Tag: backup

New Year, New Cyber Habits: Top 10 Cyber Hygiene Resolutions for 2023

Posted on by Greg Price in Articles

As the year’s first rays dawned, many of us uncorked the champagne, reflected on the past, and scribbled down those classic New Year’s resolutions. From hitting the gym (or at least stretching once in a while) to finally reading that book gathering dust on the shelf – the New Year has always been a beacon of fresh starts and renewed commitments. But why not add a resolution that can protect something incredibly valuable yet often overlooked? Your digital well-being.

Given that more of our lives are entwined with the digital realm, ensuring your cyber hygiene is as refreshed and revitalized as your new workout plan becomes crucial. Let’s dive into the top 10 cyber resolutions you should consider adopting this 2023:

  1. Password Perfect: No, “password123” is not a secure choice. Commit to strengthening and diversifying your passwords. Consider using a password manager, so you only need to remember one master password. With cyberattacks on the rise, this is akin to changing the locks on your front door.
  2. Two Steps Ahead: If you’re not using two-factor authentication (2FA) on your crucial accounts, it’s time to embrace it. Yes, it’s an extra step, but it’s also an extra layer between your data and potential hackers.
  3. Update and Elevate: Remember that pesky notification you’ve been swiping away for months? Updates aren’t just about introducing fancy new features; they often patch security vulnerabilities. Regular updates can be the difference between a smoothly running device and a malware-riddled one.
  4. Declutter Digital Desks: Much like that closet you’re vowing to clean, your digital space likely needs some tidying. Delete apps you no longer use, especially if they have permissions that access your personal data. A leaner device is often a safer device.
  5. Back It Up: Imagine spilling coffee on your device and realizing you’ve lost everything? Nightmare-ish, right? Regularly back up essential files to an external hard drive or cloud storage. If disaster strikes, you’ll have a digital safety net.
  6. Wi-Fi Wisdom: Free public Wi-Fi is tempting, especially when you’re sipping a latte and browsing. However, they’re also a playground for snoopers. If you must use one, avoid accessing sensitive accounts or use a VPN to cloak your activities.
  7. Email Enlightenment: Phishing scams are ever-evolving, but a touch of skepticism can go a long way. Questionable sender? Unsolicited attachments? When in doubt, don’t click. Think of it as digital stranger danger.
  8. Social Media Savviness: We love sharing, but oversharing can be perilous. From vacation plans to your pet’s name (often used as security answers), be wary of what you post. And while we’re on the topic, review those privacy settings.
  9. Educate and Advocate: Keep abreast of the latest in cyber threats and safety measures. Consider subscribing to a cybersecurity news outlet, the one you’re one is a good start. The more you know, the better you can protect yourself. And share the knowledge; after all, caring is sharing.
  10. E-Commerce Caution: Online shopping is a delight, but not when your credit card details end up in the wrong hands. Use trusted websites, always look for the ‘https’ in the URL, and consider using a credit card over a debit card for better fraud protection.

Tying it up with a bit of cheer – while cyber threats might sound like the plot of a sci-fi thriller, with proactive steps and awareness, they don’t stand a chance against you. Let’s raise our glasses (or coffee mugs) to not just a year of personal growth and achievements but also to a year of robust digital health and fortified cyber barriers.

So, go on, adjust those New Year’s resolutions. Slide in a few from the list above. Here’s to making 2023 not just prosperous and fulfilling, but cyber safe!

Stay updated, stay secure, and remember – a moment of prevention in the cyber world can save hours of digital heartbreak. Cheers to a cyber-smart 2023!

Deck the Halls with Tech: A Comprehensive Guide to Setting Up Your New Holiday Gadgets

Posted on by Greg Price in Articles

Ah, December – a month where carolers sing, lights twinkle, and folks eagerly tear into gift-wrapped boxes to discover the latest and greatest in tech. From Grandma’s new smartphone (Go, Granny!) to your cousin’s shiny smartwatch, the season of gadget gifting is upon us. But with great gifts come great responsibility, particularly in ensuring these devices don’t become the technological equivalent of tangled Christmas lights.

First Stop: Unboxing Joy (and Cables)

Remember the Christmas movie where the dad spends hours trying to untangle strands of lights? That’s you with your new device’s cables if you don’t approach this systematically. Lay out all components, and for the love of all that’s merry and bright, read the manual. Yes, I said it. It might seem as old-fashioned as fruitcake, but sometimes, those booklets do come in handy.

