March Malware-Ness: March Madness Cyber Security Tips

March Madness is here! And when the basketball madness starts, so do phishing attacks. Increased web traffic and public interest around March Madness is the perfect chance for hackers and cyber criminals to impersonate popular bracket websites and online betting organizations. The number of phishing attacks also increases. So, it is in your best interest to be an educated and cyber aware fan.

In 2018, it was reported that traffic activity from users streaming games online and checking bracket updates increased by 28% compared to 2017. According to several monitoring sites, there was also an increase in overall malicious activity related to the tournament and a clear upward spike in phishing pages, adware downloads, and improper handling of user data.

It seems likely that these cyber-attacks will continue during this year’s tournament. Because of its popularity, there’s a good chance that they could occur on your business network. Especially if you have any employees or coworkers that are avid sports fans.

We know how difficult it can be to avoid the temptation of checking your bracket at work. Or watching game highlights in between meetings!

However, if you are educated and aware of what to keep an eye out for, you can overcome the sneakiest of hacking attempts. Be a cyber aware fan with these safety tips.

March Madness Cyber Security Tips

  • Unless you personally signed up for a contest, survey, or poll via email, avoid the invitation to participate. Try to only engage with content from reputable websites.
  • If you are involved in a tournament bracket, enter the site URL into your browser directly. Hackers can disguise viruses as harmless looking links.
  • Don’t click on any links in emails if they seem too good to be true. Also, watch out for spelling or grammar mistakes.
  • If you plan to live stream any games, please do so from a reputable site. Clicking on a random link you saw on Facebook can spell trouble.

Please contact us to learn more about our cyber security initiatives and how we can help keep your business safe and secure.

Is Your Business #PrivacyAware? 3 Easy To Implement Privacy Tips

Data Privacy Day celebrated annually on January 28th, is an international effort to empower individuals to respect privacy, safeguard data, and enable trust. Don’t think of #DataPrivacyDay as just another “social media holiday”. Think of it as a chance to review the privacy policies currently in place at your business. Are there ways you can improve? Raise the level of data security? At Braver, we think data privacy and security are of the utmost importance. That’s why to celebrate Data Privacy Day, we’re sharing 3 easy to implement privacy tips so you can stay #PrivacyAware.

Tip #1: Enable Dual-Factor Authentication

Where possible, we suggest enabling two-factor authentication. Most standard security procedures only require a simple username and password. Because of this, it has become easier for criminals to gain access to a user’s private data. Two-factor authentication allows you an extra level of security and protection.

Just like a normal log-in process, two-factor authentication is completed after your username and password are entered. Based on the type of two-factor authentication you are using, you can be prompted to enter a numerical code, provide a thumbprint, or take a photo for facial recognition. It can be a little time consuming to complete each time you want to log in, but the extra level of protection is worth it.

Tip #2: Create Complex Passwords

Password complexity is one of the easiest ways to step up your security. For example, if your password is “Password123”, you might want to consider something a bit more complex! At the absolute minimum, your passwords should include the following:

  • Lowercase characters
  • Uppercase characters
  • Numbers
  • Punctuation
  • “Special” characters (@, #, $, %, &, etc.)
  • 8 – 15 alphanumeric characters

We also recommend changing your passwords every quarter and using different passwords for your business and personal accounts. For more password Dos and Don’ts and to understand how passwords are a big part of HIPAA compliance, check out our deep dive here.

Tip #3: Updates Software and Hardware Regularly

All good things must come to an end, including the business software and hardware that you have likely been using for years. In the tech field, we call this End of Life. This basically means that the developer will no longer issue security updates, fix bugs and flaws, or offer support.

Leaving your device or network open and vulnerable to cyber attacks is never a good thing. That’s why we recommend following the developer’s guidelines for updating on time.

While technically you can still use your computer after the End of Life deadline, it comes with incredible risk. After the deadline, your computer will be vulnerable to exploits, bugs, and viruses. If you choose to be daring and not update and then find yourself with an issue, you will likely receive no help from Microsoft.

FYI to our Windows 7 and Windows Server 2008 users: End of Life is quickly approaching! Find out when and how you can start an upgrade plan today.

Please use these tips to make sure your business is #PrivacyAware. For more tech tips, please follow our blog, or contact us for more info.

