Blog - Cyber One Solutions

ByCOS Webmaster

Cybersecurity threats are no longer just a big company problem

The cybersecurity landscape has changed — what was once considered “just a large company” problem now affects companies of all sizes. While many small business owners continue to operate under the belief that security breaches only impact large businesses — likely a result of the intense media focus on massive security breaches like Equifax, Apple, and Target — this could not be further from the truth.

Attacks on small- and medium-sized businesses (SMBs) are on the rise and the associated costs can be detrimental to their business. In fact, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 according to a study conducted by the Ponemon Institute. Meanwhile, the average cost of the disruption to normal operations increased from $955,429 to $1,207,965.

In response, SMBs worldwide are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market.

Security: A critical piece of your managed services offering

Today, security should be a central focus for every managed service providers’ (MSP) offering. Protection for endpoints, firewalls, and email — once standard with most MSP offerings — are no longer enough to protect against the top cybersecurity threats.

With cybercriminals becoming more sophisticated and targeting SMBs, tactics like ransomware, data breaches, and phishing attacks can overwhelm these traditional solutions that used to suffice. To protect your customers from security events that could cause downtime, work stoppage, or worse, you need to safeguard your customers’ solutions to mitigate as much risk as possible. Remember, cyber issues affect more than you and your customer. Your customer’s customers and their suppliers will also be impacted.

When someone breaches your customer’s systems, they could access all critical systems and data. If this happens in a regulated industry like healthcare, financial, industrial, or government, the impact could easily go beyond financial losses due to work stoppage. For example, if confidential patient data is exposed — a breach of HIPAA requirements — the event could trigger investigations, digital forensics, and litigation.

If a customer is breached, the MSP will be questioned and required to participate in any investigations. If the customer has cyber insurance, the insurance company will do its own investigation before paying out against the claim. On average, the cost of a data breach is $148 per record. This cost, combined with downtime and work stoppage, would be devastating to most businesses, but especially a small business.

Strengthening security postures

As you think about how to strengthen your customer’s security posture, it’s important to realize that this is not something that you can throw a bunch of tools at to fix. Instead you should begin with people and processes. As estimated in the same Ponemon research study, 54 percent of data breaches are the result of employee or contractor negligence. This correlates with nearly half of the attacks being executed through phishing and social engineering.

Conducting security awareness training is a relatively easy way to expand your services while reducing your customer’s risk.

An even more effective tactic is performing a cybersecurity risk assessment for your customer. This will help to identify gaps in your customer’s critical security controls and determine actions to overcome any vulnerabilities. Most importantly, it will give you the opportunity to have a conversation about the risks, who owns it, and what needs to be done to address it.

Having honest conversations with your customers about risks and vulnerabilities will help you protect their business as well as your own. Regardless of the services that you offer, your customers will hold you responsible for keeping them secure and protecting their data.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#business #cloud #company #cyber #cybersecurity #gocyberone #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #techtalktuesday #wemakeIThappen

ByCOS Webmaster

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

how to hack instagram password

Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users.

Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions.

Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities.

Some vulnerabilities have recently been patched, some are still under the process of being fixed, and many others most likely do exist, but haven’t been found just yet.

Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete control over it.

Discovered and responsibly reported by Indian bug bounty hunter Laxman Muthiyah, the vulnerability resided in the password recovery mechanism implemented by the mobile version of Instagram.

The “password reset” or “password recovery” is a feature that allows users to regain access to their account on a website in case they forgot their password.

On Instagram, users have to confirm a six-digit secret passcode (that expires after 10 minutes) sent to their associated mobile number or email account in order to prove their identity.

That means, one out of a million combinations can unlock any Instagram account using brute force attack, but it is not as simple as it sounds, because Instagram has rate-limiting enabled to prevent such attacks.

However, Laxman found that this rate limiting can be bypassed by sending brute force requests from different IP addresses and leveraging race condition, sending concurrent requests to process multiple attempts simultaneously.

