poses a major cybersecurity risk.

If a device is stolen and the thief were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers. 

Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.

Visit our website here to learn more about Local Admin Privileges.

Databranch Can Help

There are key digital solutions we can put in place to keep your business safer from online threats. Contact us today at at 716-373-4467 x115 or info@databranch.com to schedule a chat about mobile security.

Content provided curtesy of Cyberstone.

Read More

No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)

These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that along with lost customer trust. A business could also have extensive legal costs associated with a breach.

Visit our website here to see what the cost of downtime would be for your business.

According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.

Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.

It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.

Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack. 

All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.

Cybersecurity Tactics to Reduce the Impact of a Breach

Use a Hybrid Cloud Approach

Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.

Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.

What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.

Put in Place a Disaster Recovery Plan & Practice It

You don’t need to be a large enterprise to create an Disaster Recovery (DR) plan. The DR plan is a set of instructions for employees to follow should any number of cybersecurity incidents occur.

Along with this, it is the Business Continuity Solution put in place by the business to monitor backup processes, implement recovery objectives and restore your data to its former state.

Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. DR plans improve the speed and effectiveness of a response in the face of a security crisis.

Having a practiced Disaster Recovery plan reduces the cost of a data breach by an average of $2.66 million per incident.

Need help setting up your Disaster Recovery plan? We’re ready to help you with a custom-built business continuity solution that meets the needs of your unique business. Give our experts a call at 716-373-4467 x115 or click here to get started.

Adopt a Zero Trust Security Approach

Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:

• Multi-factor authentication
• Application safelisting
• Contextual user authentication
• Restricting administrative privileges

Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach. 

Use Tools with Security AI & Automation

Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.

Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.

Here at Databranch, we use a number of automated remote monitoring tools that will inspect your system 24/7, 365 days a year to help prevent attacks from happening to your organization. Click here to learn more.

How to Get Started Improving Your Cyber Resilience

Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.

Databranch will even help you put together a roadmap to achieve this in the most efficient way possible. Address the “low-hanging fruit” first. Then, move on to longer-term projects.

As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.

A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.

Need Help Improving Your Security & Reducing Risk?

Working with Databranch can take the cybersecurity burden off your shoulders. Contact us today at 716-373-4467 x 115 or info@databranch.com to discuss your security needs.

Article used with permission from The Technology Press.

Read More

When the year is coming to a close, it’s the perfect time to plan for the future. Most businesses begin the year with the hope of growing and improving operations. Much of how a business operates depends on technology. So, it makes sense to look to your IT for areas of optimization.

A year-end technology review provides an opportunity to look at several areas of your IT. The goal is to take time to focus on improvements you can make to boost your bottom line. As well as what tactics to take to reduce the risk of a costly cyberattack.

A recent study by Deloitte looked at digitally advanced small businesses. Small businesses that make smart use of technology are well ahead of their peers. Here are some of the ways they excel:

• Earn 2x more revenue per employee
• Experience year-over-year revenue growth nearly 4x as high 
• Had an average employee growth rate over 6x as high

The bottom line is that companies that use technology well, do better. They are also more secure. According to IBM, businesses that have an incident response plan reduce the costs of a data breach by 61%. Using security AI and automation can lower costs by 70%.

As the year is coming to an end, take some time to do a technology review with one of our experienced team members. This will set you up for success and security in the coming year.

Considerations When Reviewing Your Technology at Year-End

The goal of a year-end technology review is to look at all areas of your IT infrastructure. Security, efficiency, and bottom-line considerations will be the key drivers for future initiatives.

Technology Policies

When technology policies get outdated, people stop following them. Review all your policies to see if any of them need updating to reflect new conditions. For example, if you now have some staff working from home, make sure your device use policy reflects this.

When you update policies, let your employees know. This gives them a refresher on important information. They may have forgotten certain things since onboarding.

Disaster Recovery Planning

When is the last time your company did an incident response drill? Is there a list of steps for employees to follow in the case of a natural disaster or cyberattack?

Take time to look at disaster recovery planning for the new year. You should also put dates in place for preparedness drills and training in the coming months.

Interested in learning more? Click here to read about the backup recovery and disaster recovery solutions we have available to protect your business.

IT Issues & Pain Points

You don’t want to go through a big IT upgrade without considering employee pain points. Otherwise, you might miss some golden opportunities to improve staff productivity and wellbeing.

Survey your employees on how they use technology. Ask questions about their favorite and least favorite apps. Ask what struggles they face. Let them tell you how they feel technology could improve to make their jobs better.

This, in turn, benefits your business. It can also help you target the most impactful improvements.

Privileged Access & Orphaned Accounts

Do an audit of your privileged accounts as part of your year-end review. Over time, permissions can be misappropriated. This leaves your network at a higher risk of a major attack.

You should ensure that only those that need them have admin-level permissions. The fewer privileged accounts you have in your business tools, the lower your risk. Compromised privileged accounts password open the door to major damage. Read more about local admin privileges and the associated risks.