We Take Proactive Security Measures. You Should Too.

When was the last time you changed your password?  

Do you have two-factor authentication set up for your accounts? 

Are you protected against cyber-attacks? 

Are you now slightly panicked because you’re not sure if you’ve done ANY of these things for your business? 

Never fear, Braver is here. 

Our Level 1 Priority Care service includes security protocols and professional recommendations to ensure that you have the best protection available. Based on your industry and daily operations, we develop a security plan that works best for you and your employees. 

Here are just some of the proactive security measures that Braver takes to protect your business, your data, and your employees. 

PS: We follow all these protocols in-house, so you know they’re the best. 

Dual Factor Authentication 

Just like a normal log-in process, two-factor authentication is completed after your username and password are entered. Based on the type of two-factor authentication you are using, you can be prompted to enter a numerical code, provide a thumbprint, or take a photo for facial recognition. It can be a little time consuming to complete each time you want to log in, but the extra level of protection is worth it.  

The main benefit of using two-factor authentication is the extra security because of the peace of mind it provides. If a cybercriminal was able to get ahold of your password, they would have no luck accessing any information because of your unique two-factor authentication code or key. This is especially useful in the case of physical theft of a computer or laptop.  

In addition, you can set up two-factor authentication for your business or personal social media accounts. Two-factor authentication also works well with software applications like Quickbooks or the CRM of your choice.  

Disaster Recovery  

With Braver, you can rest assured that your data is safe and secure with our Ready Vault: Backup and Recovery Service. Our bullet-proof system not only backs up your data as often as every fifteen minutes but in the event of a server malfunction, it can assume the role of that server, while still performing incremental backups. This means your network is still up while your server is being fixed and parts are being ordered. 

To ensure that your data is protected in any disaster, the Ready Vault device encrypts and can archive your data at our off-site data centers incrementally 

 

CyberKnight Security Suite  

Cybercriminals are attacking businesses every day, stealing information and holding companies for ransom. Your information could be out there on the dark web and be used to find vulnerabilities in your network. With CyberKnight Cyber Security Suite we can track, monitor, and close security vulnerabilities while working to reduce liabilities and keep your data safe.  

In a world where everything is connected, it is important to protect your network assets and understand where vulnerabilities lie. Using proprietary technology, CyberKnight Security Suite from Braver Technology reveals vulnerabilities within your business in real time. CyberKnight allows you to make improved security choices for your employees and customers now and in the future.  

For business owners, CyberKnight is the most comprehensive security tool because we provide you with enterprise-level technology and security education at a small business price. 

Password Security and Exchange Policies  

If you are reading this, there’s a good chance that you (or one of your coworkers) has their passwords and login information on a Post-It note taped to their desk.   

While displaying passwords out in the open is unfortunately common in most offices (even the Boston Red Sox are guilty) it leaves you open to data breaches and if you are in the medical field, costly HIPAA violations. We recommend creating secure, complex passwords and that you update them frequently.

We also follow a specific security protocol for password change requests. For our clients, all password changes and other security-related requests must be confirmed by the client’s main contact. This extra security measure is to ensure that all requests are legitimate and that the main contact is aware of all requests for sensitive information. We recommend implementing this security protocol in your own business for sensitive information requests.

This policy is just one of the many that we use to keep data secure, and our clients protected.

If you have any questions about this policy update or any of our security protocols, please contact us.

 

5 Tips For Safe Online Shopping This Holiday Season

‘Twas the night before Christmas, when all through the house

Shoppers were clicking, with touchpads and with mouse.

The online shopping carts were filled with care,

with hopes that discounts and deals would soon be there…

Holiday shopping season is upon us once again, and if you are one of the 174 million Americans who shopped last year, you likely have a detailed list of gifts set up to purchase already. Online shopping is the preferred method to take advantage of the season’s deals when massive lines and crowded stores can put a damper on your holiday spirit. However, cybercriminals love holiday shopping as much as you do. They work to make a profit off the increase in e-commerce activity around the holidays.

When it comes to being safe and secure online, you can never be too careful. Check out these 5 safe online shopping tips to make sure that you don’t get Grinched this holiday season.