“Race hazard (concurrent requests) and IP rotation allowed me to bypass it. Otherwise, it wouldn’t be possible. 10 minutes expiry time is the key to their rate limiting mechanism, that’s why they didn’t enforce permanent blocking of codes,” Laxman told The Hacker News.

As shown in the above video demonstration, Laxman successfully demonstrated the vulnerability to hijack an Instagram account by quickly attempting 200,000 different passcode combinations (20% of all) without getting blocked.

“In a real attack scenario, the attacker needs 5000 IPs to hack an account. It sounds big, but that’s actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.”

Laxman has also released a proof-of-concept exploit for the vulnerability, which has now been patched by Instagram, and the company awarded Laxman with $30,000 reward as part of its bug bounty program.

To protect your accounts against several types of online attacks, as well to reduce your chances of being compromised where attackers directly target vulnerable applications, users are highly recommended to enable “two-factor authentication,” which could prevent hackers from accessing your accounts even if they somehow manage to steal your passwords.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#business #cloud #company #cyber #cybersecurity #gocyberone #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #techtalktuesday #wemakeIThappen

ByBrian Carrico

Keep your Valuables Safe

Greetings Customers and Followers.  I thought I’d personally share my recent experience with my Vehicle Theft in hopes that it reminds you just how vulnerable our data and personal belongings really are.  I recently took my family to the Main Event in Webster Texas for some evening bowling, laser tag and arcade games.  We arrived at 7 PM.  While we were inside, a group of thieves were breaking into my 2018 GMC Denali truck.  When we walked out at 11:00 PM, the truck was completely gone.

After discovering the truck was missing from the parking lot, we called the Dispatch at the Webster Police Department and OnStar. OnStar received a “tamper” alert at 7:58 PM and was immediately disconnected from OnStar’s system.  Completely off the radar of their network.  The officer listed the truck as stolen and we all took an Uber home.

Fast forward to yesterday…  Here’s the real WOW.  I received a call from Webster PD that Houston PD recovered my vehicle.  I immediately called my insurance claims adjuster which informed me that I would need to go out and sign a release on the Vehicle to them.  Take a look at what was left of the truck:

Before Pictures:

After Pictures:

Thankfully there were no credit cards, storage devices or any other sensitive information in the vehicle at the time it was stolen.  As a friendly reminder, always keep your credit cards, drivers license, passports, social security cards/numbers and other sensitive information safe.  If you travel with data, ensure it’s encrypted.  Thieves are out there and they can take your valuables in the blink of an eye.

ByCOS Webmaster

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month

florida ransomware attack

In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City.

Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin (equivalent to $573,300 at the current value) to unlock phone and email systems following a ransomware attack that crippled its computer systems for two weeks.

The ransomware attack, dubbed “Triple Threat” since it combines three different methods of attack to target network systems, infected Lake City systems on June 10 after an employee in city hall opened a malicious email.

Though the IT staff disconnected computers within just 10 minutes of the cyber attack starting, it was too late. The attack locked down the city workers’ email accounts and servers.

Since the police and fire departments operate on a different server, they were the only ones not impacted by the attack. While other Lake City networks are currently disabled, Public Safety services remain unaffected by this attack.

The unknown hackers contacted the city’s insurer and negotiated ransom payment of 42 bitcoins, currently $573,300. Lake City officials voted on Monday to pay the ransom to regain access to their important files.

The ransom payment would be mostly covered by insurance, although $10,000 would be incurred by taxpayers.

“Our systems are shut down, but there is no evidence to indicate any sensitive data has been compromised. All customer service payment data, such as credit card data, is stored off-site by third-party vendors and would not have been accessed by an attack like this on our network,” said City Information Technology Director Brian Hawkins

The ransomware attack crippled the city’s computer systems for at least three weeks after which the Riviera Beach City Council authorized the city’s insurer to pay a ransom of 65 Bitcoin ($897,650 at today’s value) to regain access to their locked systems.

Federal authorities and cybersecurity experts have always advised victims not to pay ransoms since it encourages cybercriminals, and also there’s no guarantee of your files or computer systems being completely restored.