Securing Your Sleigh…I Mean, Device

After powering on, your immediate priority should be security. After all, you wouldn’t leave your Christmas cookies out for anyone but Santa, right?

  • Password-Protect: Choose strong passwords and avoid obvious choices like “password123” or “letmein.” If your reindeer can guess it, it’s not strong enough.
  • Software Updates: These are like the elves of the tech world. They work behind the scenes to ensure everything runs smoothly. Install any pending software updates as they often contain critical security patches.
  • Two-Factor Authentication: Like the double bolt on Santa’s workshop. It requires an additional step to access your device, making it harder for any Grinches to breach your accounts.

Connectivity: Making Sure Your Gadgets Play Nice

Ah, the joy of getting devices to talk to each other. It’s like trying to organize a reindeer game without Rudolph feeling left out.

  • Wi-Fi Woes: Ensure your home Wi-Fi is secure. Rename your network to something nondescript. “FBI Surveillance Van” might give your neighbors a chuckle, but it also gives away the brand and model of your router. Opt for something generic and boring.
  • Bluetooth Pairing: Keep Bluetooth off when not in use. You don’t want any unexpected guests connecting to your devices, much like how you might feel about that one distant relative dropping by unannounced.

App Management: Not Every App Deserves a Place on Santa’s Nice List

Be cautious of what apps you install. Some might be more interested in your data than in making your life easier. Think of them as the mischievous elves of the app world.

Some Final (Jingle) Bells and Whistles

  • Back-Up: Set up automatic backups. Because even Santa checks his list twice.
  • Limit Permissions: Not every app needs access to your camera, contacts, and location. Be stingy with permissions, like a Grinch with his roast beast.
  • Stay Informed: Subscribe to a trusted tech news site. It’s like getting weather updates from the North Pole, ensuring you’re always in the loop.

In Conclusion:

Sure, the holiday season might be about festivities and family, but it’s also an opportune time to show off our shiny new gadgets. Just remember, amidst the caroling and cocoa-sipping, that while your devices might come with some assembly (and frustration) required, a little patience and humor can go a long way. After all, if Santa can travel the globe in a single night, you can certainly set up your new tech in an afternoon.

So, as you plug in, set up, and dive into your new devices, may your Wi-Fi be strong, your passwords be complex, and your tech-related headaches be minimal. Happy Holidays and tech the halls safely!

Ransomware Strikes Again

Posted on by Greg Price in Articles
Greg Price

Various Federal and cybersecurity advocates have released numerous announcements this year, highlighting the increase in ransomware attacks in the United States. Many of the notices indicate that the rise in ransomware attacks is directly related to attacks on enterprises: the large targets are paying substantial amounts of money to regain access to their data. And, as a result, the cybercriminals are expanding their “business”.

While the increase in attacks is likely correct, the troubling issue is the continued increase in successful attacks. The bad guys are winning and gathering financial gain in the process.

On November 18, Louisiana found itself, once again, in a painful situation. Ransomware struck the state networks and resulted in a decision to shutter various agencies in order to reduce the spread of the ransomware. The governor’s office indicated that the Departments of Health, Children and Family Services, Motor Vehicles, Transportation and Governor John Edwards were closed as a result of the attack.

The state’s cybersecurity response team was activated and moved quickly to contain the ransomware. Based on various reports, the team isolated the malware and began an aggressive server restore process.

A statement indicated that no data loss occurred and no ransom was paid.

Several researchers revealed that the attack was similar to one on Louisiana’s public school systems in July. The ransomware was a variant of the popular Ryuk malware.

The real story here is Louisiana’s response: no ransom payment. The team was able to contain the situation, and, due to a careful eye to proper backups, restored operations. The disruption may have been annoying, perhaps inconvenient, but the message was very clear: the disaster recovery plans worked. As a result, the bad guys’ efforts were wasted. Chalk one for the good guys and adhering to good computing hygiene.

As I’ve mentioned before, sometimes the best practice is a solid, tested defense. Louisiana could have poured millions of dollars into the latest shiny object or expensive consultants. Instead, they created a method for containing cyber attacks and built a strong cyber hygiene program, all of which are predicated on two things: updating software and following a rigorous backup routine.