5 Safe Online Shopping Tips

 

1. Deck The Halls With Security Updates

It’s a good idea to update the software on your computer before you start shopping. This includes your OS, browser, and any other web applications. If you are planning to do any shopping from your mobile phone or tablet, the same rule applies. This is to ensure that your device, and your sensitive data, are protected.

2. Check That Link (And Check It Twice)

Retail emails are a great way to be the first to know about discounts and new products. However, beware of emails that come from unfamiliar websites. It could be a phishing scheme designed to trick you into clicking a link and entering personal and financial data. If you see a deal that is just too good to be true, type the website name into your browser, and then shop with confidence.

3. ‘Appy Holidays

Make sure any e-commerce apps you plan to use are downloaded from a trusted source, like the Apple App Store, Google Play or Amazon App Store. Note the “permissions” that will pop up when you download an app. Make sure to read through them and see if they make sense. You can also look at the feedback in the comments section of the app and choose ones with high ratings.

4. No Place Like Home For The Holidays

There is no place like home for the holidays, especially when shopping online. Having a secure network connection is ideal, so plan to do most of your shopping on your home network. Public Wi-Fi can easily be hacked, exposing your sensitive data cybercriminals, who are definitely on the naughty list this year.

5. Secure Season’s Greetings

You are likely to shop from several websites this holiday season, but it is important to ensure that they are secure. It’s very easy to check this if you know where to look! Check out the URL of every website you plan to shop from. If you see a lock icon and the word “secure” next to the URL, then you can shop with confidence.

 

Be sure to share these tips with others and spread the word about online holiday shopping security!

What is Social Engineering and Why Should You Care?

Small business owners may think that while their network and systems are safe from malware, they have nothing to worry about. However, they may not be prepared for social engineering.  Social engineering, a form of cyber crime, is used to steal personal information from users. It goes beyond just phishing scams, using more complex methods to steal information.

Here are some common social engineering scams you should know.

Phishing

This is the most frequently used social engineering attack, especially against small businesses.

How is phishing carried out? Criminals make use of emails, phone calls, or text messages to steal money. Victims are directed to phony websites or hotlines and are tricked into giving away sensitive information. Information like names, addresses, login information, social security, and credit card numbers can all be compromised.

To protect yourself, be wary of emails from people you don’t know that offer you a prize, come with attachments you didn’t request, direct you to suspicious sites, or urge you to act quickly. Phishing emails usually appear to come from reliable sources.

One of the most infamous and widespread examples of phishing was during the 2016 Summer Olympics in Rio, where victims received fraudulent emails for fake ticketing services that stole their personal and financial information.

Tailgating

What’s the fastest and easiest way for criminals to enter a secure office? Through the front door, of course! Tailgating happens when an employee holds the door open for strangers and unauthorized visitors, allowing them to infiltrate an organization. This simple act of kindness enables fraudsters to enter restricted areas, access computers when no one is looking, or leave behind devices for snooping.

Quid pro quo

Here, scam artists offer a free service or a prize in exchange for information. They may lure their victims with a gift or special offer in exchange for login credentials, account details, passwords, and other important information. Or hackers may volunteer to fix their victims’ IT problems to get what they want. In most cases, the gifts or special offers are fake, but damages from stolen information are all too real.

Pretexting

Criminals who pretend to be someone else to steal information. They may pose as a telemarketer, tech support representative, co-worker, or police officer to fish out credit card information, bank account details, usernames, and passwords. The con artist may even convince the unsuspecting victim to apply for a loan over the phone to get more details from the victim. By gaining the person’s trust, the scammer can fool anyone into divulging company secrets.

Despite the many security measures available today, criminals and their social engineering schemes continue to haunt and harm many businesses. So, your best bet is to prepare for the worst. To protect sensitive information, educate yourself and be careful. Remember: If anything is too good to be true, it probably is!

Please contact us to learn more about our cyber security initiatives and how we can help keep your business safe and secure.

 

Are Your Passwords HIPAA Compliant? 

Are your passwords HIPAA compliant? HIPAA compliant password requirements are an often-overlooked component of an effective HIPAA compliance program. Along with a privacy and security program, strong passwords can go far in protecting sensitive health data.  

If you are reading this, there’s a good chance that you (or one of your coworkers) has their passwords and login information on a Post-It note taped to their desk.  