Instead of paying hackers a ransom, organisations, and companies should have robust backups of their important and required files and data as well as educate their employees to avoid being a victim of any cyber attack.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#business #cloud #company #cyber #cybersecurity #gocyberone #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #techtalktuesday #wemakeIThappen

ByCOS Webmaster

Small businesses are increasingly looking to MSPs

Research suggests that the already substantial MSP market is growing at a fast clip. That’s because more companies are choosing to outsource their IT functions, especially as the technology mission changes to managing cloud services and building an increasingly automated environment.

To give you a sense of the market potential, a recent report by ResearchAndMarkets.com found that overall worldwide IT spending was expected to reach $2.8 trillion by 2023, and the MSP portion of that was expected to reach 11 percent, which translates into a substantial sum of money.

While you may want to take these figures as guidelines, they at least give you a sense that this is a growing market with a ton of potential. As smaller companies look to adopt more modern technologies, it’s becoming increasingly difficult to do so on their own. Many smaller organizations would prefer to concentrate on their core businesses, rather than the technical side of things, and that is contributing to a growing market.

Times are changing

As SMBs move away from boxed software and on-premises client-server environments, companies will be looking to you to guide them to the cloud future. In fact, the report found that many businesses are more than happy to pay MSPs to help manage all of the complexity associated with that for them. The report states, “MSPs will be one of the fastest-growing routes to market as more businesses seek MSP support in moving to the cloud.”

Another report from ResearchAndMarkets looked more closely at Western Europe, but its general findings could apply anywhere. For instance, the report found that small businesses with between 10 and 250 employees are the core target market for MSPs. These are the companies that really benefit the most from these kinds of services. Further, the report found that, “IT and managed services, infrastructure, and business applications account for over 75 percent of revenue for MSPs and are expected to deliver further revenue growth.” You want to make sure that these are core strengths as you move forward, if they aren’t already.

However you choose to look at these numbers, they at least give you a sense that the market is growing. There is a big opportunity for MSPs, especially in partnering with SMBs, and that has to be good news for everyone.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#business #cloud #company #cyber #cybersecurity #gocyberone #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #techtalktuesday #wemakeIThappen

ByCOS Webmaster

5 Cybersecurity Tools Every Business Needs to Know

Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users.

Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store.

2018 saw a slew of data breaches targeting large enterprises that resulted in the theft of the personal and financial records of millions of customers.

Falling victim to cyber attacks can deal with a major financial blow to businesses as the cost of dealing with an attack has risen to $1.1 million on the average. It can even be more devastating for small to medium-sized businesses.

60 percent of these smaller operations close within six months after failing to recover from cyber attacks. But aside from these monetary costs, companies can also lose credibility and their customers’ confidence.

Needless to say, businesses must improve the protection of their infrastructures and networks against cyber attacks.

Fortunately, the cybersecurity space has been continually working on developments to keep pace with evolving threats. Here are five tools that businesses should consider adding to their arsenal to boost their defenses.

Log Analysis — XpoLog

XpoLog Log Analysis Software

Companies must know what is exactly happening within their infrastructures. Fortunately, computers and digital devices have logging mechanisms built in that record most, if not all, computing processes that transpire within them. Logs can reveal patterns and trends that can be indicative of a security breach or malware infestation.

However, since log files are essentially dumps of information stored in plain text format, performing log analyses manually can be a painstaking process.

A way to effectively tap into logs is by using a log analysis tool like XpoLog. The solution collects log files from sources such as servers, endpoints, and applications in real-time.

Using artificial intelligence (AI), it then parses and analyzes the information contained in these logs in order to identify alarming patterns. Insights generated from the analysis can readily inform administrators of any problems that warrant attention.

Application and Data Protection — Imperva

Imperva Application Data Protection

Attackers are constantly probing infrastructures, so it’s critical to have mechanisms that immediately prevent malicious traffic from accessing key network resources such as web applications and databases.