So, speaking of updates, the would-be bad guys are actively impersonating Microsoft.

According to online reports, a spam campaign has been launched, offering a Windows 10 update.

The malware is disguised within the fake Windows 10 update, likely the Cyborg ransomware. When installed, instead of Windows 10, you will have a locked PC and a demand for ransom.

Given that Microsoft releases patches routinely and aggressively pushes the Windows 10 platform, impersonating a Windows 10 update is a clever way to trick users.

But, here’s the thing. Microsoft never announces updates or provides downloads to its software through email links.

What should you do if you receive one of the Microsoft Windows 10 update email messages?

Delete it. Don’t forward it, don’t preview it, don’t open with your mobile device. Just delete it.

Despite the increased attacks to large enterprises, the largest volume of successful ransomware attacks continue to occur with individual users and small businesses.

So, how do you build a solid defense to ransomware?

Start with some basic computer hygiene.

Pay attention to email, avoid opening unsolicited attachments, don’t click on emailed links. Additionally, stop sharing data via fistfuls of thumb drives. There are many efficient and secure methods for sharing files: consider Microsoft’s OneDrive, Google Drive, Dropbox, as examples.

Next, avoid running pirated, or, stolen software.

If you download files via torrent sites or enjoy “borrowing” software from pirated software sites, you’re not only likely breaking many laws, but, you’re exposing yourself to untrusted software, all of which could be loaded with malware. Use licensed software or download open source tools from trusted sites.

And, of course, keep your software updated.

Backup your files frequently and properly. Most modern devices include an online backup service – enable the service for your devices and review that all of your important files are backing up correctly.

Despite all of our efforts to have a good defense and adhere to best practices, there is still a chance that we all can fall victim to a scam and end up with an infected or broken device. Having your files backed up properly is the best way to avoid losing your data or having to run the risk of paying a hefty ransom.

As the holiday season approaches, the scammers will be more vibrant than ever. Below are a few items to help you increase your awareness and hygiene to avoid the most common of email scams.

First, be cautious, even paranoid with links.

Don’t click on email links, especially if you find the content questionable or suspicious. Hover over the link and see if the link’s actual address matches its display name. Also, open a web browser and visit the site directly: type the link into the browser and avoid clicking the link completely.

Second, watch for grammar and typographical issues.

Since the beginning of phishing and scam messages, typos and grammar problems have drawn attention to the legitimacy of the messages. Old, or, dated images often suggest problems as well. Reputable companies don’t send poorly-written inquiries.

Lastly, use multi-factor authentication.

If you fall victim to an impersonation attack and offer your credentials, at least with two-factor, you will have a parachute, of sorts. If two-factor is available use it and pay close attention to the requests you receive for the second form of verification. If you receive one and you didn’t initiate the request, don’t approve it.
Pay attention to the basics and enjoy a safer computing experience.

Be safe.

Protect Your Business Continued

Posted on by Greg Price in Articles
Greg Price

Last week I referenced the Verizon breach report and some of the key observations among the data.

Small businesses are a favorite target for cyberattacks.

I offered two “stacks” of suggestions: the easy-to-do stack and the more-difficult stack.  Each stack represents best practices for improving your cybersecurity posture and reducing data breach risk.

The “easy” stack included suggestions for raising employee awareness, managing backup routines, enabling automatic updates, upgrading password hygiene, and strengthening physical security.

The “difficult” stack is heavy with policy and planning.

Verizon’s report revealed that an incredible sixty percent of small businesses that suffered a data breach were closed within six months of the cybersecurity event.

Why?

Obviously, cost and damage to reputation account for many of the closures.  However, given that small businesses often operate on razor thin margins, and, owners are also operators, time is a precious resource.

As a result, expending time on building technology usage plans and incident response plans are not front-burner priorities.  Making payroll and improving revenue are vital to the business’ success, not a plan that may never be used – at least, that’s a common thought.

However, let’s suppose you operate a business that is dependent upon mechanical devices.  Your ability to produce is dependent upon machines, and, more specifically the efficient operation of those devices.

If a device breaks, many small businesses owners have the expertise to repair their equipment themselves, in fact, their knowledge of the functional side of a business is often the value they depend upon for success.  Manuals and a network of knowledgeable resources complement what the owner may lack.