While going through your accounts, also look for orphaned accounts. You need to close these because they’re no longer used. Leaving them active poses a security risk.

IT Upgrade & Transformation Plans for the New Year

If you make IT upgrades and decisions “on the fly” it can come back to bite you. It’s best to plan out a strategy ahead of time, so you can upgrade in an organized way.

Have a vulnerability assessment performed. This gives you a list of potential problems your company should address. Eliminating vulnerabilities improves your cybersecurity and planning ahead will allow you to budget for your upgrades while avoiding unplanned expenses

Request your free baseline security assessment here.

Cloud Use & Shadow IT

Review your use of cloud applications. Are certain apps hardly used? Do you have redundancies in your cloud environment? A review can help you cut waste and save money.

Also, look for uses of shadow IT by employees. These are cloud applications that are being used for work but did not go through approval. Management may not even be aware of them. Remove this security risk by either closing the accounts or officially approving them.

Customer-Facing Technology

Don’t forget to look at the customer experience of your technology infrastructure. Go through your website and contact process as a customer would.

If you get frustrated by things like site navigation, then your customers and leads may be too. Include optimizations to your customer-facing technology in your new year plans.

Schedule a Technology & Security Assessment Today!

We can help you with a thorough review of your technology environment to give you a roadmap for tomorrow. Contact us today at 716-373-4467 x 115, info@databranch.com, or fill out the form below to see how we can make the most out of your technology infrastructure for next year.

Article used with permission from The Technology Press.

Read More

What are Local Admin Privileges?

Many companies allow their employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.

Users generally enjoy the freedom that local admin rights provide, especially in a company with limited IT personnel. Instead of waiting for an available IT worker, you can go into your computer and make the adjustments that you desire.

However, providing users with local admin rights will leave holes in your cybersecurity. 

Why You Should Reconsider Local Admin Privileges

1. Prevents Malware from being Downloaded

Restricting users’ ability to install software not only prevents them from installing unnecessary programs onto their computer, but it can also stop an employee from accidentally clicking and installing malware.

Employees come into contact with malicious software more than they realize. This could be through an attachment on a phishing email, a malicious website link, or if they decided to scroll through social media on a company device.

Around 66% of cybercriminals rank email phishing as their attack vector of choice. Unsuspecting employees may be fooled by an illegitimate email without thinking twice. Without local admin privileges, then there is an increased chance the malware will be stopped since the employee doesn’t have the authorization to install software onto their computer.

2. Decreases the Privileges for Potential Hackers

If a hacker were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers. 

Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.

Restricting local admin privilege’s for your employees is a great way to decrease cybersecurity threats from happening in the first place. However, security measures like Password Managers or using MFA can decrease the damage done by a hacker if a computer were to be compromised. 

According to Microsoft, MFA can block over 99.9% of account compromise attacks. This means that even if a hacker knows your credentials, they will not be able to log in because they won’t have access to your MFA code.

If this is something you are interested in setting up for your organization, give us a call at 716-373-4467 or email info@databranch.com. 

3. Minimizes the Risk of Costly Downtime

Receiving malware or having a hacker breach your security system could cause your company to shut down while the issue is being resolved. All the time you could have been spending working on a project, closing a deal, or procuring new clients is now lost. 

This could also result in your businesses reputation taking a hit. Clients will wonder why you’ve had to close for days, weeks, or maybe even months. Plus, you may have to discuss security risks with some clients if their personal information was leaked during the breach.

Interested in calculating what the cost of downtime could be for your business? Click here for Databranch’s Recovery Time Calculator.

4. Prevents Restricted Files and Accounts from Being Edited

Accidentally clicking the wrong button happens to the best of us. You could be reviewing some important client files when your finger slips and presses the delete button by mistake. You may not notice right away and by the time you realize and try to get your information back, it’s too late.

Restricting local admin privileges allows a company to control which files can be modified, deleted, or moved. 

On top of this, restricting users’ ability to modify accounts and files not only prevents employees from making a mistake but also prevents hackers from altering your companies settings as well. A hacker who has breached an account with local admin privileges could secretly make an account for themselves or even disable antivirus software. 

Solutions

Principle of Least Privileges

Adopting the Principals of Least Privilege is a great addition to a companies security portfolio. This is when a business only gives their employees the minimum level of access privileges that are needed to fulfill their job requirements. 

If the employee needs to download additional software or update a program on their computer, they will need to have IT personnel log into their administrative account and make these adjustments for them.

Here at Databranch, we not only believe in the Principle of Least Privileges but we actively practice it. None of our employee login accounts have local administrative privileges. 

MFA and Password Managers

Enabling MFA and utilizing Password Managers is another great way to stay on top of cybersecurity for your business. These applications are easy to use, relatively inexpensive, and extremely beneficial to a company.

Want to talk to an IT Professional about any of the topics covered in this article? You can contact us at today at 716-373-4467 x 15 or info@databranch.com to set up a meeting, or simply fill out the form below and one of our team members will contact you. We would love to talk about your cybersecurity and how we can help you enhance it.

Read More