This can be done through the use of web application firewalls (WAFs) and data protection services.

Imperva has been a leading name in WAF and distributed denial-of-service (DDoS) attack mitigation. Most organizations now maintain hybrid infrastructures consisting of on-premises devices and cloud components such as instances, storage, and data warehouses.

Imperva’s WAF can be deployed to protect these resources. It profiles traffic and transactions conducted and prevents malicious traffic and actions from accessing these components.

Penetration Testing — Metasploit

metasploit framework

Integrating security tools into the infrastructure is one thing; checking if they actually work is another.

Companies shouldn’t wait for actual cyber attacks to happen to find out if their solutions are properly implemented. They can be proactive about and test their defenses themselves.

Administrators can perform penetration testing by using frameworks such as Metasploit. It’s an open source tool that can be configured to scan for exploits and even deploy a payload to vulnerable systems.

Metasploit also features select evasion tools that could potentially circumvent existing security measures. It can be used on Windows, Linux, and Mac OS X systems.

Discovering gaps in security gives companies a chance to remedy these issues before an actual attack actually strikes.

Anti-Phishing — Hoxhunt

Hoxhunt Anti-Phishing Software

The human element continues to be the biggest vulnerability in a company’s cybersecurity chain.

Over 90 percent of security breaches are found to be caused by human error. This is why cybercriminals still actively employ social engineering attacks such as phishing to try and compromise infrastructures.

Such attacks trick users into giving up their credentials or installing malware into their systems.

HoxHunt addresses this by teaching users how to check if an email is a phishing message or if a website is malicious.

Companies can train users using simulated phishing attacks. Hoxhunt’s AI-driven engine even personalizes these attacks to copy how real-world attacks look like.

Users can report these attacks through a special plugin, and they get immediate feedback on how well they’ve performed.

Fraud Detection — Riskified

Riskified Fraud Detection Software

Not all attacks seek to breach and steal information from companies. Businesses also have to be wary of fraud attacks.

Hackers and fraudsters now have access to millions of valid personal and financial information from previous data breaches that they can easily manipulate business’ e-commerce channels, costing merchants billions of dollars globally.

Solutions like Riskified offer comprehensive means to prevent online fraud throughout the course of an online transaction.

Riskified uses machine learning to analyze each transaction and only allows legitimate orders to be processed. It also provides a dynamic checkout feature that automatically adjusts based on a customer’s risk profile, providing various means for customers to verify their purchases.

For instance, a customer with a higher risk profile may be asked to perform additional verification steps without denying transactions outright.

Investments Required

An effective cybersecurity strategy demands that businesses cover all possible areas that can be exploited by attackers. This requires adopting a comprehensive set of tools and solutions that would keep their infrastructures secure. Implementing and integrating these solutions do require spending.

But considering the costs that falling victim to cyberattacks bring, it’s only prudent to make these investments. It’s simply the reality of doing business in this highly digital landscape.

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#business #cloud #company #cyber #cybersecurity #gocyberone #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #techtalktuesday #wemakeIThappen

ByCOS Webmaster

You cannot afford to offboard employees without a cloud backup solution

Most people don’t realize that having a reliable cloud backup in place is not only an effective way of securing company data, but also allows for more efficient business processes. One example of this is in the case of off-boarding an employee.

3 ways cloud backup simplifies the employee off-boarding process

  1. Unlimited data retention ensures you are always protected

Cloud backups can secure your data for as long as you need it to. If you’re operating in a highly regulated industry where audits are common and you cannot afford data loss, cloud backups ensure that you can offboard employees worry-free.

  1. Cloud backup conserves deleted contacts

Employees will frequently erase files, delete emails, and/or empty their recycle bins before leaving a company. In most cases, once an employee does this and leaves your company, the data is almost always irrecoverable and gone forever. Even a native Office 365 backup won’t be able to protect you in scenarios like this. Having a reliable cloud backup in place enables your MSP to ensure that all your files are still accessible after an employee leaves your company, regardless of how many days have passed since that time.