What happens when a data breach occurs?

Choose your own adventure – a hacker breaks into your business software and steals customer data.  Or, a ransomware attack is successfully deployed via an email and all of your computers and cash registers are broken.  Or, perhaps, a thief smashes a window and walks away with your server.

What do you do?

If a piece of vital equipment broke, you’d employ your knowledge, or, knowledge network to repair the device.

In other words, you would launch a repair plan.

The same must exist with your IT operations.  A plan is needed, especially if IT isn’t your core business function.

Enter the IT plans.

A written security policy is necessary for modern businesses.  In some instances, a security policy is a regulatory requirement.

In Alabama, the new data breach notification law requires that businesses evaluate and implement reasonable security measures – a security policy/plan will assist in those efforts.

While there’s no penalty for not being proactive, if a breach results, your situation will not be enhanced by not having a written security policy.

A good security policy outlines how you manage customer data, how you protect it, and, if an incident occurs, what you do to respond.

I suggest considering the plan as a blueprint for you and your employees: if something goes wrong, it’s a basic manual for controlling the situation.

A good starting place for policies are templates designed by security experts.  Free templates are available at https://www.sans.org/security-resources/policies.

Review the policy templates and tailor them to your specific needs.  Share them with your employees and review them, at least annually.

Encryption is another must.

Encryption of your data reduces the likelihood of the data being read by an unintended recipient.  Most modern operating systems provide a mechanism by which you can encrypt your local data.  By enabling local encryption on your office devices, you reduce data loss through physical theft.  If someone breaks into your office and steals a computer, an encrypted device presents a formidable challenge to the thief.  Similarly, using encryption for accessing email and other sensitive systems is important.  If you employ a commercial email product, encryption is always included in the solution, simply verify that it is enabled.

Backups, part two.

I mentioned the importance of backups last week.  However, in addition to establishing a backup routine and testing the quality of your backups, there are a few additional items to consider.

The purpose of a backup is to restore lost data.

If your backup solution doesn’t encrypt your data, you should enable backup encryption.  If a data thief gains access to your backups, if they aren’t encrypted, you’ve provided a nice package that enables easy theft of volumes of data from one location.

Also, consider your backup strategy.

Are you depending on a local device for backup, such as an external hard drive, tape?  Do you depend on a cloud backup, such as Microsoft OneDrive?

Redundancy is important.  If you backup data to a local external hard drive, that’s great – make sure it’s encrypted and stored safely.  But, what do you do if the hard drive fails?  What do you do if your cloud provider is down when you need to restore lost data, or, if your internet service provider is experiencing problems?

Redundancy provides extra protection and can be accomplished very simply.  In fact, for small businesses, the tools are often available with current software subscriptions, the features simply need to be activated.

And, lastly, data destruction and life cycle should be reviewed.

Don’t hoard electronic data.  If you have no regulatory requirement or business need to maintain copies of unused data, get rid of it.  Dispose of the data properly, use verified tools for deletion of the data.  By doing so, you reduce the amount of data that a would-be bad actor can access, and, make your systems run more efficiently.

Last week’s small, easy tasks will enhance your security posture quickly.

This week’s suggestions require more planning and thought.  However, there are many free sources for technology, security plans, and, most modern software provide the enhanced features that I mentioned.

Be safe and protect your business and your customers’ data.

Protect Your Business

Posted on by Greg Price in Articles
Greg Price

When web presences began to take off, it was debatable what constituted an effective site. Thirty years later, I hear the same questions being asked. Do updated graphics and imagery attract more customers? Does frequently-updated content bring customers to your site? Does intuitive navigation make any difference? What about mobile compatibility? Adaptive needs support? Search engine placement? Social media presence?

The list is extensive, seems to repeat every few years, or, whenever a new platform or service emerges.

All of those items are important to a successful business presence, especially a business that is driven by an online customer base. And, you shouldn’t neglect securing your online business presence.

However, I’d argue that there are other items of equal, perhaps, more significant importance when evaluating your business technology operations.

Not paying attention is a problem in different avenues. Technology is synonymous with change. If you use technology and expect that technology to simply keep running, need no maintenance, you’re setting yourself up for failure.