While displaying passwords out in the open is unfortunately common in most offices (even the Boston Red Sox are guilty) it leaves you open to data breaches and costly HIPAA violations.  

 

-via Boston.com 

 

HIPAA Password Requirements

Effective password management is an important part of your HIPAA compliance plan. In order for a password to be considered HIPAA complaint, it needs to meet the standards stated in the Administrative Safeguards section of the HIPAA Security Rule. 

PASSWORD MANAGEMENT – § 164.308(a)(5)(ii)(D)

The last addressable specification in this standard is Password Management. Where this
implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must implement: 

“Procedures for creating, changing, and safeguarding passwords.” 

In addition to providing a password for access, entities must ensure that workforce
members are trained on how to safeguard the information. Covered entities must train all
users and establish guidelines for creating passwords and changing them during periodic
change cycles. 

Sample questions for covered entities to consider: 

Are there policies in place that prevent workforce members from sharing
passwords with others? 

Is the workforce advised to commit their passwords to memory? 

Are common sense precautions taken, such as not writing passwords down
and leaving them in areas that are visible or accessible to others? 

 

The HIPAA Security rule mandates that you MUST have some kind of password plan in place but does not require a specific plan. This allows you to develop, with your technology service provider, a plan that meets the needs of your employees and your practice.  

How To Create A Secure Password

Here are some basic Dos and Don’ts when it comes to passwords that are complex and HIPAA compliant. 

DOS

  • DO change your system-level passwords (Windows Administrator, application administer accounts, etc. )  on a quarterly basis  
  • DO change your user-level passwords (email, desktop computer, etc. ) at least every six months  
  • DO create passwords that meet at least three of the five following character classes: 
    • Lowercase characters 
    • Uppercase characters 
    • Numbers 
    • Punctuation 
    • “special” characters (@, #, $, %, &, etc. ) 
  • DO create passwords that are at least 8-15 alphanumeric characters  
  • DO use different passwords for your business accounts and your personal accounts 
  • DO create passwords that are easy to remember. One way to do this is to create a password based on a song title, affirmation, or another phrase. For example, the phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation. (P.S. DON’T use either of these examples as your actual password!) 

 DON’TS 

  • DON’T share your business passwords with anyone. All passwords should be treated as sensitive and confidential information. 
  • DON’T write down or store your passwords online without encryption 
  • DON’T reveal a password in email, chat, or other electronic communication 
  • DON’T hint at the format of a password (“my family name”) 

If you are feeling inspired to update your password plan and policies, please contact us for more information. You can also discover if your company data and passwords are available on the Dark Web with our free scan 

Lock It Down: How To Secure Your Accounts With Two-Factor Authentication

Most standard security procedures only require a simple username and password. Because of this,  it has become easier for criminals to gain access to a user’s private data. Two-factor authentication allows you an extra level of security and protection. 

What is Two Factor Authentication? 

An extra layer of security known as “multi-factor authentication”. 

Also known as 2FA, two-factor authentication is a tool that can be used to add a second level of security to online accounts. Two-factor authentication also works to secure software programs and hardware like laptops or cell phones. It requires a password and username and something that only the user has on them, i.e. a piece of information only they should know or have immediately on hand. 

How Does Two Factor Authentication Work? 

Just like a normal log-in process, two-factor authentication is completed after your username and password are entered. Based on the type of two-factor authentication you are using, you can be prompted to enter a numerical code, provide a thumbprint, or take a photo for facial recognition. It can be a little time consuming to complete each time you want to log in, but the extra level of protection is worth it. 

What Are The Benefits of Using Two Factor Authentication? 

The main benefit of using two-factor authentication is the extra security because of the peace of mind it provides. If a cybercriminal was able to get ahold of your password, they would have no luck accessing any information because of your unique two-factor authentication code or key. This is especially useful in the case of physical theft of a computer or laptop. 

In addition, you can set up two-factor authentication for your business or personal social media accounts. Two-factor authentication also works well with software applications like Quickbooks or the CRM of your choice. 

 

If you have any questions, please contact us with any questions on two-factor authentication, cybersecurity, or data protection.  

Call: (508) 824-2260
Email: askthegeek@bravertechnology.net
Web: Contact Us!