HAVING A RELIABLE #CLOUDBACKUP IN PLACE ENABLES YOUR #MSP TO ENSURE THAT ALL FILES REMAIN ACCESSIBLE AFTER AN EMPLOYEE LEAVES YOUR COMPANY, REGARDLESS OF HOW MANY DAYS HAVE PASSED.

  1. Out of place file restore eliminates unnecessary stress

What happens if your new employee needs access to a specific mailbox, email conversation, or set of OneDrive or Dropbox files that your last employee was handling? Cloud backup makes that easy with point in time or out of place restore. This feature allows you to painlessly grab any file you need at any point in time and restore it to a mailbox or location of your choice.

Cloud backup saves resources and effort

I don’t need to tell you how cumbersome and exhausting off-boarding employees can be when you are managing it entirely through the native process. Having a proper cloud backup system in place will help make your employee offboarding process simple, so you can focus on running your company at maximum efficiency.

Want some more tips for implementing a cloud backup solution? Give us a call at 281-672-8035 and we’ll help you get started.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

#company #cyber #cybersecurity #gocyberone #houston #houstonbusiness #htx #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #wemakeIThappen #cloudbackup #cloudmanagement #offboarding #office365

ByCOS Webmaster

Looking to gear out your office?

MICROSOFT

The $9,000 Surface Hub 2S Is a Gigantic Windows Touchscreen With Special Wheels to Scoot Around on

Photo: Sam Rutherford (Gizmodo)

It seems like every day there’s someone in a fancy office talking about how teamwork and collaboration is the key to success. And yet, most of us are still stuck with the same infuriating video conferencing tools that make people want to give up.

But the Microsoft Surface Hub 2S feels a bit different, a bit more advanced, and it might actually deliver on the promise of making collaborating with your coworkers just a bit less painful.

Here’s the 50-inch Surface Hub 2S with Steelcase’s Roam stand.

By moving a few latches around and disconnecting the cords, the Surface Hub 2S can also be used in portrait mode. The back half of the Roam’s storage compartment is reserved for the Hub’s battery, but the front can be used to store cables, papers, and whatever else you need for a meeting. There’s so much synergy going on.

Sporting a big 50-inch screen with a 3840 x 2560 resolution and a 4K webcam, the Surface Hub 2S has everything you need to see up to four teammates at approximately life size all at once in full HD. But the real advancement for the Surface Hub 2S is when you pair it with one of Steelcase’s rolling stands and a built-in battery designed by APC—well-known makers of uninterruptible power supplies. Then, the Surface Hub 2S becomes a portable screen that’s damn simple to drag around to wherever you need it.

Featuring an estimated battery life of around 100 minutes, the Surface Hub 2S should be able to make it through a whole meeting without being plugged in, though in most cases, that’s probably overkill as you’ll only need to unplug it when moving from one conference room to another. And because the Surface Hub won’t shut off when you yank out the cord, you don’t have to worry about losing your work if you need to move that big screen around.

But the most impressive thing about the Surface Hub 2S is just how slick it is. In Microsoft’s Whiteboard app, there’s a tool that can automatically read your handwriting, and then automatically “beautify” it so that anyone you work with isn’t forced to try to decipher your chicken scratch. Then there’s another feature that can import a regular picture, and then transform it into a digital drawing, as if it had been inked in the Whiteboard app.

Of course, like the rest of Microsoft’s recent computers, the Surface Hub 2S comes with full precision Windows Ink support and an included stylus. Also, I have to mention I appreciate the Surface Hub 2S’ matte screen, which does a good job of cutting down on reflections while also giving it a nice texture for sketching or jotting down notes.

And in case a 50-inch screen just isn’t enough, there’s also an 85-inch version of the Surface Hub 2S that Microsoft cleverly designed so that when the smaller version is set up in portrait mode, it lines up perfectly with an 85-inch model in landscape orientation.