Your information technology is no different than mechanical devices. Information technology requires attention. Complacency with all technology will result in poor performance, and, ultimately, failure.

Verizon produces an annual data breach investigation report. The information housed within the report is outstanding and terrifying.

Small businesses are a favorite target for cyberattacks.

According to the most recent Verizon report, almost two-thirds of all cyberattacks were directed at small businesses and individuals. The average cost for a business to recover from a successful cyberattack exceeded $400,000. And shockingly, nearly sixty percent of all business go out of business within six months of a successful cyberattack.

In the same report, a survey revealed that ninety percent of small businesses don’t use any data protection at all for company and customer information.

Wow. Ninety percent of small businesses do not use any software or service to protect data.

I’m not a website expert, but, I’ll offer this: it doesn’t matter how pretty your website’s images are or how well you place in search engines results, if you can’t protect your business data and customer data, you won’t be in business long. Similarly, your Twitter account might be on fire, but, if you hemorrhage data, your social media site will become a collection of outdated memes and twisted puns.

So, what are you to do? How do you protect your business and your customers?

Ordinarily, this is where a list would emerge. A top ten, or, top five delineation of chores to review or pursue.

For this discussion, let’s keep things simple. We have two stacks: the easy items and the more difficult items.

Let’s start with the easy stack.

Raise employee awareness. Human error accounts for a sizable portion of the successful cyberattacks. If you fail to inform your employees about the importance of data management and securing information, you shouldn’t be surprised that they open all email attachments and click every link in every email messages. Set the stage with commonsense advice: beware of fake invoices, don’t open unsolicited email attachments, don’t click on peculiar links, ask for help before “trying” a new app on your work device. If you train staff to spot and report security concerns, you will create a solid defense.

Backup your data. Often. Yes, more than once a month.

Regular backups are necessary. If you experience a ransomware attack, loss of storage systems, a recent backup will have you up-and-running quickly. That is, if you also test your regularly-occurring backups.

You only cover half the field by starting a frequent backup process. If you don’t test those backups, you cannot have confidence in the process.

Backup frequently and test regularly.

Install anti-virus and anti-malware software and enable automatic updates and scans. This is an easy, low-cost protection. Yes, the software will slow your computers. Would you rather the computers work slowly or not at all?

Update your software, especially the operating system. Modern operating systems can install and update patches automatically. If your business efforts can accommodate a fast, frequent patching process, enable automatic updates. If you have a business need to review the patches and install manually, schedule at least once per month.

Use complex passwords, passphrases. Don’t use easy passwords, just don’t. The would-be bad guys enjoy easy passwords – they’re the gift that keeps on giving. Where available, enable two-factor authentication. Often, the service is included in modern software – turn it on and turn up the difficulty to breaking into your systems.

Survey your paper documents and how you store your various computing devices.

Do you have paper scattered everywhere? Are filing cabinets locked? Are computers locked and secured to a heavy structure? Do employees walk around with USB thumb drives? Do you shred all discarded documents?

Physical security is vital. Not all theft of data occurs through a cyberattack. Crafty criminals will dig through trash, collect items from desks, take photos of computer screens, or, walk out the door with a computer.

And lastly, don’t allow personal devices on your networks. You have too much to worry about already as a small business owner. Your employees’ cellphones aren’t your concern and shouldn’t have access to your business network. Eliminate the security risk by refusing to allow the devices.

Small, easy tasks will enhance your security posture quickly.

And now, let’s move to the more difficult stack. Be safe and we will continue next time.

Secure You

Posted on by Greg Price in Articles
Greg Price

This article was originally published in The Tropolitan on October 16, 2019.

Held each October, National Cybersecurity Awareness Month is a collaborative effort between government and industry. The primary goal of the effort is to provide citizens access to resources to stay safe and secure online, all while strengthening the Nation’s cyber posture.

In short, we seek to raise cybersecurity awareness among the consumers of technology.

The 2019 theme is “Own IT. Secure IT. Protect IT.”

As an individual, you play a vital role in the security of not only your own information, but those of your communities. Whether at work, school, or recreation, the importance of taking proactive steps to enhance cybersecurity can’t be understated.

I’ve worked in a variety of capacities in cybersecurity for over 25 years. As a security practitioner, I’ve witnessed firsthand the incredible potential and danger of technology.

Continue reading “Secure You”