That said, I can’t comprehend where this tech finds its market. With a starting price of $9,000 for the 50-inch model, the Surface Hub 2S is anything but cheap, even for large businesses. And that’s before you figure in Steelcase’s wheeled $1,450 Roam stand, which with its built-in storage area for the Hub 2S’ battery, is kind of an essential accessory.

But if you’re an IT manager with a lot of money looking to gear out your office, the Surface Hub 2S might be the most ballin’ collaboration tool Microsoft has come up with yet.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#company #cyber #cybersecurity #gocyberone #houston #houstonbusiness #htx #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #wemakeIThappen

 

ByCOS Webmaster

540 Million Facebook User Records Found On Unprotected Amazon Servers

facebook app database leak

It’s been a bad week for Facebook users.

First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

…the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.

The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called “At the pool”—both left publicly accessible on the Internet.

facebook app database

 

More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.

The second dataset belonging to “At the Pool” app contains information about users’ friends, likes, groups, and checked-in locations, as well as “names, plaintext passwords and email addresses for 22,000 people.”

Though UpGuard believes the plaintext passwords found in the database were for the At the Pool app, and not for users’ Facebook accounts, given the fact that people frequently re-use the same passwords for multiple apps, many of the leaked passwords could be used to access Facebook accounts.

“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today,” experts at UpGuard said.

Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.

This is not the first time third-party companies have collected or misused Facebook data and sometimes leaked it to the public.

The most famous incident is the Cambridge Analytica scandal wherein the political data firm improperly gathered and misused data on 87 million users through a seemingly innocuous quiz app, for which the social media giant is facing £500,000 EU fine.

Though Facebook has since then tightened up its privacy controls ensuring apps use their access appropriately, the social media company is still facing intense pressure and criticism for not doing enough to offer better privacy and security to its 2.3 billion users.

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

 

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.

#company #cyber #cybersecurity #gocyberone #houston #houstonbusiness #htx #informationtechnology #managedsecurity #managedsecurityservicesprovider #managedservices #managedservicesprovider #support #tech #wemakeIThappen

ByCOS Webmaster

5 Essential Cybersecurity Practices for Small Business Owners

5 Essential Cybersecurity Practices for Small Business Owners

We live in a time when major data breaches make news headlines on an almost daily basis.

We know that Yahoo, for example, agreed to a $50 million settlement in relation to a 2013 breach that impacted about 50 million users.

This works out to a measly $1 per user, but the lawsuits against the disgraced internet giant keep piling up. The more scandalous Marriott data breach, which was reported in late 2018, has already attracted estimates of $600 million in losses.

Even your small business is at risk online, but you can use the right cybersecurity precautions to safeguard your assets. Use these essential cybersecurity practices to get started and make your business safer now.

Small business security risks

Airbus and Equifax have also made recent headlines related to cyber attacks and data breaches, but what about small businesses? According to research conducted by the United States Cyber Security Alliance, an alliance between public private companies whose board members include executives from ADP, Comcast, Microsoft, and Google; small business owners have a lot more to lose when it comes to cyber attacks.

The CSA estimates that 60 percent of small business owners will have to call it quits less than a year after being hit with a cyber attack, and chances are that no headlines will be published about them.

The reality is, no business is safe from modern cyber risks and smaller companies really do have a lot more to lose for the following reasons:

Smaller targets are more enticing to certain cybercrime outfits because they are more likely to have inadequate protection.

Unfortunately, law enforcement agencies and prosecutors do not pay much attention to cyber attacks perpetrated against small businesses, even when they feature identity theft.

Pursuant to the above, smaller companies are more vulnerable to fines imposed by regulators should there be compliance issues arising from a data breach.

With all this in mind, information security should be a priority for small business owners who use the internet, especially if they handle customer data, at some point. One example would be ecommerce stores. Information security is complex, but paying attention to the basics can go a long way to make your small business safer.

Here are five essential recommendations:

1. Consulting IT security professionals

A combination of American optimism and early business success can result in overconfidence, and this can be detrimental to information security. A fashion boutique owner who easily gets into ecommerce through a platform such as Shopify may pay too much attention to other business matters, while ignoring potential cyber security risks.

Information security at the small business level is not as easy as launching an ecommerce website using a theme, installing plugins, and learning your way around a content management system (CMS). To this end, you should strongly consider a security audit from an IT security firm, especially if you’re the entire IT department.

For enterprise businesses, third party audits can be expensive – but not for small businesses. You can protect your website from attack using plugins like Wordfence, and monitor your audit log files using something like an activity log plugin. Tools such as these are “on guard” 24/7, monitoring your site and alerting you of anything that looks suspicious. Using tools is not quite the same as hiring a team of security analysts, but it’s a “good enough” solution for most small business owners.

Cyber security

2. Create a security plan and stick to it

A security audit invariably includes an evaluation of existing plans, or the formulation of a new one. Operating a small business without the benefit of a security plan is risky. At the very minimum, the company should identify what information is sensitive, where it is stored, how it should be protected, and what measures should be followed to secure it.

The plan should become company policy, which means that all employees are expected to follow it. Depending on the size of your company and its operations, you may also have to design training sessions to ensure that all staff members are on the same page.

3. Prevent data loss with a backup strategy

The intensity of ransomware attacks – hacks designed to block access to a computer system until a sum of money is paid, like holding a computer to ransom – has not subsided in 2019. In January, one of these attacks resulted in the delay of print editions of major newspapers such as the Baltimore Sun, Los Angeles Times and Chicago Tribune. Things could have been worse for the Tribune publishing empire: the company operates a solid data backup system that enabled it to recover without having to worry about making ransom payments.

Keep in mind that a data backup strategy is only as good as its recovery component, which means that you should test the integrity of the data replication and recovery processes from time to time.

4. Pay attention to endpoint security

What is endpoint security? Every time a client or customer remotely connects to a business network, it creates another path through which the network could be attacked.

Your website content sits in a data center, so it effectively becomes an “endpoint” just like the desktops, laptops, tablets, and smartphones you use to access your content management system (CMS). Any attacks that happen against the data center could compromise your website.

A CMS, such as WordPress, makes it easier to manage a website. With traditional web design and administration, you need to know a bit of coding – HTML and a bit of PHP –  to make web pages look nice. With a CMS, anyone can change the website, add content, and upload pictures, all with the click of a button. Despite its popularity, WordPress has a long list of CMS vulnerabilities and more are discovered each month.

Therefore, you should prioritize secure hosting before looking into any other solutions. Your host is the foundation upon which all else rests. If it’s not secure, then it doesn’t matter what CMS nor plugins you use. Before downloading security plugins or hiring someone to audit your site, it’s important that you choose a hosting company that makes security a top priority.

When evaluating hosting services, take a good look at the default CMS of your hosting company. Platforms like Drupal are known for having great security teams, but Joomla less so. Don’t be shy about paying extra for additional endpoint security if your website directories contain sensitive information.

5. Insurance protection against cybercrime

The online platforms you use to operate and promote your company also serve as launching pads for hackers to ply their wicked trade. It’s virtually impossible to implement security strategies that are 100 percent foolproof.

Since there’s always a risk associated with online business operations, it makes sense for you to think about cyber insurance coverage. The idea is to transfer risk, and cover as much of the expenses arising from cybercrime as possible.

If you would not think of putting a vehicle to work on behalf of your company without a commercial auto insurance, the same line of thinking should be extended to your online operations.

Cyber insurance policies should be evaluated based on how business is conducted within your company. For example, an inbound call center is more vulnerable to social engineering attacks, which means you should prepare your staff adequately. Social engineering attacks are those that target the people who use or manage a system – the “gatekeepers” –  rather than attacking the system directly.

 

Protect your small business against online threats

Small business owners should guard against complacency when it comes to security, lest they become part of the 60 percent who suffer a data breach that shuts down operations permanently.

The good news is that implementing good cybersecurity practices is not a Herculean task. You just have to decide to do it. Now would be a good time.

 

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

 

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.